Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Kunterbunt verseucht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.05.2010, 21:17   #1
freeshowdown
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Hallo.
Mein Rechner ist seit Kurzem ziemlich verseucht.
Pornnude etc. , irgendwelche "Sicheitscenter" etc.
Ich habe hier zwar einiges gefunden, aber nichts passte so richtig.
Ich hoffe, ich verstoße nicht gegen irgendwelche Regeln.

Ich muss dazu sagen, dass ich ziemlich wenig Ahnung von dem Thema habe und quasi eine Art "Hilfe für Computerdummies" brauchen könnte.

Zumindest hab ich schopn mal verstanden, dass ich ein Logfile erstellen und hier posten soll.
Also bitte:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:47 PM, on 5/1/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\tom\newfile\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.domain.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [asrkn_pfu.exe] C:\Users\tom\AppData\Local\Temp\asrkn_pfu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3277955077-710526907-2169692316-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'emmaruna')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Intertops Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\IntertopsMPP\MPPoker.exe (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - hxxp://affiliates.betcris.com/Iovation/StmOCXiovation.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - hxxp://www.lokalisten.de/iup/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 11088 bytes


Ferner sollte ich noch erwähnen, dass ich lediglich so einen kostenlosen Schutz (Avasti= habe, was vielleicht nicht ausreichen könnte.
Auch hier bin ich dankbar für nen Tip, wie ich meinen Schutz verbessern kann, ohne viel investieren zu müssen (arbeitslos).

Vielen Dank.

Alt 01.05.2010, 22:31   #2
StLB
/// Helfer-Team
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Hi und !

Avast ist als Virenschutz voll ausreichend, besser als gewisse kostenpflichtige Security-Suites.

Dann schauen wir mal, was sich auf deinem Rechner so abspielt:


1.) Malwarebytes' Anti-Malware
  • Installiere gemäß der Anleitung Malwarebytes' Anti-Malware
  • Starte das Programm -> Sollte es Probleme geben: Malwarebytes' Anti-Malware startet nicht
  • Aktualisiere vor jedem Scan die Datenbank! (Reiter Aktualisierung -> Suche nach Aktualisierungen - derzeit ist Version 4052 aktuell)
  • Starte nun im Reiter Suchlauf einen Quick-Scan
  • Poste das Logfile unter Logdateien hier im Thread.

2.) Systemscan mit OTL

Lade Dir dann bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.


Unterlasse bitte in der nächsten Zeit größere Internetaktivitäten von deinem verseuchten Rechner aus.
Denn aufgrund fehlender ServicePacks für dein Vista kann sich der Rechner schnell eine weitere "Seuche" holen.
__________________

__________________

Alt 02.05.2010, 11:04   #3
freeshowdown
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Zunächst mal schönen Dank. Ich finde es klasse, dass es Menschen wie euch gibt, die mir hier so schnell helfen.
Ich werd auch was donaten, wenn ich eine Zahlungsmöglichkeit gefunden habe, die ich auch nutzen kann. (Neteller wäre mir lieb).

Hier also das file von mbam:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4058

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

5/2/2010 12:00:37 PM
mbam-log-2010-05-02 (12-00-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152900
Laufzeit: 9 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 39

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Protection (Rogue.DigitalProtection) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> No action taken.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asrkn_pfu.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\Digital Protection (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> No action taken.
C:\Windows\PRAGMAlyrxxiwrwn (Trojan.DNSChanger) -> No action taken.

Infizierte Dateien:
C:\Users\tom\AppData\Local\Temp\asrkn_pfu.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\tom\AppData\Local\Temp\asd311D.tmp.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Digital Protection\about.ico (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\activate.ico (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\buy.ico (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\dig.db (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\digext.dll (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\dighook.dll (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\dighook.dll.vir (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\digprot.exe (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\digprot.exe.vir (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\help.ico (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\scan.ico (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\settings.ico (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\splash.mp3 (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\Uninstall.exe (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\update.ico (Rogue.DigitalProtection) -> No action taken.
C:\Program Files\Digital Protection\virus.mp3 (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> No action taken.
C:\Windows\PRAGMAlyrxxiwrwn\PRAGMAcfg.ini (Trojan.DNSChanger) -> No action taken.
C:\Windows\PRAGMAlyrxxiwrwn\PRAGMAd.sys.vir (Trojan.DNSChanger) -> No action taken.
C:\ProgramData\pragmamfeklnmal.dll (Rootkit.TDSS) -> No action taken.
C:\Users\tom\AppData\Local\Temp\pragmamainqt.dll (Rootkit.TDSS) -> No action taken.
C:\Windows\Temp\pragmamainqt.dll (Rootkit.TDSS) -> No action taken.
C:\Users\tom\AppData\Local\Temp\PRAGMA7f4d.tmp (Trojan.DNSChanger) -> No action taken.
C:\Users\tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\Desktop\Digital Protection.LNK (Rogue.DigitalProtection) -> No action taken.
C:\Users\tom\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
C:\ProgramData\fiosejgfse.dll (Rogue.Trace) -> No action taken.
C:\Users\tom\Desktop\nudetube.com.lnk (Rogue.Link) -> No action taken.
C:\Users\tom\Desktop\pornotube.com.lnk (Rogue.Link) -> No action taken.
C:\Users\tom\Desktop\youporn.com.lnk (Rogue.Link) -> No action taken.



Und hier das (einzige), was OTL mir auswirft:

OTL logfile created on: 5/2/2010 12:01:09 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\tom\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 327.35 Gb Total Space | 226.90 Gb Free Space | 69.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM-PC
Current User Name: tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SpyHunter3 Service) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = freeshowdown. Pokeranbieter im Vergleich. Pokerschule, Poker Test
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.freeshowdown.com"
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 13:18:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 11:41:29 | 000,000,000 | ---D | M]

[2010/04/30 09:38:07 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Extensions
[2010/05/01 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions
[2010/04/30 13:15:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 13:22:58 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/04/30 13:22:58 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/04/30 13:17:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/04/30 13:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2008/03/18 01:52:40 | 000,000,276 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Mozilla\FireFox\Profiles\dzp0l3gy.default\searchplugins\search.xml
[2010/05/01 22:17:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007/03/13 08:54:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/01/12 20:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll
[2007/06/11 17:15:58 | 002,115,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll
[2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/03/24 14:21:08 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [asrkn_pfu.exe] C:\Users\tom\AppData\Local\Temp\asrkn_pfu.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe ()
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range23 ([*] in Lokales Intranet)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (isInstalled Class)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} hxxp://affiliates.betcris.com/Iovation/StmOCXiovation.cab (Stm Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tom\Pictures\TRLSPH.jpg
O24 - Desktop BackupWallPaper: C:\Users\tom\Pictures\TRLSPH.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\K - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/02 11:50:02 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Malwarebytes
[2010/05/02 11:49:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/02 11:49:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/02 11:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/02 11:49:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/05/01 12:48:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Simply Super Software
[2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Simply Super Software
[2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/05/01 12:44:08 | 000,000,000 | ---D | C] -- C:\Programme\Digital Protection
[2010/05/01 12:34:18 | 000,000,000 | ---D | C] -- C:\Windows\PRAGMAlyrxxiwrwn
[2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/04/30 13:18:25 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan
[2010/04/29 08:19:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/25 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Downloads
[2010/04/25 15:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010/04/25 15:17:30 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/04/21 11:18:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010/04/20 16:16:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Player
[2010/04/20 16:16:05 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010/04/19 17:29:18 | 000,000,000 | ---D | C] -- C:\Linus
[2010/04/14 03:11:16 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 03:11:15 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 03:11:09 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 03:11:05 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 03:11:05 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/14 03:10:59 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/14 03:10:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/02 12:02:12 | 003,407,872 | -HS- | M] () -- C:\Users\tom\NTUSER.DAT
[2010/05/02 12:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2010/05/02 11:56:40 | 000,000,544 | ---- | M] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk
[2010/05/02 11:49:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/02 11:49:11 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/02 11:49:10 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/02 11:49:10 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/05/02 11:49:10 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/05/02 11:49:10 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/02 11:45:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/02 11:42:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/02 11:42:53 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 11:42:52 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 11:42:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/02 11:42:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/02 11:42:35 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/01 22:36:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/01 22:36:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/01 22:36:24 | 003,373,036 | -H-- | M] () -- C:\Users\tom\AppData\Local\IconCache.db
[2010/05/01 22:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/01 21:35:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/01 21:35:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/01 20:56:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/01 20:56:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/01 20:05:18 | 000,001,793 | ---- | M] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk
[2010/05/01 20:05:18 | 000,000,881 | ---- | M] () -- C:\Users\tom\Desktop\Digital Protection.lnk
[2010/05/01 20:04:56 | 000,001,765 | ---- | M] () -- C:\Users\tom\Desktop\pornotube.com.lnk
[2010/05/01 20:04:56 | 000,001,761 | ---- | M] () -- C:\Users\tom\Desktop\nudetube.com.lnk
[2010/05/01 20:04:56 | 000,001,757 | ---- | M] () -- C:\Users\tom\Desktop\youporn.com.lnk
[2010/05/01 13:49:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/01 13:49:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/01 13:35:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/01 13:35:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/01 12:57:13 | 000,001,048 | ---- | M] () -- C:\ProgramData\fiosejgfse.dll
[2010/05/01 12:48:49 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/05/01 12:34:20 | 000,001,161 | ---- | M] () -- C:\ProgramData\pragmamfeklnmal.dll
[2010/05/01 11:57:54 | 000,002,531 | ---- | M] () -- C:\Users\tom\Desktop\HoldemManager.lnk
[2010/05/01 00:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/01 00:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/04/30 13:18:27 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/04/30 13:18:27 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/04/30 09:37:58 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 00:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/04/30 00:07:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 00:38:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/04/29 00:38:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/04/28 13:07:33 | 000,002,545 | ---- | M] () -- C:\Users\tom\Desktop\Paint Shop Pro 7.lnk
[2010/04/27 23:30:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/04/27 23:30:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/04/26 22:55:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/04/26 22:55:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/04/26 01:55:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/04/26 01:55:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/04/25 15:18:55 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/25 01:26:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/04/25 01:26:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/04/24 01:20:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/04/24 01:20:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/04/23 00:53:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/04/23 00:53:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/04/21 20:50:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/04/21 20:50:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/04/20 12:19:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/04/20 12:19:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/04/20 12:14:34 | 000,029,184 | ---- | M] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 00:21:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/04/20 00:21:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/04/19 20:22:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/04/19 17:06:16 | 000,178,176 | ---- | M] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc
[2010/04/19 01:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/04/19 01:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/04/18 00:31:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/04/18 00:31:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/04/17 18:28:33 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/16 23:59:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/04/16 23:59:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/04/14 17:06:38 | 000,001,704 | ---- | M] () -- C:\Users\tom\Desktop\WinTer.LNK
[2010/04/14 13:11:08 | 000,022,016 | ---- | M] () -- C:\Users\tom\Documents\meisner1.doc
[2010/04/14 13:03:51 | 000,020,480 | ---- | M] () -- C:\Users\tom\Documents\meisner3.doc
[2010/04/14 11:00:41 | 000,002,208 | ---- | M] () -- C:\Users\tom\Kalender von tom.ics
[2010/04/13 08:48:37 | 000,019,968 | ---- | M] () -- C:\Users\tom\Documents\meisner2.doc
[2010/04/12 14:50:50 | 000,002,048 | ---- | M] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF
[2010/04/10 13:09:08 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/02 11:56:40 | 000,000,544 | ---- | C] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk
[2010/05/02 11:49:46 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 20:05:18 | 000,001,793 | ---- | C] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk
[2010/05/01 20:05:18 | 000,000,881 | ---- | C] () -- C:\Users\tom\Desktop\Digital Protection.lnk
[2010/05/01 20:04:56 | 000,001,765 | ---- | C] () -- C:\Users\tom\Desktop\pornotube.com.lnk
[2010/05/01 20:04:56 | 000,001,761 | ---- | C] () -- C:\Users\tom\Desktop\nudetube.com.lnk
[2010/05/01 12:50:46 | 000,001,048 | ---- | C] () -- C:\ProgramData\fiosejgfse.dll
[2010/05/01 12:48:49 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/05/01 12:48:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/05/01 12:48:47 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/05/01 12:48:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/05/01 12:48:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/05/01 12:44:02 | 000,001,757 | ---- | C] () -- C:\Users\tom\Desktop\youporn.com.lnk
[2010/05/01 12:34:20 | 000,001,161 | ---- | C] () -- C:\ProgramData\pragmamfeklnmal.dll
[2010/04/30 13:18:27 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/04/30 13:18:27 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/04/30 09:37:58 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/25 15:18:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/19 17:02:04 | 000,178,176 | ---- | C] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc
[2010/04/17 18:28:33 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/14 17:06:38 | 000,001,704 | ---- | C] () -- C:\Users\tom\Desktop\WinTer.LNK
[2010/04/14 11:00:41 | 000,002,208 | ---- | C] () -- C:\Users\tom\Kalender von tom.ics
[2010/04/13 08:48:48 | 000,020,480 | ---- | C] () -- C:\Users\tom\Documents\meisner3.doc
[2010/04/13 08:35:11 | 000,019,968 | ---- | C] () -- C:\Users\tom\Documents\meisner2.doc
[2010/04/13 08:22:16 | 000,022,016 | ---- | C] () -- C:\Users\tom\Documents\meisner1.doc
[2010/04/12 14:50:50 | 000,002,048 | ---- | C] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF
[2010/04/10 13:09:08 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/01/05 00:49:17 | 000,000,046 | ---- | C] () -- C:\Windows\winter.ini
[2008/11/20 13:40:44 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2008/08/24 20:23:41 | 000,139,776 | ---- | C] () -- C:\Windows\System32\ZipDll.dll
[2008/08/24 20:23:41 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008/08/24 20:23:40 | 000,000,550 | ---- | C] () -- C:\Windows\Uninstall Terminplaner.ini
[2008/06/24 18:14:53 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2008/05/17 03:01:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/03/18 11:43:07 | 000,000,328 | ---- | C] () -- C:\Windows\wininit.ini
[2008/02/14 02:30:57 | 000,000,767 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/13 20:38:18 | 000,001,699 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2007/03/13 08:58:55 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007/02/13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/07/13 08:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp3.eml:OECustomProperty
@Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp2.eml:OECustomProperty
@Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp1.eml:OECustomProperty
@Alternate Data Stream - 81 bytes -> C:\Program Files\DoylesRoom:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Simply Super Software:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\PacificPoker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\LongsSHCTrainerV0.9.18[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\kaan.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Fibu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\fb.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Camtasia Studio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\WebTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\spiele:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Seltene Anwendungen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerRooms:Roxio EMC Stream
@Alternate Data Stream - 590 bytes -> C:\Users\tom\Documents\april08.eml:OECustomProperty
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
__________________

Alt 02.05.2010, 11:17   #4
StLB
/// Helfer-Team
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Zitat:
-> No action taken.
Lass die Funde von Malwarebytes bitte entfernen, falls noch nicht geschehen.

Erstell mir danach bitte ein neues OTL-Log. In diesem sind die ganzen Funde von Malwarebytes noch enthalten.
__________________
Gruß, Julian

Kein Support per PM!

Spendemöglichkeit: Make a Donation

Geändert von StLB (02.05.2010 um 11:29 Uhr)

Alt 02.05.2010, 11:53   #5
freeshowdown
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



done


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4058

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

5/2/2010 12:54:59 PM
mbam-log-2010-05-02 (12-54-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152900
Laufzeit: 9 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 39

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asrkn_pfu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Windows\PRAGMAlyrxxiwrwn (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\tom\AppData\Local\Temp\asrkn_pfu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Local\Temp\asd311D.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\about.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\activate.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\buy.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\dig.db (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\digext.dll (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\dighook.dll (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\dighook.dll.vir (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\digprot.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\digprot.exe.vir (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\help.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\scan.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\settings.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\splash.mp3 (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\Uninstall.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\update.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Program Files\Digital Protection\virus.mp3 (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Windows\PRAGMAlyrxxiwrwn\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\PRAGMAlyrxxiwrwn\PRAGMAd.sys.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\pragmamfeklnmal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Local\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Local\Temp\PRAGMA7f4d.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\Desktop\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\tom\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\fiosejgfse.dll (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Users\tom\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\tom\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\tom\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.


Alt 02.05.2010, 12:11   #6
StLB
/// Helfer-Team
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Ok, erstell mir bitte jetzt ein neues OTL-Logfile, um zu sehen ob das Rootkit noch da ist.
__________________
--> Kunterbunt verseucht

Alt 02.05.2010, 12:25   #7
freeshowdown
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



OK. Bevor ich das OTL-Log poste wollte ich noch anmerken, dass sich beim Start meines Rechner jetzt immer ein "Mcafee security scan" öffnet, von dem ich nicht weiß, wo der herkommt.

OTL logfile created on: 5/2/2010 1:22:02 PM - Run 2
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\tom\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 327.35 Gb Total Space | 227.08 Gb Free Space | 69.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM-PC
Current User Name: tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SpyHunter3 Service) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freeshowdown.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.freeshowdown.com"
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/02 13:14:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 11:41:29 | 000,000,000 | ---D | M]

[2010/04/30 09:38:07 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Extensions
[2010/05/01 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions
[2010/04/30 13:15:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 13:22:58 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/04/30 13:22:58 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/04/30 13:17:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/04/30 13:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2008/03/18 01:52:40 | 000,000,276 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Mozilla\FireFox\Profiles\dzp0l3gy.default\searchplugins\search.xml
[2010/05/02 13:14:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007/03/13 08:54:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/01/12 20:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll
[2007/06/11 17:15:58 | 002,115,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll
[2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/03/24 14:21:08 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe ()
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range23 ([*] in Lokales Intranet)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (isInstalled Class)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} hxxp://affiliates.betcris.com/Iovation/StmOCXiovation.cab (Stm Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tom\Pictures\TRLSPH.jpg
O24 - Desktop BackupWallPaper: C:\Users\tom\Pictures\TRLSPH.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\K - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/02 11:50:02 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Malwarebytes
[2010/05/02 11:49:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/02 11:49:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/02 11:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/02 11:49:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/05/01 12:48:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Simply Super Software
[2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Simply Super Software
[2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/04/30 13:18:25 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan
[2010/04/29 08:19:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/25 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Downloads
[2010/04/25 15:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010/04/25 15:17:30 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/04/21 11:18:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010/04/20 16:16:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Player
[2010/04/20 16:16:05 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010/04/19 17:29:18 | 000,000,000 | ---D | C] -- C:\Linus
[2010/04/14 03:11:16 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 03:11:15 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 03:11:09 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 03:11:05 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 03:11:05 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/14 03:10:59 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/14 03:10:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/02 13:21:58 | 003,407,872 | -HS- | M] () -- C:\Users\tom\NTUSER.DAT
[2010/05/02 13:08:11 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/05/02 13:08:11 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/02 13:02:12 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/02 13:02:12 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/05/02 13:02:12 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/02 13:02:12 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/05/02 13:02:12 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/02 13:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2010/05/02 12:59:58 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/02 12:59:10 | 000,002,531 | ---- | M] () -- C:\Users\tom\Desktop\HoldemManager.lnk
[2010/05/02 12:57:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/02 12:57:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/02 12:57:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 12:57:28 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 12:57:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/02 12:57:14 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/02 12:56:07 | 003,254,549 | -H-- | M] () -- C:\Users\tom\AppData\Local\IconCache.db
[2010/05/02 12:56:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/02 12:56:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/02 12:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/02 11:56:40 | 000,000,544 | ---- | M] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk
[2010/05/02 11:49:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 22:36:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/01 22:36:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/01 21:35:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/01 21:35:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/01 20:56:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/01 20:56:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/01 20:05:18 | 000,001,793 | ---- | M] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk
[2010/05/01 13:49:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/01 13:49:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/01 13:35:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/01 13:35:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/01 12:48:49 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/05/01 00:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/01 00:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/04/30 09:37:58 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 00:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/04/30 00:07:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 00:38:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/04/29 00:38:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/04/28 13:07:33 | 000,002,545 | ---- | M] () -- C:\Users\tom\Desktop\Paint Shop Pro 7.lnk
[2010/04/27 23:30:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/04/27 23:30:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/04/26 22:55:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/04/26 22:55:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/04/26 01:55:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/04/26 01:55:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/04/25 15:18:55 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/25 01:26:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/04/25 01:26:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/04/24 01:20:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/04/24 01:20:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/04/23 00:53:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/04/23 00:53:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/04/21 20:50:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/04/21 20:50:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/04/20 12:19:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/04/20 12:19:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/04/20 12:14:34 | 000,029,184 | ---- | M] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 00:21:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/04/20 00:21:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/04/19 20:22:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/04/19 17:06:16 | 000,178,176 | ---- | M] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc
[2010/04/19 01:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/04/19 01:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/04/18 00:31:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/04/18 00:31:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/04/17 18:28:33 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/14 17:06:38 | 000,001,704 | ---- | M] () -- C:\Users\tom\Desktop\WinTer.LNK
[2010/04/14 13:11:08 | 000,022,016 | ---- | M] () -- C:\Users\tom\Documents\meisner1.doc
[2010/04/14 13:03:51 | 000,020,480 | ---- | M] () -- C:\Users\tom\Documents\meisner3.doc
[2010/04/14 11:00:41 | 000,002,208 | ---- | M] () -- C:\Users\tom\Kalender von tom.ics
[2010/04/13 08:48:37 | 000,019,968 | ---- | M] () -- C:\Users\tom\Documents\meisner2.doc
[2010/04/12 14:50:50 | 000,002,048 | ---- | M] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF
[2010/04/10 13:09:08 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/02 11:56:40 | 000,000,544 | ---- | C] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk
[2010/05/02 11:49:46 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 20:05:18 | 000,001,793 | ---- | C] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk
[2010/05/01 12:48:49 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/05/01 12:48:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/05/01 12:48:47 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/05/01 12:48:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/05/01 12:48:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/04/30 13:18:27 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/04/30 13:18:27 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/04/30 09:37:58 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/25 15:18:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/19 17:02:04 | 000,178,176 | ---- | C] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc
[2010/04/17 18:28:33 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/14 17:06:38 | 000,001,704 | ---- | C] () -- C:\Users\tom\Desktop\WinTer.LNK
[2010/04/14 11:00:41 | 000,002,208 | ---- | C] () -- C:\Users\tom\Kalender von tom.ics
[2010/04/13 08:48:48 | 000,020,480 | ---- | C] () -- C:\Users\tom\Documents\meisner3.doc
[2010/04/13 08:35:11 | 000,019,968 | ---- | C] () -- C:\Users\tom\Documents\meisner2.doc
[2010/04/13 08:22:16 | 000,022,016 | ---- | C] () -- C:\Users\tom\Documents\meisner1.doc
[2010/04/12 14:50:50 | 000,002,048 | ---- | C] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF
[2010/04/10 13:09:08 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/01/05 00:49:17 | 000,000,046 | ---- | C] () -- C:\Windows\winter.ini
[2008/11/20 13:40:44 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2008/08/24 20:23:41 | 000,139,776 | ---- | C] () -- C:\Windows\System32\ZipDll.dll
[2008/08/24 20:23:41 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008/08/24 20:23:40 | 000,000,550 | ---- | C] () -- C:\Windows\Uninstall Terminplaner.ini
[2008/06/24 18:14:53 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2008/05/17 03:01:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/03/18 11:43:07 | 000,000,328 | ---- | C] () -- C:\Windows\wininit.ini
[2008/02/14 02:30:57 | 000,000,767 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/13 20:38:18 | 000,001,699 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2007/03/13 08:58:55 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007/02/13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/07/13 08:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp3.eml:OECustomProperty
@Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp2.eml:OECustomProperty
@Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp1.eml:OECustomProperty
@Alternate Data Stream - 81 bytes -> C:\Program Files\DoylesRoom:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Simply Super Software:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\PacificPoker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\LongsSHCTrainerV0.9.18[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\kaan.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Fibu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\fb.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Camtasia Studio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\WebTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\spiele:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Seltene Anwendungen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerRooms:Roxio EMC Stream
@Alternate Data Stream - 590 bytes -> C:\Users\tom\Documents\april08.eml:OECustomProperty
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

Alt 02.05.2010, 13:01   #8
StLB
/// Helfer-Team
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Ok, das sieht nicht schlecht aus.
McAfee hast du dir wsl. selber runtergeladen.

Bitte folgende Programme entfernen: (Start -> Systemsteuerung -> "Programme und Funktionen")
- McAfee Security Scan
- Simply Super Software
- Trojan Remover

Die sind erstmal überflüssig, wenn du Avast hast.

Dann entfernen wir ein paar Punkte aus dem OTL-Log:

Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{35e0e386-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{35e0e39d-a3ab-11dd-a08c-001d7d292ab2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4181d8bb-a3ae-11dd-943b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da24f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da251-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da253-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da255-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da257-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{655da28f-8a31-11dd-b202-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9902b7be-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9902b7d8-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{9902b7dc-87fa-11dd-b0e2-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e4647d57-67ea-11de-9705-001d7d292ab2}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c429-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c43e-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c442-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell - "" = AutoRun
O33 - MountPoints2\{e7e6c444-8a2d-11dd-8dc7-001d7d292ab2}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
[2010/05/01 20:05:18 | 000,001,793 | ---- | C] () -- C:\Users\tom\Desktop\Digital Protection Support.lnk
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Run Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere nun den Inhalt hier in Deinen Thread


Nun bitte einen Rootkitscan mit GMER durchführen, evtl. ist das TDSS.Rootkit noch nicht ganz entfernt.


Poste mit bitte:
- Logfile von "Fixen mit OTL"
- Logfile von GMER
__________________
Gruß, Julian

Kein Support per PM!

Spendemöglichkeit: Make a Donation

Alt 02.05.2010, 17:06   #9
freeshowdown
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Es gibt einige Probleme:

1. Simply super Software finde ich unter "Programme" in der Systemsteuerung nicht.
2. Ich habe den Text eingefügt (OTL) und dann Run Fix geklickt.
Es tut sich zwar was (alle desktop icons verschwinden), aber dann passiert nix mehr. Wenn ich OTL schließen will, steht da nur (keine Rückmeldung).
3. Dann bleibt nur die Möglichkeit, den Rechner mit Gewalt runterzufahren.
4. Eine Textdadei erscheint dann nicht nach dem Neustart.

Habe jetzt nochmals einfach Run Scan gemacht und angefügt.

OTL logfile created on: 5/2/2010 5:07:34 PM - Run 3
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\tom\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 327.35 Gb Total Space | 227.83 Gb Free Space | 69.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM-PC
Current User Name: tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()


========== Modules (SafeList) ==========

MOD - C:\Users\tom\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SpyHunter3 Service) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freeshowdown.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.freeshowdown.com"
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/02 13:14:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 11:41:29 | 000,000,000 | ---D | M]

[2010/04/30 09:38:07 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Extensions
[2010/05/01 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions
[2010/04/30 13:15:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 13:22:58 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/04/30 13:22:58 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/04/30 13:17:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/04/30 13:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\mozilla\Firefox\Profiles\dzp0l3gy.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2008/03/18 01:52:40 | 000,000,276 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Mozilla\FireFox\Profiles\dzp0l3gy.default\searchplugins\search.xml
[2010/05/02 13:14:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007/03/13 08:54:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/01/12 20:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll
[2007/06/11 17:15:58 | 002,115,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll
[2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/03/24 14:21:08 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe ()
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programs\EmpirePokerMaster\EmpirePoker\RunEPoker.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range23 ([*] in Lokales Intranet)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (isInstalled Class)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} hxxp://affiliates.betcris.com/Iovation/StmOCXiovation.cab (Stm Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tom\Pictures\TRLSPH.jpg
O24 - Desktop BackupWallPaper: C:\Users\tom\Pictures\TRLSPH.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\K - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/02 16:54:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/02 11:50:02 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Malwarebytes
[2010/05/02 11:49:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/02 11:49:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/02 11:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/02 11:49:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/05/01 12:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/04/30 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/04/29 08:19:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/25 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\tom\Documents\Downloads
[2010/04/25 15:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010/04/25 15:17:30 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/04/21 11:18:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010/04/20 16:16:15 | 000,000,000 | ---D | C] -- C:\Programme\Karaoke Player
[2010/04/20 16:16:05 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010/04/19 17:29:18 | 000,000,000 | ---D | C] -- C:\Linus
[2010/04/14 03:11:16 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 03:11:15 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 03:11:09 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 03:11:05 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 03:11:05 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/14 03:10:59 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/14 03:10:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/02 17:08:48 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/05/02 17:08:48 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/02 17:08:48 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/05/02 17:08:48 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/02 17:08:47 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/02 17:07:39 | 003,407,872 | -HS- | M] () -- C:\Users\tom\NTUSER.DAT
[2010/05/02 17:04:52 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/02 17:02:28 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/02 17:02:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 17:02:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 17:02:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/02 17:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/02 17:01:57 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/02 17:00:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2010/05/02 16:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/02 12:59:10 | 000,002,531 | ---- | M] () -- C:\Users\tom\Desktop\HoldemManager.lnk
[2010/05/02 12:56:07 | 003,254,549 | -H-- | M] () -- C:\Users\tom\AppData\Local\IconCache.db
[2010/05/02 12:56:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/05/02 12:56:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/05/02 11:56:40 | 000,000,544 | ---- | M] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk
[2010/05/02 11:49:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 22:36:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/05/01 22:36:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/05/01 21:35:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/05/01 21:35:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/05/01 20:56:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/05/01 20:56:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/05/01 13:49:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/05/01 13:49:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/05/01 13:35:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/05/01 13:35:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/05/01 00:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/05/01 00:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/04/30 09:37:58 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 00:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/04/30 00:07:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 00:38:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/04/29 00:38:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/04/28 13:07:33 | 000,002,545 | ---- | M] () -- C:\Users\tom\Desktop\Paint Shop Pro 7.lnk
[2010/04/27 23:30:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/04/27 23:30:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/04/26 22:55:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/04/26 22:55:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/04/26 01:55:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/04/26 01:55:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/04/25 15:18:55 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/25 01:26:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/04/25 01:26:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/04/24 01:20:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/04/24 01:20:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/04/23 00:53:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/04/23 00:53:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/04/21 20:50:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/04/21 20:50:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/04/20 12:19:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/04/20 12:19:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/04/20 12:14:34 | 000,029,184 | ---- | M] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 00:21:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/04/20 00:21:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/04/19 20:22:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/04/19 17:06:16 | 000,178,176 | ---- | M] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc
[2010/04/19 01:42:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/04/19 01:42:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/04/18 00:31:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/04/18 00:31:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/04/17 18:28:33 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/14 17:06:38 | 000,001,704 | ---- | M] () -- C:\Users\tom\Desktop\WinTer.LNK
[2010/04/14 13:11:08 | 000,022,016 | ---- | M] () -- C:\Users\tom\Documents\meisner1.doc
[2010/04/14 13:03:51 | 000,020,480 | ---- | M] () -- C:\Users\tom\Documents\meisner3.doc
[2010/04/14 11:00:41 | 000,002,208 | ---- | M] () -- C:\Users\tom\Kalender von tom.ics
[2010/04/13 08:48:37 | 000,019,968 | ---- | M] () -- C:\Users\tom\Documents\meisner2.doc
[2010/04/12 14:50:50 | 000,002,048 | ---- | M] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF
[2010/04/10 13:09:08 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/02 11:56:40 | 000,000,544 | ---- | C] () -- C:\Users\tom\Desktop\OTL.exe - Verknüpfung.lnk
[2010/05/02 11:49:46 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 09:37:58 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/25 15:18:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/19 17:02:04 | 000,178,176 | ---- | C] () -- C:\Users\tom\Documents\NW Das Skelett des Menschen.doc
[2010/04/17 18:28:33 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/14 17:06:38 | 000,001,704 | ---- | C] () -- C:\Users\tom\Desktop\WinTer.LNK
[2010/04/14 11:00:41 | 000,002,208 | ---- | C] () -- C:\Users\tom\Kalender von tom.ics
[2010/04/13 08:48:48 | 000,020,480 | ---- | C] () -- C:\Users\tom\Documents\meisner3.doc
[2010/04/13 08:35:11 | 000,019,968 | ---- | C] () -- C:\Users\tom\Documents\meisner2.doc
[2010/04/13 08:22:16 | 000,022,016 | ---- | C] () -- C:\Users\tom\Documents\meisner1.doc
[2010/04/12 14:50:50 | 000,002,048 | ---- | C] () -- C:\Users\tom\Desktop\Verknüpfung mit Firmen1 in transpodata.MAF
[2010/04/10 13:09:08 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/01/05 00:49:17 | 000,000,046 | ---- | C] () -- C:\Windows\winter.ini
[2008/11/20 13:40:44 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2008/08/24 20:23:41 | 000,139,776 | ---- | C] () -- C:\Windows\System32\ZipDll.dll
[2008/08/24 20:23:41 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008/08/24 20:23:40 | 000,000,550 | ---- | C] () -- C:\Windows\Uninstall Terminplaner.ini
[2008/06/24 18:14:53 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2008/05/17 03:01:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/03/18 11:43:07 | 000,000,328 | ---- | C] () -- C:\Windows\wininit.ini
[2008/02/14 02:30:57 | 000,000,767 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/13 20:38:18 | 000,001,699 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2007/03/13 08:58:55 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007/02/13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/07/13 08:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp3.eml:OECustomProperty
@Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp2.eml:OECustomProperty
@Alternate Data Stream - 902 bytes -> C:\Users\tom\Documents\MailOut_Bsp1.eml:OECustomProperty
@Alternate Data Stream - 81 bytes -> C:\Program Files\DoylesRoom:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\PacificPoker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\LongsSHCTrainerV0.9.18[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\kaan.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Fibu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\fb.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Documents\Camtasia Studio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\WebTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\spiele:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\Seltene Anwendungen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerTools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\tom\Desktop\PokerRooms:Roxio EMC Stream
@Alternate Data Stream - 590 bytes -> C:\Users\tom\Documents\april08.eml:OECustomProperty
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >


Hab mir nun GMER runtergeladen.
Nach 5 Minuten Rootkit Scan ruckelt der Rechner, der Task manager lässt sich nicht öffnen, GMER schließt nicht.
Kann auch hier nur noch gewaltsam runterfahren.
Vielleicht ist das auch gar nicht GMER. Nennt sich 0t92vrc6.exe

Sorry, wenn ich das alles kompliziere, weil ich zu blöd bin.

Alt 03.05.2010, 07:27   #10
freeshowdown
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Edit:
Solange ich keinen GMER Scan, oder Run Fix OTL versuche, läuft alles.

Alt 03.05.2010, 19:38   #11
StLB
/// Helfer-Team
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Bitte mal diesen Rootkit-Scan probieren:

Rootkitscan mit Sophos Anti-Rootkit
  • Lade Sophos Anti-Rootkit-Scanner herunter.
  • Für den Download ist eine Registrierung notwendig.
  • Installiere Sophos Anti-Rootkit mit einem Doppelklick auf sarsfx.exe
  • Vista User: Rechtsklick auf sarsfx.exe ---> „Als Administrator ausführen“
  • Akzeptiere die Lizenzbestimmungen und lasse das Programm in den vorgegebenen Pfad c:\programme\sophos\sophos anti-rootkit installieren.
  • Öffne in diesem Ordner schließlich sargui.exe, um das Programm zu starten.
  • Lasse unter Area alle Optionen angehakt und klicke auf Start Scan.
  • Wenn der Scan fertig, beende Sophos Anti-Rootkit.
  • Öffne den Explorer und gib in die Adresszeile ein: %temp%
  • In diesem Ordner findest du sarscan.log
  • Öffne sie mit dem Notepad und poste mir den Inhalt in dem Thread.
__________________
Gruß, Julian

Kein Support per PM!

Spendemöglichkeit: Make a Donation

Alt 03.05.2010, 21:58   #12
freeshowdown
 
Kunterbunt verseucht - Standard

Kunterbunt verseucht



Hab leider übersehen, dass ich als admin öffnen sollte.
Habs dann aber erst mal durchlaufen lassen.

Falls ich das nochmals als admin machen muss, tuts mir leid und ich machs nochmals.


Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 03.05.2010 at 21:35:50
User "tom" on computer "TOM-PC"
Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SL8T7XN7\size=300x250&adsize=310x170&adsize=300x120&pageview=ng_outer&pageview=vi_repeated&tile=5107747915717197012345678910ab&trans actionID=5107747915717197012345678910ab[1]
Hidden: file C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10B9TUCV\s[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_repeated&tile=5107747915717197012345678910ab&transactionID=510774791571719701 2345678910ab
Stopped logging on 03.05.2010 at 22:55:10

Antwort

Themen zu Kunterbunt verseucht
adobe, antivirus, avast, avast!, bho, defender, desktop, explorer, google, gupdate, hijack, hijackthis, internet, internet explorer, local\temp, logfile, malware, nudetupe, packard bell, rundll, schutz, security, security scan, server, software, start menu, stick, symantec, system, temp, vista, wenig ahnung, windows




Ähnliche Themen: Kunterbunt verseucht


  1. Bin ich verseucht?
    Log-Analyse und Auswertung - 30.05.2010 (8)
  2. web.de verseucht?
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (3)
  3. Bin ich verseucht?
    Log-Analyse und Auswertung - 22.06.2009 (1)
  4. Bin ich verseucht????
    Log-Analyse und Auswertung - 05.05.2009 (1)
  5. Pc verseucht
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (2)
  6. verseucht?
    Log-Analyse und Auswertung - 21.02.2009 (14)
  7. Verseucht ???
    Mülltonne - 22.12.2008 (0)
  8. Verseucht, was nun?
    Mülltonne - 17.11.2008 (1)
  9. Bin ich verseucht ?
    Mülltonne - 31.08.2008 (0)
  10. a.exe verseucht!
    Mülltonne - 28.08.2008 (2)
  11. Verseucht, was tun?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2007 (67)
  12. PC verseucht?
    Log-Analyse und Auswertung - 20.08.2007 (2)
  13. Verseucht
    Mülltonne - 27.08.2006 (1)
  14. Verseucht ?
    Log-Analyse und Auswertung - 23.08.2006 (1)
  15. bin ich verseucht ?
    Log-Analyse und Auswertung - 05.02.2006 (2)
  16. verseucht ???
    Plagegeister aller Art und deren Bekämpfung - 08.05.2005 (1)
  17. Bin ich verseucht ?
    Log-Analyse und Auswertung - 14.12.2004 (13)

Zum Thema Kunterbunt verseucht - Hallo. Mein Rechner ist seit Kurzem ziemlich verseucht. Pornnude etc. , irgendwelche "Sicheitscenter" etc. Ich habe hier zwar einiges gefunden, aber nichts passte so richtig. Ich hoffe, ich verstoße nicht - Kunterbunt verseucht...
Archiv
Du betrachtest: Kunterbunt verseucht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.