| |
| |||||||
Log-Analyse und Auswertung: Trojanermeldungen seit einigen WochenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.05.2010, 19:26
| #1 |
 |  Trojanermeldungen seit einigen Wochen Hallo, ich hoffe ihr könnt mir noch helfen. Ich hatte mir vor einigen Wochen einen Trojaner eingehandelt. Über Anti-Malwarebytes schien er dann bezwungen, bis darauf, dass Firefox immer wieder von alleine Fenster öffnete oder ganz andere Seiten öffnete, wenn ich einen Link anklickte. Nun kam heute beim Starten eine Anti-Vir-Meldung und seitdem geht Firefox gar nicht mehr. Ich kann ihn öffnen, aber die Seiten laden nicht. Der IE funktioniert (noch). Ich habe einen alten zusammengebastelten PC von einem Freund vor 5 Jahren bekommen und ich hoffe sehr, dass das nicht sein Ende ist! Folgende Logs kann ich hier posten: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4014 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 08.05.2010 18:56:02 hjlog.txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 175768 Laufzeit: 2 Stunde(n), 29 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 1 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken. Infizierte Verzeichnisse: C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken. Infizierte Dateien: C:\WINDOWS\system32\iebho02.dll (Trojan.BHO.H) -> No action taken. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SWEUIYWP\scchost3[1].exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\ie3.tmp (Trojan.Agent) -> No action taken. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\e.exe (Trojan.Dropper) -> No action taken. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4014 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 08.05.2010 18:56:02 hjlog.txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 175768 Laufzeit: 2 Stunde(n), 29 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 1 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. |
|
08.05.2010, 19:27
| #2 |
| | Trojanermeldungen seit einigen Wochen OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 08.05.2010 15:45:35 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 383,00 Mb Total Physical Memory | 119,00 Mb Available Physical Memory | 31,00% Memory free 922,00 Mb Paging File | 391,00 Mb Available in Paging File | 42,00% Paging File free Paging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 12,63 Gb Total Space | 1,15 Gb Free Space | 9,09% Space Free | Partition Type: NTFS Drive D: | 114,49 Gb Total Space | 5,85 Gb Free Space | 5,11% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMPUTER Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - d:\Programme\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe (Zone Labs, LLC) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\anvshell.exe (AsusTeK Computer Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (VRVD302) -- C:\WINDOWS\system32\drivers\VRVD302.sys (Rsupport Corporation) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ANVIOCTL) -- C:\WINDOWS\system32\drivers\anvioctl.sys (ASUSTeK) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\asuskbnt.sys (ASUSTeK COMPUTER INC.) DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.) DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation) DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 79.99.43.128:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - prefs.js..network.proxy.backup.ftp: "195.92.64.207" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "195.92.64.207" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "195.92.64.207" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "195.92.64.207" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "88.208.200.115" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "88.208.200.115" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 445 FF - prefs.js..network.proxy.type: 1 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "88.208.200.115" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "88.208.200.115" FF - prefs.js..network.proxy.ssl_port: 80 FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.09.26 19:32:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.08 12:37:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.08 12:37:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 14:00:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.02.17 16:43:19 | 000,000,000 | ---D | M] [2009.01.10 12:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Extensions [2010.05.08 14:13:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions [2010.04.29 21:23:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.04.24 14:22:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.06.29 22:05:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2008.05.13 16:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.01.04 23:54:11 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.03.18 14:02:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2007.11.06 22:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\de-AT@dictionaries.addons.mozilla.org [2008.05.25 08:50:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\en-US@dictionaries.addons.mozilla.org [2009.04.13 13:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\moveplayer@movenetworks.com [2010.03.19 13:39:21 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\searchplugins\conduit.xml [2010.05.08 12:41:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.24 14:11:14 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [2007.03.07 13:41:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006.12.29 22:40:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll [2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll [2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll [2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.04 05:57:01 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - File not found O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\iebho02.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [anvshell] C:\WINDOWS\anvshell.exe (AsusTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [LiveNote] C:\WINDOWS\livenote.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.29 21:14:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell - "" = AutoRun O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell - "" = AutoRun O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell - "" = AutoRun O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.08 15:45:12 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.07 13:38:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010.05.07 12:20:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2010.05.05 08:12:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.05.05 08:12:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Real [2010.05.01 15:36:47 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2010.04.24 14:21:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Maria\Recent [2010.04.23 18:45:39 | 001,134,624 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup230_slim.exe [2010.04.22 17:23:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.04.22 06:44:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Settings [2010.04.21 15:08:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Malwarebytes [2010.04.21 15:07:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.21 15:07:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.21 15:07:17 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.21 15:07:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.21 14:45:00 | 001,465,616 | ---- | C] (Fastviewer.com) -- C:\Dokumente und Einstellungen\Maria\Desktop\VALEO_IT_Support.exe [2010.04.21 13:14:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.04.21 13:14:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.04.21 11:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.04.21 11:11:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\C7BF14F61666B1E44FB77DBF2C5F547D [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.08 16:06:52 | 040,781,856 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.05.08 15:45:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.08 15:26:39 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Desktop\HijackThis.lnk [2010.05.08 12:53:29 | 000,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.05.08 12:51:24 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.05.08 12:51:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.08 12:50:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.08 12:50:33 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys [2010.05.08 12:49:08 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\Maria\NTUSER.DAT [2010.05.08 12:49:07 | 000,480,872 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.05.08 12:37:31 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.05.07 18:52:03 | 000,225,280 | ---- | M] () -- C:\WINDOWS\System32\iebho02.dll [2010.05.07 16:06:36 | 000,077,312 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe [2010.05.04 05:57:01 | 000,000,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.05.03 22:26:36 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Trillian.lnk [2010.05.02 09:21:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.01 16:00:11 | 000,077,824 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.23 18:47:35 | 000,000,632 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.23 18:45:53 | 001,134,624 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup230_slim.exe [2010.04.21 15:07:47 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.21 14:45:13 | 001,465,616 | ---- | M] (Fastviewer.com) -- C:\Dokumente und Einstellungen\***\Desktop\VALEO_IT_Support.exe [2010.04.21 09:36:39 | 000,171,615 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\aufsandgebaut.JPG [2010.04.20 19:26:55 | 000,060,334 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\suendenquittung.JPG [2010.04.20 09:47:17 | 000,080,197 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Desktop\7faf199f-d210-41a9-9960-3cf04a2ebe8d.jpg [2010.04.12 18:02:34 | 000,003,080 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ich3.jpg [2010.04.12 18:02:16 | 000,060,548 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ich2.jpg [2010.04.12 17:57:56 | 000,004,465 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Desktop\ich.JPG [2010.04.12 17:46:21 | 000,374,934 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Desktop\ich4.jpg [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.08 15:26:39 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HijackThis.lnk [2010.05.08 12:37:31 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.05.07 18:52:04 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\iebho02.dll [2010.04.23 18:47:35 | 000,000,632 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.21 15:07:46 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.21 09:36:34 | 000,171,615 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\aufsandgebaut.JPG [2010.04.20 19:26:53 | 000,060,334 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\suendenquittung.JPG [2010.04.20 09:29:28 | 000,080,197 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\7faf199f-d210-41a9-9960-3cf04a2ebe8d.jpg [2010.04.12 18:02:32 | 000,003,080 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ich3.jpg [2010.04.12 18:02:12 | 000,060,548 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ich2.jpg [2010.04.12 17:57:56 | 000,004,465 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ich.JPG [2010.04.12 17:46:20 | 000,374,934 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ich4.jpg [2010.03.23 15:56:37 | 000,000,213 | ---- | C] () -- C:\WINDOWS\PCWGXDRV.INI [2010.03.23 15:56:37 | 000,000,020 | ---- | C] () -- C:\WINDOWS\LOGINPUT.INI [2009.09.05 09:43:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009.09.05 09:43:49 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009.07.13 18:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2008.07.03 09:54:22 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2008.07.03 09:54:22 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2008.07.03 09:54:17 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008.03.22 16:42:18 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.09.10 15:13:11 | 000,020,257 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI [2007.09.10 15:13:00 | 000,059,344 | ---- | C] () -- C:\WINDOWS\BTIUNZIP.DLL [2007.07.06 03:37:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.07.06 03:37:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.06.09 15:10:52 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2007.05.24 16:34:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HTMLAST.INI [2007.05.24 16:34:02 | 000,000,255 | ---- | C] () -- C:\WINDOWS\ULead32.ini [2007.04.04 12:47:38 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2007.04.04 12:47:38 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2007.03.02 19:03:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.12.29 22:18:01 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\AsusVr.dll [2006.12.29 22:18:01 | 000,036,352 | R--- | C] () -- C:\WINDOWS\System32\asustips.dll [2006.12.29 22:18:00 | 000,063,652 | R--- | C] () -- C:\WINDOWS\anvmsg.ini [2006.12.29 22:18:00 | 000,000,672 | R--- | C] () -- C:\WINDOWS\anvshell.ini [2006.12.29 22:17:41 | 000,002,048 | R--- | C] () -- C:\WINDOWS\System32\anvcinst.dll [2006.12.29 22:17:37 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2006.12.29 22:11:56 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2006.12.29 21:51:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2002.11.06 18:42:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SDL_gfx.dll [2002.10.13 13:25:14 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MesaGlut.dll [2002.10.13 13:23:36 | 000,363,008 | ---- | C] () -- C:\WINDOWS\System32\MesaGLU.dll [2002.10.13 13:21:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\osmesa.dll [2002.10.13 13:21:44 | 001,417,216 | ---- | C] () -- C:\WINDOWS\System32\MesaGL.dll [2002.10.07 05:49:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll [2002.05.20 08:12:50 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll [2002.04.13 13:01:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll [2002.04.13 13:01:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll [2002.04.13 13:00:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll [2002.02.07 13:43:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\sdl_sound.dll [2001.12.03 21:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\in_flac.dll [2001.08.18 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001.08.13 02:00:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2001.08.13 02:00:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2001.08.13 01:59:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2001.04.05 15:24:14 | 000,169,443 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll [2001.04.05 15:24:14 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\libpng1.dll [2001.04.05 15:24:14 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2001.04.04 21:33:50 | 000,209,920 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll < End of report > |
|
08.05.2010, 19:30
| #3 |
| | Trojanermeldungen seit einigen Wochen HiJackthis Logfile:
__________________Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:06:52, on 08.05.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe D:\Programme\Avira\AntiVir Desktop\sched.exe D:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Application Updater\ApplicationUpdater.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\anvshell.exe C:\Programme\avmwlanstick\wlangui.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe D:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\***\Desktop\OTL.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe D:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 79.99.43.128:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\iebho02.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file) O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6322 bytes |
|
10.05.2010, 20:17
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojanermeldungen seit einigen Wochen Hallo und  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.05.2010, 14:27
| #5 |
| | Trojanermeldungen seit einigen Wochen Dankeschön! Hier der neue log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 11.05.2010 23:57:40 mbam-log-2010-05-11 (23-57-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 184033 Laufzeit: 2 Stunde(n), 57 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\iebho.dll (Trojan.BHO.H) -> Quarantined and deleted successfully. |
|
12.05.2010, 14:33
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanermeldungen seit einigen WochenZitat:
__________________ --> Trojanermeldungen seit einigen Wochen |
|
15.05.2010, 18:00
| #7 |
| | Trojanermeldungen seit einigen Wochen So. Jetzt aber Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4103 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 15.05.2010 16:20:33 mbam-log-2010-05-15 (16-20-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 192096 Laufzeit: 2 Stunde(n), 59 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 1 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Dokumente und Einstellungen\All Users\Dokumente\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Infizierte Dateien: C:\WINDOWS\system32\iebho.dll (Trojan.BHO.H) -> Quarantined and deleted successfully. D:\Spiele\ludo\JuniorBoardGames-dm.exe (Adware.TryMedia) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\ie1B.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. C:\Dokumente und Einstellungen\All Users\Dokumente\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot. |
|
17.05.2010, 12:57
| #9 |
| | Trojanermeldungen seit einigen Wochen OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.05.2010 10:22:00 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 383,00 Mb Total Physical Memory | 145,00 Mb Available Physical Memory | 38,00% Memory free 922,00 Mb Paging File | 528,00 Mb Available in Paging File | 57,00% Paging File free Paging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 12,63 Gb Total Space | 0,28 Gb Free Space | 2,22% Space Free | Partition Type: NTFS Drive D: | 114,49 Gb Total Space | 8,38 Gb Free Space | 7,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMPUTER Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Java\jre6\bin\javaws.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe (Zone Labs, LLC) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\anvshell.exe (AsusTeK Computer Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (VRVD302) -- C:\WINDOWS\system32\drivers\VRVD302.sys (Rsupport Corporation) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ANVIOCTL) -- C:\WINDOWS\system32\drivers\anvioctl.sys (ASUSTeK) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\asuskbnt.sys (ASUSTeK COMPUTER INC.) DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.) DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation) DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 79.99.43.128:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - prefs.js..network.proxy.backup.ftp: "195.92.64.207" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "195.92.64.207" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "195.92.64.207" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "195.92.64.207" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "88.208.200.115" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "88.208.200.115" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 445 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "88.208.200.115" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "88.208.200.115" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.09.26 19:32:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.08 12:37:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.08 12:37:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 14:00:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.02.17 16:43:19 | 000,000,000 | ---D | M] [2009.01.10 12:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.05.08 17:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions [2010.04.29 21:23:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.04.24 14:22:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.06.29 22:05:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2008.05.13 16:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.01.04 23:54:11 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.03.18 14:02:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2007.11.06 22:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\de-AT@dictionaries.addons.mozilla.org [2008.05.25 08:50:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\en-US@dictionaries.addons.mozilla.org [2009.04.13 13:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\moveplayer@movenetworks.com [2010.03.19 13:39:21 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\searchplugins\conduit.xml [2010.05.08 17:10:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.24 14:11:14 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [2007.03.07 13:41:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006.12.29 22:40:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll [2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll [2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll [2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.04 05:57:01 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - File not found O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [anvshell] C:\WINDOWS\anvshell.exe (AsusTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [LiveNote] C:\WINDOWS\livenote.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe (eSXi) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.29 21:14:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell - "" = AutoRun O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell - "" = AutoRun O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell - "" = AutoRun O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.17 10:15:44 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.15 12:07:54 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2010.05.15 12:02:49 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2010.05.15 11:57:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010.05.15 11:53:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.05.15 11:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2010.05.07 13:38:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010.05.05 08:12:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.05.05 08:12:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Real [2010.05.01 15:36:47 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2010.04.24 14:21:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.04.23 18:45:39 | 001,134,624 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup230_slim.exe [2010.04.22 17:23:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.04.22 06:44:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Settings [2010.04.21 15:08:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.21 15:07:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.21 15:07:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.21 15:07:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.21 15:07:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.21 14:45:00 | 001,465,616 | ---- | C] (Fastviewer.com) -- C:\Dokumente und Einstellungen\***\Desktop\VALEO_IT_Support.exe [2010.04.21 13:14:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.04.21 13:14:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.04.21 11:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.04.21 11:11:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\C7BF14F61666B1E44FB77DBF2C5F547D [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.17 10:26:20 | 041,986,080 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.05.17 10:15:59 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.17 10:06:18 | 000,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.05.17 10:05:22 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.05.17 10:05:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.17 10:04:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.17 10:04:22 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.05.17 10:04:21 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys [2010.05.16 21:54:48 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.05.16 21:54:44 | 000,495,968 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.05.16 17:47:55 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe [2010.05.15 09:53:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.08 15:26:39 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HijackThis.lnk [2010.05.08 12:37:31 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.05.04 05:57:01 | 000,000,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.05.03 22:26:36 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Trillian.lnk [2010.05.01 16:00:11 | 000,077,824 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.23 18:47:35 | 000,000,632 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.23 18:45:53 | 001,134,624 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup230_slim.exe [2010.04.21 15:07:47 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.21 14:45:13 | 001,465,616 | ---- | M] (Fastviewer.com) -- C:\Dokumente und Einstellungen\***\Desktop\VALEO_IT_Support.exe [2010.04.21 09:36:39 | 000,171,615 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\aufsandgebaut.JPG [2010.04.20 19:26:55 | 000,060,334 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\suendenquittung.JPG [2010.04.20 09:47:17 | 000,080,197 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\7faf199f-d210-41a9-9960-3cf04a2ebe8d.jpg [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.08 15:26:39 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HijackThis.lnk [2010.05.08 12:37:31 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.04.23 18:47:35 | 000,000,632 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.21 15:07:46 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.21 09:36:34 | 000,171,615 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\aufsandgebaut.JPG [2010.04.20 19:26:53 | 000,060,334 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\suendenquittung.JPG [2010.04.20 09:29:28 | 000,080,197 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\7faf199f-d210-41a9-9960-3cf04a2ebe8d.jpg [2010.03.23 15:56:37 | 000,000,213 | ---- | C] () -- C:\WINDOWS\PCWGXDRV.INI [2010.03.23 15:56:37 | 000,000,020 | ---- | C] () -- C:\WINDOWS\LOGINPUT.INI [2009.09.05 09:43:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009.09.05 09:43:49 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009.07.13 18:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2008.07.03 09:54:22 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2008.07.03 09:54:22 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2008.07.03 09:54:17 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008.03.22 16:42:18 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.09.10 15:13:11 | 000,020,257 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI [2007.09.10 15:13:00 | 000,059,344 | ---- | C] () -- C:\WINDOWS\BTIUNZIP.DLL [2007.07.06 03:37:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.07.06 03:37:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.06.09 15:10:52 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2007.05.24 16:34:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HTMLAST.INI [2007.05.24 16:34:02 | 000,000,255 | ---- | C] () -- C:\WINDOWS\ULead32.ini [2007.04.04 12:47:38 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2007.04.04 12:47:38 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2007.03.02 19:03:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.12.29 22:18:01 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\AsusVr.dll [2006.12.29 22:18:01 | 000,036,352 | R--- | C] () -- C:\WINDOWS\System32\asustips.dll [2006.12.29 22:18:00 | 000,063,652 | R--- | C] () -- C:\WINDOWS\anvmsg.ini [2006.12.29 22:18:00 | 000,000,672 | R--- | C] () -- C:\WINDOWS\anvshell.ini [2006.12.29 22:17:41 | 000,002,048 | R--- | C] () -- C:\WINDOWS\System32\anvcinst.dll [2006.12.29 22:17:37 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2006.12.29 22:11:56 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2002.11.06 18:42:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SDL_gfx.dll [2002.10.13 13:25:14 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MesaGlut.dll [2002.10.13 13:23:36 | 000,363,008 | ---- | C] () -- C:\WINDOWS\System32\MesaGLU.dll [2002.10.13 13:21:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\osmesa.dll [2002.10.13 13:21:44 | 001,417,216 | ---- | C] () -- C:\WINDOWS\System32\MesaGL.dll [2002.10.07 05:49:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll [2002.05.20 08:12:50 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll [2002.04.13 13:01:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll [2002.04.13 13:01:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll [2002.04.13 13:00:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll [2002.02.07 13:43:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\sdl_sound.dll [2001.12.03 21:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\in_flac.dll [2001.08.18 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001.08.13 02:00:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2001.08.13 02:00:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2001.08.13 01:59:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2001.04.05 15:24:14 | 000,169,443 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll [2001.04.05 15:24:14 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\libpng1.dll [2001.04.05 15:24:14 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2001.04.04 21:33:50 | 000,209,920 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll < End of report > |
|
17.05.2010, 13:03
| #10 |
| | Trojanermeldungen seit einigen Wochen OTL Extras logfile created on: 17.05.2010 10:22:00 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\OTL logfile created on: 17.05.2010 10:22:00 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 383,00 Mb Total Physical Memory | 145,00 Mb Available Physical Memory | 38,00% Memory free 922,00 Mb Paging File | 528,00 Mb Available in Paging File | 57,00% Paging File free Paging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 12,63 Gb Total Space | 0,28 Gb Free Space | 2,22% Space Free | Partition Type: NTFS Drive D: | 114,49 Gb Total Space | 8,38 Gb Free Space | 7,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMPUTER Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Java\jre6\bin\javaws.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe (Zone Labs, LLC) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\anvshell.exe (AsusTeK Computer Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (VRVD302) -- C:\WINDOWS\system32\drivers\VRVD302.sys (Rsupport Corporation) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ANVIOCTL) -- C:\WINDOWS\system32\drivers\anvioctl.sys (ASUSTeK) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\asuskbnt.sys (ASUSTeK COMPUTER INC.) DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.) DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation) DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 79.99.43.128:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - prefs.js..network.proxy.backup.ftp: "195.92.64.207" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "195.92.64.207" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "195.92.64.207" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "195.92.64.207" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "88.208.200.115" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "88.208.200.115" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 445 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "88.208.200.115" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "88.208.200.115" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.09.26 19:32:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.08 12:37:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.08 12:37:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 14:00:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.02.17 16:43:19 | 000,000,000 | ---D | M] [2009.01.10 12:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.05.08 17:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions [2010.04.29 21:23:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.04.24 14:22:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.06.29 22:05:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2008.05.13 16:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.01.04 23:54:11 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.03.18 14:02:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2007.11.06 22:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\de-AT@dictionaries.addons.mozilla.org [2008.05.25 08:50:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\en-US@dictionaries.addons.mozilla.org [2009.04.13 13:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\moveplayer@movenetworks.com [2010.03.19 13:39:21 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\searchplugins\conduit.xml [2010.05.08 17:10:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.24 14:11:14 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [2007.03.07 13:41:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006.12.29 22:40:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll [2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll [2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll [2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.04 05:57:01 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - File not found O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [anvshell] C:\WINDOWS\anvshell.exe (AsusTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [LiveNote] C:\WINDOWS\livenote.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe (eSXi) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.29 21:14:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell - "" = AutoRun O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell - "" = AutoRun O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell - "" = AutoRun O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.17 10:15:44 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.15 12:07:54 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2010.05.15 12:02:49 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2010.05.15 11:57:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010.05.15 11:53:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.05.15 11:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2010.05.07 13:38:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010.05.05 08:12:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.05.05 08:12:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Real [2010.05.01 15:36:47 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2010.04.24 14:21:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.04.23 18:45:39 | 001,134,624 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup230_slim.exe [2010.04.22 17:23:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.04.22 06:44:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Settings [2010.04.21 15:08:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.21 15:07:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.21 15:07:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.21 15:07:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.21 15:07:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.21 14:45:00 | 001,465,616 | ---- | C] (Fastviewer.com) -- C:\Dokumente und Einstellungen\***\Desktop\VALEO_IT_Support.exe [2010.04.21 13:14:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.04.21 13:14:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.04.21 11:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.04.21 11:11:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\C7BF14F61666B1E44FB77DBF2C5F547D [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] |
|
17.05.2010, 13:04
| #11 |
| | Trojanermeldungen seit einigen Wochen ========== Files - Modified Within 30 Days ========== [2010.05.17 10:26:20 | 041,986,080 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.05.17 10:15:59 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.17 10:06:18 | 000,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.05.17 10:05:22 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.05.17 10:05:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.17 10:04:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.17 10:04:22 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.05.17 10:04:21 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys [2010.05.16 21:54:48 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.05.16 21:54:44 | 000,495,968 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.05.16 17:47:55 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe [2010.05.15 09:53:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.08 15:26:39 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HijackThis.lnk [2010.05.08 12:37:31 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.05.04 05:57:01 | 000,000,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.05.03 22:26:36 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Trillian.lnk [2010.05.01 16:00:11 | 000,077,824 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.23 18:47:35 | 000,000,632 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.23 18:45:53 | 001,134,624 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup230_slim.exe [2010.04.21 15:07:47 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.21 14:45:13 | 001,465,616 | ---- | M] (Fastviewer.com) -- C:\Dokumente und Einstellungen\***\Desktop\VALEO_IT_Support.exe [2010.04.21 09:36:39 | 000,171,615 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\aufsandgebaut.JPG [2010.04.20 19:26:55 | 000,060,334 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\suendenquittung.JPG [2010.04.20 09:47:17 | 000,080,197 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\7faf199f-d210-41a9-9960-3cf04a2ebe8d.jpg [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.08 15:26:39 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HijackThis.lnk [2010.05.08 12:37:31 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.04.23 18:47:35 | 000,000,632 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.21 15:07:46 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.21 09:36:34 | 000,171,615 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\aufsandgebaut.JPG [2010.04.20 19:26:53 | 000,060,334 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\suendenquittung.JPG [2010.04.20 09:29:28 | 000,080,197 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\7faf199f-d210-41a9-9960-3cf04a2ebe8d.jpg [2010.03.23 15:56:37 | 000,000,213 | ---- | C] () -- C:\WINDOWS\PCWGXDRV.INI [2010.03.23 15:56:37 | 000,000,020 | ---- | C] () -- C:\WINDOWS\LOGINPUT.INI [2009.09.05 09:43:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009.09.05 09:43:49 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009.07.13 18:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2008.07.03 09:54:22 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2008.07.03 09:54:22 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2008.07.03 09:54:17 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008.03.22 16:42:18 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.09.10 15:13:11 | 000,020,257 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI [2007.09.10 15:13:00 | 000,059,344 | ---- | C] () -- C:\WINDOWS\BTIUNZIP.DLL [2007.07.06 03:37:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.07.06 03:37:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.06.09 15:10:52 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2007.05.24 16:34:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HTMLAST.INI [2007.05.24 16:34:02 | 000,000,255 | ---- | C] () -- C:\WINDOWS\ULead32.ini [2007.04.04 12:47:38 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2007.04.04 12:47:38 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2007.03.02 19:03:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.12.29 22:18:01 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\AsusVr.dll [2006.12.29 22:18:01 | 000,036,352 | R--- | C] () -- C:\WINDOWS\System32\asustips.dll [2006.12.29 22:18:00 | 000,063,652 | R--- | C] () -- C:\WINDOWS\anvmsg.ini [2006.12.29 22:18:00 | 000,000,672 | R--- | C] () -- C:\WINDOWS\anvshell.ini [2006.12.29 22:17:41 | 000,002,048 | R--- | C] () -- C:\WINDOWS\System32\anvcinst.dll [2006.12.29 22:17:37 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2006.12.29 22:11:56 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2002.11.06 18:42:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SDL_gfx.dll [2002.10.13 13:25:14 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MesaGlut.dll [2002.10.13 13:23:36 | 000,363,008 | ---- | C] () -- C:\WINDOWS\System32\MesaGLU.dll [2002.10.13 13:21:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\osmesa.dll [2002.10.13 13:21:44 | 001,417,216 | ---- | C] () -- C:\WINDOWS\System32\MesaGL.dll [2002.10.07 05:49:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll [2002.05.20 08:12:50 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll [2002.04.13 13:01:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll [2002.04.13 13:01:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll [2002.04.13 13:00:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll [2002.02.07 13:43:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\sdl_sound.dll [2001.12.03 21:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\in_flac.dll [2001.08.18 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001.08.13 02:00:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2001.08.13 02:00:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2001.08.13 01:59:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2001.04.05 15:24:14 | 000,169,443 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll [2001.04.05 15:24:14 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\libpng1.dll [2001.04.05 15:24:14 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2001.04.04 21:33:50 | 000,209,920 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll < End of report > \Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 383,00 Mb Total Physical Memory | 145,00 Mb Available Physical Memory | 38,00% Memory free 922,00 Mb Paging File | 528,00 Mb Available in Paging File | 57,00% Paging File free Paging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 12,63 Gb Total Space | 0,28 Gb Free Space | 2,22% Space Free | Partition Type: NTFS Drive D: | 114,49 Gb Total Space | 8,38 Gb Free Space | 7,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMPUTER Current User Name: OTL logfile created on: 17.05.2010 10:22:00 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 383,00 Mb Total Physical Memory | 145,00 Mb Available Physical Memory | 38,00% Memory free 922,00 Mb Paging File | 528,00 Mb Available in Paging File | 57,00% Paging File free Paging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 12,63 Gb Total Space | 0,28 Gb Free Space | 2,22% Space Free | Partition Type: NTFS Drive D: | 114,49 Gb Total Space | 8,38 Gb Free Space | 7,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMPUTER Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Java\jre6\bin\javaws.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe (Zone Labs, LLC) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\anvshell.exe (AsusTeK Computer Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (VRVD302) -- C:\WINDOWS\system32\drivers\VRVD302.sys (Rsupport Corporation) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ANVIOCTL) -- C:\WINDOWS\system32\drivers\anvioctl.sys (ASUSTeK) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\asuskbnt.sys (ASUSTeK COMPUTER INC.) DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.) DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation) DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 79.99.43.128:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - prefs.js..network.proxy.backup.ftp: "195.92.64.207" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "195.92.64.207" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "195.92.64.207" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "195.92.64.207" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "88.208.200.115" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "88.208.200.115" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 445 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "88.208.200.115" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "88.208.200.115" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008.09.26 19:32:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.08 12:37:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.08 12:37:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 14:00:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.02.17 16:43:19 | 000,000,000 | ---D | M] [2009.01.10 12:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.05.08 17:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions [2010.04.29 21:23:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.04.24 14:22:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.06.29 22:05:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2008.05.13 16:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.01.04 23:54:11 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.03.18 14:02:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2007.11.06 22:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\de-AT@dictionaries.addons.mozilla.org [2008.05.25 08:50:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\en-US@dictionaries.addons.mozilla.org [2009.04.13 13:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\extensions\moveplayer@movenetworks.com [2010.03.19 13:39:21 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7gkkvfyc.default\searchplugins\conduit.xml [2010.05.08 17:10:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.24 14:11:14 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [2007.03.07 13:41:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006.12.29 22:40:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll [2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll [2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll [2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.04 05:57:01 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - File not found O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [anvshell] C:\WINDOWS\anvshell.exe (AsusTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [LiveNote] C:\WINDOWS\livenote.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe (eSXi) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.29 21:14:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell - "" = AutoRun O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell - "" = AutoRun O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell - "" = AutoRun O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* |
|
17.05.2010, 13:06
| #12 |
| | Trojanermeldungen seit einigen Wochen ========== Files/Folders - Created Within 30 Days ========== [2010.05.17 10:15:44 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.15 12:07:54 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE [2010.05.15 12:02:49 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache [2010.05.15 11:57:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010.05.15 11:53:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.05.15 11:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2010.05.07 13:38:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010.05.05 08:12:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.05.05 08:12:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Real [2010.05.01 15:36:47 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2010.04.24 14:21:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.04.23 18:45:39 | 001,134,624 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup230_slim.exe [2010.04.22 17:23:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.04.22 06:44:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Settings [2010.04.21 15:08:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.04.21 15:07:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.21 15:07:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.21 15:07:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.21 15:07:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.21 14:45:00 | 001,465,616 | ---- | C] (Fastviewer.com) -- C:\Dokumente und Einstellungen\***\Desktop\VALEO_IT_Support.exe [2010.04.21 13:14:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.04.21 13:14:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.04.21 11:13:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.04.21 11:11:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\C7BF14F61666B1E44FB77DBF2C5F547D [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.17 10:26:20 | 041,986,080 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.05.17 10:15:59 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2010.05.17 10:06:18 | 000,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.05.17 10:05:22 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.05.17 10:05:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.17 10:04:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.17 10:04:22 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.05.17 10:04:21 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys [2010.05.16 21:54:48 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.05.16 21:54:44 | 000,495,968 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.05.16 17:47:55 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe [2010.05.15 09:53:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.08 15:26:39 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HijackThis.lnk [2010.05.08 12:37:31 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.05.04 05:57:01 | 000,000,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.05.03 22:26:36 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Trillian.lnk [2010.05.01 16:00:11 | 000,077,824 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.23 18:47:35 | 000,000,632 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.23 18:45:53 | 001,134,624 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\***\Desktop\ccsetup230_slim.exe [2010.04.21 15:07:47 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.21 14:45:13 | 001,465,616 | ---- | M] (Fastviewer.com) -- C:\Dokumente und Einstellungen\***\Desktop\VALEO_IT_Support.exe [2010.04.21 09:36:39 | 000,171,615 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\aufsandgebaut.JPG [2010.04.20 19:26:55 | 000,060,334 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\suendenquittung.JPG [2010.04.20 09:47:17 | 000,080,197 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\7faf199f-d210-41a9-9960-3cf04a2ebe8d.jpg [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.08 15:26:39 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HijackThis.lnk [2010.05.08 12:37:31 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.04.23 18:47:35 | 000,000,632 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk [2010.04.21 15:07:46 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.21 09:36:34 | 000,171,615 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\aufsandgebaut.JPG [2010.04.20 19:26:53 | 000,060,334 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\suendenquittung.JPG [2010.04.20 09:29:28 | 000,080,197 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\7faf199f-d210-41a9-9960-3cf04a2ebe8d.jpg [2010.03.23 15:56:37 | 000,000,213 | ---- | C] () -- C:\WINDOWS\PCWGXDRV.INI [2010.03.23 15:56:37 | 000,000,020 | ---- | C] () -- C:\WINDOWS\LOGINPUT.INI [2009.09.05 09:43:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009.09.05 09:43:49 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009.07.13 18:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2008.07.03 09:54:22 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2008.07.03 09:54:22 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2008.07.03 09:54:17 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008.03.22 16:42:18 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.09.10 15:13:11 | 000,020,257 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI [2007.09.10 15:13:00 | 000,059,344 | ---- | C] () -- C:\WINDOWS\BTIUNZIP.DLL [2007.07.06 03:37:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.07.06 03:37:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.06.09 15:10:52 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2007.05.24 16:34:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HTMLAST.INI [2007.05.24 16:34:02 | 000,000,255 | ---- | C] () -- C:\WINDOWS\ULead32.ini [2007.04.04 12:47:38 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2007.04.04 12:47:38 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2007.03.02 19:03:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.12.29 22:18:01 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\AsusVr.dll [2006.12.29 22:18:01 | 000,036,352 | R--- | C] () -- C:\WINDOWS\System32\asustips.dll [2006.12.29 22:18:00 | 000,063,652 | R--- | C] () -- C:\WINDOWS\anvmsg.ini [2006.12.29 22:18:00 | 000,000,672 | R--- | C] () -- C:\WINDOWS\anvshell.ini [2006.12.29 22:17:41 | 000,002,048 | R--- | C] () -- C:\WINDOWS\System32\anvcinst.dll [2006.12.29 22:17:37 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2006.12.29 22:11:56 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2002.11.06 18:42:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SDL_gfx.dll [2002.10.13 13:25:14 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MesaGlut.dll [2002.10.13 13:23:36 | 000,363,008 | ---- | C] () -- C:\WINDOWS\System32\MesaGLU.dll [2002.10.13 13:21:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\osmesa.dll [2002.10.13 13:21:44 | 001,417,216 | ---- | C] () -- C:\WINDOWS\System32\MesaGL.dll [2002.10.07 05:49:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll [2002.05.20 08:12:50 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll [2002.04.13 13:01:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll [2002.04.13 13:01:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll [2002.04.13 13:00:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll [2002.02.07 13:43:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\sdl_sound.dll [2001.12.03 21:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\in_flac.dll [2001.08.18 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001.08.13 02:00:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2001.08.13 02:00:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2001.08.13 01:59:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2001.04.05 15:24:14 | 000,169,443 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll [2001.04.05 15:24:14 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\libpng1.dll [2001.04.05 15:24:14 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2001.04.04 21:33:50 | 000,209,920 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll < End of report > Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] |
|
17.05.2010, 13:07
| #13 |
| | Trojanermeldungen seit einigen Wochen ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1C851E23-17F6-4B46-9F78-5AD774518B7A}" = Nokia Connectivity Cable Driver "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{844DBF54-F822-4A1C-896B-93C0FBBA38D3}" = Sven 2 XS "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8FB1A5EA-7DA8-4D57-80FB-BD923CCCC852}" = OpenOffice.org 2.1 "{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "ASUS Display Drivers" = ASUS Display Drivers "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "CCleaner" = CCleaner "CwGet_is1" = CwGet V1.80 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free FLV Converter_is1" = Free FLV Converter V 6.7.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Frozen-Bubble_is1" = Frozen-Bubble 1.0 "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24) "Quintessential Player" = Quintessential Player "RealPlayer 6.0" = RealPlayer "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Trillian" = Trillian "UltraStar Deluxe" = UltraStar Deluxe "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VideoLAN VLC media player 0.8.6 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FileZilla Client" = FileZilla Client 3.2.0 ========== Last 10 Event Log Errors ========== |
|
17.05.2010, 14:47
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanermeldungen seit einigen Wochen Wo genau steht Dein Rechner? In einem Büro? Ich seh da Proxyeinträge in beiden Browser, ich weiß aber nicht, ob diese so notwendig sind. Ich hau die jetzt einfach mal mit weg, anscheinend sind die bei Dir nur störend. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 79.99.43.128:3128
FF - prefs.js..network.proxy.backup.ftp: "195.92.64.207"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "195.92.64.207"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "195.92.64.207"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "195.92.64.207"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "88.208.200.115"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "88.208.200.115"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 445
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "88.208.200.115"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "88.208.200.115"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - File not found
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found
O4 - HKLM..\Run: [LiveNote] C:\WINDOWS\livenote.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe (eSXi)
O33 - MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found
O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell - "" = AutoRun
O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell - "" = AutoRun
O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2010, 17:07
| #15 |
| | Trojanermeldungen seit einigen Wochen All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "195.92.64.207" removed from network.proxy.backup.ftp Prefs.js: 80 removed from network.proxy.backup.ftp_port Prefs.js: "195.92.64.207" removed from network.proxy.backup.gopher Prefs.js: 80 removed from network.proxy.backup.gopher_port Prefs.js: "195.92.64.207" removed from network.proxy.backup.socks Prefs.js: 80 removed from network.proxy.backup.socks_port Prefs.js: "195.92.64.207" removed from network.proxy.backup.ssl Prefs.js: 80 removed from network.proxy.backup.ssl_port Prefs.js: "88.208.200.115" removed from network.proxy.ftp Prefs.js: 80 removed from network.proxy.ftp_port Prefs.js: "88.208.200.115" removed from network.proxy.gopher Prefs.js: 80 removed from network.proxy.gopher_port Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 445 removed from network.proxy.http_port Prefs.js: "" removed from network.proxy.no_proxies_on Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: "88.208.200.115" removed from network.proxy.socks Prefs.js: 80 removed from network.proxy.socks_port Prefs.js: "88.208.200.115" removed from network.proxy.ssl Prefs.js: 80 removed from network.proxy.ssl_port Prefs.js: 1 removed from network.proxy.type Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19C8E43B-07B3-49CB-BFFC-6777B593E6F8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19C8E43B-07B3-49CB-BFFC-6777B593E6F8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LiveNote deleted successfully. C:\WINDOWS\livenote.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\userinit.exe deleted successfully. Item C:\WINDOWS\system32\userinit.exe is whitelisted and cannot be moved. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully. File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{360a1518-977b-11db-992a-000102e2008c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{360a1518-977b-11db-992a-000102e2008c}\ not found. File I:\pushinst.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4110aa2e-a1e9-11de-a8e3-00040ecb3b4d}\ not found. File G:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6138a54-7075-11de-8d70-00040ecb3b4d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6138a54-7075-11de-8d70-00040ecb3b4d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6138a54-7075-11de-8d70-00040ecb3b4d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6138a54-7075-11de-8d70-00040ecb3b4d}\ not found. File H:\LaunchU3.exe not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Gast ->Temp folder emptied: 17636 bytes ->Temporary Internet Files folder emptied: 47957 bytes ->FireFox cache emptied: 74104286 bytes ->Flash cache emptied: 1149 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 2647629 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 578257289 bytes ->Temporary Internet Files folder emptied: 1187095017 bytes ->Java cache emptied: 103751 bytes ->FireFox cache emptied: 6674478 bytes ->Google Chrome cache emptied: 594288 bytes ->Flash cache emptied: 4197 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 45221685 bytes ->Flash cache emptied: 2867 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1119339 bytes %systemroot%\System32 .tmp files removed: 3630983 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 385881616 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.180,00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05172010_173735 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\in12.tmp moved successfully. C:\WINDOWS\temp\ZLT05d3a.TMP moved successfully. File\Folder C:\WINDOWS\temp\ZLT05d3d.TMP not found! Registry entries deleted on Reboot... Danke! |
|
| Themen zu Trojanermeldungen seit einigen Wochen |
| .dll, backdoor.bot, beim starten, browser, dateien, einstellungen, explorer, firefox, funktioniert, helper, klick, link, microsoft, seite, seiten, software, spyware.zbot, starten, stolen.data, system, system32, trojan.agent, trojan.dropper, trojan.fakealert, trojaner, userinit, winlogon, öffnen |
Linear-Darstellung
