| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Logs sauber? Bitte überprüfenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.05.2010, 14:11
| #1 |
 |  Logs sauber? Bitte überprüfen hallo, ich hatte auf meinem notebook wohl ein rootkit wesewegen ich es jetzt formatieren werde. gmer hat zumindest behauptet die atapi.sys wäre verändert (evtl. durch emulationssoftware vielleicht?) combofix meinte dann noch tdx.sys wäre verdächtig und hat das gelöscht...alle haben sie aber keinerlei angaben über die rootkitart gemacht. eine exe datei die wohl oldot.exe sein sollte hat er auch gelöscht... hier geht es aber um meinen office pc. anbei füge ich logs von diesem pc auf dem egtl nichts passiert sein sollte mit der bitte drüberzusehen. symantec endpoint protection findet nichts eset online scanner findet nichts superantispyware findet nichts bis auf ein paar cookies im otl log lese ich was von steelwerks direkt nachdem ich combofix ausgeführt habe..hat wohl was mit uer acls etc zu tun. nutzt combofix das? die dateiinfo der drei steelwerx files sagt jeweils freeware implementation....by frank staal edit: scheint wohl von combofix zu kommen- habe gerade einen passenden eintrag ergoogelt. OTL LOG Code:
ATTFilter OTL logfile created on: 10.05.2010 14:49:50 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\xxxDesktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 42,32 Gb Free Space | 56,79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive I: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive M: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive P: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive S: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive T: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive U: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Computer Name: xxx Current User Name: xxx NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Prevx\prevx.exe (Prevx) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Programme\Symantec AntiVirus\SmcGui.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Backup Exec System Recovery\Agent\VProTray.exe (Symantec Corporation) PRC - C:\Programme\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.) PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDUpdate.exe (Safer Networking Limited) PRC - C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.10 12:07:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.10 12:07:40 | 000,000,000 | ---D | M] [2009.03.30 14:54:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2010.05.10 12:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\9d1yxpk1.default\extensions [2010.05.10 12:09:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\9d1yxpk1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.05.10 12:11:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\9d1yxpk1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.10 12:25:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.04.03 15:14:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.09.13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CCMSDK.dll [2009.09.13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CgpCore.dll [2009.09.13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\confmgr.dll [2009.09.13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\ctxlogging.dll [2009.09.13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npicaN.dll [2005.06.25 17:08:08 | 006,153,728 | ---- | M] (VideoLAN Team) -- C:\Programme\Mozilla Firefox\plugins\npvlc.dll [2009.09.13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\TcpPServ.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.04.21 08:49:27 | 000,305,259 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10509 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [Symantec Backup Exec System Recovery 2010] C:\Programme\Symantec\Backup Exec System Recovery\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O15 - HKCU\..Trusted Domains: google.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: google.com ([mail] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: immobilienscout24.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: superantispyware.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241594555898 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_18) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxSYSTEM.DE O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.24 14:43:07 | 000,000,031 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.10 14:49:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.05.10 12:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads [2010.05.10 11:20:46 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.05.10 11:19:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.05.10 11:07:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent [2010.05.10 10:51:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.10 10:50:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.10 10:50:49 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.05.10 10:50:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2010.05.10 09:27:31 | 000,061,440 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll [2010.05.10 09:27:30 | 000,054,792 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys [2010.05.10 09:27:30 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2010.05.10 09:27:30 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys [2010.05.10 09:27:29 | 000,000,000 | ---D | C] -- C:\Programme\Prevx [2010.05.10 09:27:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrevxCSI [2010.05.10 09:13:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2010.05.10 09:13:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.10 09:13:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.10 09:13:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.10 09:13:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.10 09:10:32 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.05.06 12:39:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.05.06 12:39:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.05.06 12:39:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.05.06 12:39:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.05.06 12:39:08 | 000,000,000 | --SD | C] -- C:\ComboFix [2010.05.06 12:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.10 14:49:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.05.10 14:03:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.05.10 12:14:37 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.05.10 12:14:33 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.05.10 12:14:22 | 000,000,280 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini [2010.05.10 12:14:08 | 005,505,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT [2010.05.10 12:07:50 | 000,001,572 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.05.10 11:36:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.10 11:35:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.10 11:32:20 | 005,367,202 | -H-- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.05.10 11:22:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.05.10 11:21:41 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis.lnk [2010.05.10 11:14:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.10 11:14:07 | 000,000,335 | -HS- | M] () -- C:\boot.ini [2010.05.10 11:14:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.10 11:00:35 | 000,001,518 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\CCleaner.lnk [2010.05.10 10:50:52 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.10 09:27:31 | 000,061,440 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll [2010.05.10 09:27:30 | 000,054,792 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys [2010.05.10 09:27:30 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2010.05.10 09:27:30 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys [2010.05.10 09:27:19 | 000,000,049 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.05.10 09:13:13 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.20 15:05:45 | 010,719,027 | ---- | M] () -- C:\cop.zip [2010.04.14 05:07:10 | 000,001,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.10 12:07:50 | 000,001,572 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.05.10 11:20:47 | 000,002,433 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis.lnk [2010.05.10 11:17:53 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.05.10 11:00:35 | 000,001,518 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\CCleaner.lnk [2010.05.10 10:50:52 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.10 09:27:19 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.05.10 09:13:13 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.06 12:39:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.05.06 12:39:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.05.06 12:39:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.05.06 12:39:16 | 000,077,312 | R--- | C] () -- C:\WINDOWS\MBR.exe [2010.05.06 12:39:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.04.14 05:07:10 | 000,001,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2009.11.04 16:33:21 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll [2009.03.18 17:17:32 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2009.03.18 17:16:34 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.23 23:18:45 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2007.08.06 13:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2007.07.06 14:04:07 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007.07.06 14:04:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007.05.23 15:12:35 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.05.22 16:40:36 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2007.04.12 16:42:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2007.04.03 15:00:23 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2007.04.03 14:52:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.03.05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007.02.23 11:27:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007.02.23 11:25:48 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2007.02.23 11:08:28 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.03.30 10:46:22 | 000,029,035 | ---- | C] () -- C:\WINDOWS\cstasp.ini [2001.10.28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2001.03.30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll < End of report > Code:
ATTFilter OTL logfile created on: 10.05.2010 14:49:50 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\xxxDesktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 42,32 Gb Free Space | 56,79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive I: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive M: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive P: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive S: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive T: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive U: | 465,66 Gb Total Space | 205,88 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Computer Name: xxx Current User Name: xxx NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Prevx\prevx.exe (Prevx) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Programme\Symantec AntiVirus\SmcGui.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Backup Exec System Recovery\Agent\VProTray.exe (Symantec Corporation) PRC - C:\Programme\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.) PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDUpdate.exe (Safer Networking Limited) PRC - C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.10 12:07:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.10 12:07:40 | 000,000,000 | ---D | M] [2009.03.30 14:54:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2010.05.10 12:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\9d1yxpk1.default\extensions [2010.05.10 12:09:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\9d1yxpk1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.05.10 12:11:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\9d1yxpk1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.10 12:25:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.04.03 15:14:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.09.13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CCMSDK.dll [2009.09.13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CgpCore.dll [2009.09.13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\confmgr.dll [2009.09.13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\ctxlogging.dll [2009.09.13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npicaN.dll [2005.06.25 17:08:08 | 006,153,728 | ---- | M] (VideoLAN Team) -- C:\Programme\Mozilla Firefox\plugins\npvlc.dll [2009.09.13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\TcpPServ.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.04.21 08:49:27 | 000,305,259 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10509 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [Symantec Backup Exec System Recovery 2010] C:\Programme\Symantec\Backup Exec System Recovery\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O15 - HKCU\..Trusted Domains: google.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: google.com ([mail] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: immobilienscout24.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: superantispyware.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241594555898 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_18) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxSYSTEM.DE O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.24 14:43:07 | 000,000,031 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.10 14:49:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.05.10 12:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads [2010.05.10 11:20:46 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.05.10 11:19:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.05.10 11:07:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent [2010.05.10 10:51:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.10 10:50:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.10 10:50:49 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.05.10 10:50:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2010.05.10 09:27:31 | 000,061,440 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll [2010.05.10 09:27:30 | 000,054,792 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys [2010.05.10 09:27:30 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2010.05.10 09:27:30 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys [2010.05.10 09:27:29 | 000,000,000 | ---D | C] -- C:\Programme\Prevx [2010.05.10 09:27:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrevxCSI [2010.05.10 09:13:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2010.05.10 09:13:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.10 09:13:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.10 09:13:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.10 09:13:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.10 09:10:32 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.05.06 12:39:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.05.06 12:39:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.05.06 12:39:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.05.06 12:39:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.05.06 12:39:08 | 000,000,000 | --SD | C] -- C:\ComboFix [2010.05.06 12:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.10 14:49:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.05.10 14:03:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.05.10 12:14:37 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.05.10 12:14:33 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.05.10 12:14:22 | 000,000,280 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini [2010.05.10 12:14:08 | 005,505,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT [2010.05.10 12:07:50 | 000,001,572 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.05.10 11:36:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.10 11:35:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.10 11:32:20 | 005,367,202 | -H-- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.05.10 11:22:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.05.10 11:21:41 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis.lnk [2010.05.10 11:14:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.10 11:14:07 | 000,000,335 | -HS- | M] () -- C:\boot.ini [2010.05.10 11:14:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.10 11:00:35 | 000,001,518 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\CCleaner.lnk [2010.05.10 10:50:52 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.10 09:27:31 | 000,061,440 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll [2010.05.10 09:27:30 | 000,054,792 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys [2010.05.10 09:27:30 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2010.05.10 09:27:30 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys [2010.05.10 09:27:19 | 000,000,049 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.05.10 09:13:13 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.20 15:05:45 | 010,719,027 | ---- | M] () -- C:\cop.zip [2010.04.14 05:07:10 | 000,001,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.10 12:07:50 | 000,001,572 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.05.10 11:20:47 | 000,002,433 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis.lnk [2010.05.10 11:17:53 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.05.10 11:00:35 | 000,001,518 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\CCleaner.lnk [2010.05.10 10:50:52 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.10 09:27:19 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.05.10 09:13:13 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.06 12:39:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.05.06 12:39:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.05.06 12:39:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.05.06 12:39:16 | 000,077,312 | R--- | C] () -- C:\WINDOWS\MBR.exe [2010.05.06 12:39:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.04.14 05:07:10 | 000,001,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2009.11.04 16:33:21 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll [2009.03.18 17:17:32 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2009.03.18 17:16:34 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.23 23:18:45 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2007.08.06 13:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2007.07.06 14:04:07 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007.07.06 14:04:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007.05.23 15:12:35 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2007.05.22 16:40:36 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2007.04.12 16:42:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2007.04.03 15:00:23 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2007.04.03 14:52:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.03.05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007.02.23 11:27:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007.02.23 11:25:48 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2007.02.23 11:08:28 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.03.30 10:46:22 | 000,029,035 | ---- | C] () -- C:\WINDOWS\cstasp.ini [2001.10.28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2001.03.30 22:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll < End of report > Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:21:58, on 10.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Symantec AntiVirus\Smc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\LogMeIn\x86\RaMaint.exe C:\Programme\LogMeIn\x86\LogMeIn.exe C:\Programme\LogMeIn\x86\LMIGuardian.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\vmnat.exe C:\Programme\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Programme\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\LogMeIn\x86\LogMeInSystray.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\VMware\VMware Workstation\vmware-tray.exe C:\Programme\Citrix\ICA Client\concentr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Symantec\Backup Exec System Recovery\Agent\VProTray.exe C:\Programme\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Citrix\ICA Client\wfcrun32.exe C:\Programme\Symantec AntiVirus\SmcGui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programme\Prevx\prevx.exe C:\Programme\Prevx\prevx.exe C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.6-delta.exe c:\4a3c5e67e19194cd26cc1e\mrtstub.exe C:\WINDOWS\system32\MRT.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://xxxx-9:30464/xxxxsportal O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programme\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [vmware-tray] "C:\Programme\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Programme\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Backup Exec System Recovery 2010] "C:\Programme\Symantec\Backup Exec System Recovery\Agent\VProTray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI699F~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware workstation\vsocklib.dll O15 - Trusted Zone: hxxp://www.immobilienscout24.de O15 - Trusted Zone: hxxp://www.superantispyware.com O15 - Trusted IP range: hxxp://217.175.232.208 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241594555898 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxxSYSTEM.DE O17 - HKLM\Software\..\Telephony: DomainName = xxxxSYSTEM.DE O17 - HKLM\System\CCS\Services\Tcpip\..\{81F7093D-BC3A-472E-BC15-1B844946C29E}: NameServer = 192.51.32.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xxxxSYSTEM.DE O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Backup Exec System Recovery - Symantec Corporation - C:\Programme\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe O23 - Service: CSIScanner - Prevx - C:\Programme\Prevx\prevx.exe O23 - Service: GenericMount Helper Service - Symantec - C:\Programme\Symantec\Backup Exec System Recovery\Shared\Drivers\GenericMountHelper.exe O23 - Service: Google Update Service (gupdate1c9a0c72696d508) (gupdate1c9a0c72696d508) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programme\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programme\LogMeIn\x86\LogMeIn.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Programme\Symantec AntiVirus\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Programme\Symantec AntiVirus\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymSnapService - Symantec - C:\Programme\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 11158 bytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4085
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10.05.2010 10:41:07
mbam-log-2010-05-10 (10-41-07).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152707
Laufzeit: 10 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Geändert von shorts77 (10.05.2010 um 14:50 Uhr) |
| Themen zu Logs sauber? Bitte überprüfen |
| 0 bytes, 0x00000001, acroiehelper.dll, adblock, adobe, antivirus, bho, browseui preloader, components, einstellungen, error, excel, excel.exe, exe datei, explorer, firefox, firefox 3.6.3, firefox.exe, gupdate, hijack, hkus\s-1-5-18, installation, location, logfile, malwarebytes' anti-malware, microsoft office 2003, mozilla, notebook, nvidia, object, oldtimer, otl log, otl logfile, otl.exe, pdf, performance, plug-in, realtek, registry, rootkit, rundll, safer networking, scan, searchplugins, senden, server, server 2003, software, system recovery |
Baum-Darstellung