IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)...

Reissdorf79 · 19.06.2010, 08:12

Guten Morgen!

Habe seit gestern immer wieder einen aufgehenden ie. Da bei mir der FIrefox Standart ist, hats mich zumindest gestern noch nicht gestört... Hier mal die Ergebnisse, die Ihr auchbei den anderen User haben wolltet, die damit zu kämpfen haben. (btw: Super-Dau

)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4214

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19.06.2010 08:57:04
mbam-log-2010-06-19 (08-57-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123338
Laufzeit: 10 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 10

Infizierte Speicherprozesse:
C:\Users\*******\AppData\Local\Temp\Ctl.exe (Trojan.FraudPack) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FraudPack) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\*****\AppData\Roaming\pridl (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\*****\AppData\Local\Temp\Ctl.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Local\Temp\Ctj.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Local\Temp\Ctm.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Local\Temp\Cto.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Uninstall.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\*****\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

So... Nachdem löschen fordert Malwarebytes zum Neustart auf... Soll ich das machen? (Befehl: Bestimmte Objekte konnten nicht entfernt werden. Eine Logdatei wurde im Logdatei-Verzeichnis gespeichert. Der Computer muss neu gestartet werden, um den Entfernungsprozess abzuschließen. Möchten Sie den Neustart jetzt durchführen?

Danach würde ich dann den OTL Bericht Posten. Oder andere Befehle ausführen

Gruß
Reissdorf

Larusso · 19.06.2010, 12:10

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt

Reissdorf79 · 19.06.2010, 17:07

Hier die OTl.Txt...

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.06.2010 17:39:45 - Run 2
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\*****\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,05 Gb Total Space | 5,63 Gb Free Space | 4,11% Space Free | Partition Type: NTFS
Drive D: | 6,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
PRC - C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (sisagp) -- C:\Windows\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (DVBT_Loader) -- C:\Windows\System32\drivers\DVBT_Loader.sys (anchor chips)
DRV - (GenDTV) -- C:\Windows\System32\drivers\Geniausb.sys (Windows (R) 2000 DDK provider)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.packardbell.com/?id=9283
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: contact@searchfiles.de:1.3
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 17:48:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:15:05 | 000,000,000 | ---D | M]
 
[2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.06.19 00:50:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions
[2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.08 15:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.05.29 18:39:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.05.29 18:39:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.01 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\contact@searchfiles.de
[2010.05.29 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\personas@christopher.beard
[2010.04.01 22:56:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2010.04.01 22:36:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\SkipScreen@SkipScreen
[2010.05.08 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\youtube2mp3@mondayx.de
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\mebdgxfo.default\searchplugins\conduit.xml
[2010.05.25 21:15:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.25 21:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.03.13 12:02:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.13 12:02:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.13 12:02:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.13 12:02:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.13 12:02:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google\Google_BAE\BAE.dll (Packard Bell)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Halo2] C:\Users\*****~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O13 - gopher Prefix: missing
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232315708398 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 04:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.19 09:24:10 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Defiance
[2010.06.19 08:36:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2010.06.19 08:36:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.19 08:36:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.19 08:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.19 08:36:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.19 08:20:33 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2010.06.19 07:50:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\milk
[2010.06.19 01:29:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys
[2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Vso
[2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\PcSetup
[2010.06.19 01:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVDFab
[2010.06.19 01:29:12 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 7
[2010.06.17 21:32:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\t680t328briver
[2010.06.17 20:00:32 | 000,000,000 | ---D | C] -- C:\Programme\Driver
[2010.06.17 19:31:52 | 000,000,000 | ---D | C] -- C:\dvbdream
[2010.06.17 19:23:07 | 000,000,000 | ---D | C] -- C:\Programme\AMC2000
[2010.06.16 22:32:39 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\John_Sinclair_Classics_-_Folge_01_-_Der_Anfang
[2010.06.16 21:52:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Sebastian Fitzek - Der Augensammler
[2010.06.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc3
[2010.06.12 10:49:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc2
[2010.06.07 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Mango_Enterprise_-_http__
[2010.06.06 21:34:36 | 000,000,000 | ---D | C] -- C:\Programme\Toshiba
[2010.06.06 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\TOSHIBA_v5.10.02
[2010.06.06 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\wwm
[2010.06.06 20:44:22 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\1000 Handy Games fuer alle java faehigen handys
[2010.06.04 23:16:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Stefanie_Heinzmann_-_Roots_to_Grow-2009-MOD
[2010.06.03 12:00:27 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Miller, Henry
[2010.05.26 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Die_Drei_Fragezeichen-F138_Die_Geheime_Treppe-AUDIOBOOK-DE-2010-VOiCE
[2010.05.25 21:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.25 21:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.05.13 11:49:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\NeroVision
[2010.05.02 23:03:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SharePod
[2010.05.02 10:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.29 20:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Veetle
[2010.04.29 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira
[2010.04.29 20:01:54 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.29 20:01:54 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.25 19:10:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\DVD Profiler
[2010.04.25 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVD Profiler
[2010.04.25 19:09:35 | 000,000,000 | ---D | C] -- C:\Programme\DVD Profiler
[2010.04.25 17:21:41 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.25 17:21:40 | 000,000,000 | ---D | C] -- C:\Programme\Winload
[2010.04.25 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\*****\Application Data
[2010.04.24 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\VLN 24.04.2010
[2010.04.22 19:42:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Designer
[2010.04.22 19:40:58 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2010.04.22 19:40:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.04.13 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Opera
[2010.04.13 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Opera
[2010.04.13 22:42:08 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2010.04.13 22:41:27 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2010.04.13 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.04.13 21:46:41 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.03.27 23:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4
[1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.19 17:39:05 | 002,621,440 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT
[2010.06.19 17:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-*****.job
[2010.06.19 17:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-*****.job
[2010.06.19 17:28:21 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.19 17:28:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.19 12:04:27 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.19 12:04:26 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.19 12:04:26 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.19 12:04:26 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.19 12:04:26 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.19 11:57:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 11:57:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 11:57:16 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.19 11:57:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.19 11:57:03 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.19 11:54:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.19 11:54:45 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TMContainer00000000000000000001.regtrans-ms
[2010.06.19 11:54:45 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TM.blf
[2010.06.19 11:54:42 | 006,291,456 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db
[2010.06.19 08:20:45 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2010.06.19 01:29:23 | 000,087,608 | ---- | M] () -- C:\Users\*****\AppData\Roaming\inst.exe
[2010.06.19 01:29:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys
[2010.06.19 01:29:23 | 000,007,887 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat
[2010.06.19 01:29:23 | 000,001,144 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf
[2010.06.17 23:04:36 | 000,102,466 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_230409.reg
[2010.06.17 20:25:52 | 000,310,078 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_202524.reg
[2010.06.17 19:38:46 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2010.06.09 20:33:59 | 001,596,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.09 19:56:41 | 000,027,136 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 21:42:59 | 000,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010.06.06 11:52:09 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2010.05.21 07:37:35 | 001,238,528 | ---- | M] () -- C:\Users\*****\Desktop\ADPJS.ppt
[2010.05.03 18:37:16 | 000,055,392 | ---- | M] () -- C:\Users\*****\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.05.02 10:48:25 | 000,001,411 | ---- | M] () -- C:\Users\*****\Desktop\DivX Movies.lnk
[2010.05.02 10:47:44 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.05.02 10:47:12 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.25 21:38:37 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.04.25 19:09:38 | 000,000,909 | ---- | M] () -- C:\Users\*****\Desktop\DVD Profiler.lnk
[2010.04.23 23:17:37 | 000,055,392 | ---- | M] () -- C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.22 19:44:10 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.04.22 19:43:35 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010.04.22 19:42:16 | 000,001,883 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.03.28 01:06:33 | 000,001,656 | ---- | M] () -- C:\Users\*****\Desktop\Zattoo.lnk
[1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.19 01:31:41 | 000,000,034 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.log
[2010.06.19 01:29:23 | 000,087,608 | ---- | C] () -- C:\Users\*****\AppData\Roaming\inst.exe
[2010.06.19 01:29:23 | 000,007,887 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat
[2010.06.19 01:29:23 | 000,001,144 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf
[2010.06.17 23:04:11 | 000,102,466 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_230409.reg
[2010.06.17 20:25:34 | 000,310,078 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_202524.reg
[2010.06.17 19:38:46 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2010.06.06 21:36:36 | 000,000,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010.05.20 21:14:49 | 001,238,528 | ---- | C] () -- C:\Users\*****\Desktop\ADPJS.ppt
[2010.05.02 10:48:25 | 000,001,411 | ---- | C] () -- C:\Users\*****\Desktop\DivX Movies.lnk
[2010.05.02 10:47:44 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.05.02 10:47:12 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.04.29 19:32:46 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.29 19:32:41 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.25 19:09:38 | 000,000,909 | ---- | C] () -- C:\Users\*****\Desktop\DVD Profiler.lnk
[2010.04.22 19:44:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.22 19:42:16 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.03.27 23:01:28 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2009.10.22 22:52:18 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2009.10.20 20:59:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.01 19:40:03 | 000,000,096 | ---- | C] () -- C:\Windows\buhl.ini
[2009.04.26 17:38:47 | 000,000,804 | ---- | C] () -- C:\Windows\wiso.ini
[2009.04.23 22:11:04 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2008.08.11 20:57:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.18 15:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2009.04.26 17:39:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service
[2010.01.31 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EscapeTheMuseum2
[2009.12.21 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2010.06.11 23:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2010.04.13 22:42:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2008.12.25 02:50:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Packard Bell
[2009.05.28 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\saveTV
[2010.05.02 23:03:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SharePod
[2009.03.15 19:52:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TomTom
[2010.04.25 19:06:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TVcentral-Core
[2010.06.19 01:31:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Vso
[2010.04.25 19:05:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WatchTVProEx
[2009.03.08 18:33:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zylom
[2010.06.19 17:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-*****.job
[2010.06.19 17:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-*****.job
[2010.06.19 11:54:58 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.08.11 20:57:22 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2008.04.23 17:10:04 | 000,002,916 | ---- | M] () -- C:\files.crc
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010.06.19 11:57:03 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008.12.25 23:19:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.12.25 23:19:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.06.19 11:56:57 | 2324,119,552 | -HS- | M] () -- C:\pagefile.sys
[2009.09.01 19:15:46 | 000,000,033 | ---- | M] () -- C:\ProgDVB.ini
[2008.08.11 11:41:09 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2008.08.11 11:40:28 | 000,000,086 | ---- | M] () -- C:\sis19x.log
[2009.10.27 23:25:07 | 000,394,626 | ---- | M] () -- C:\temp.raw
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.19 01:29:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:16D6A4F5AB524BFF
< End of report >

--- --- ---

Es kommt/öffnet sich keine Extra.Txt...

Larusso · 19.06.2010, 17:20

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Gmer ist geeignet für => NT/W2K/XP/VISTA.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Reissdorf79 · 19.06.2010, 18:48

So... ich hoffe ich habe alles richtig gemacht:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-19 19:36:57
Windows 6.0.6002 Service Pack 2
Running: ef9n80ex.exe; Driver: C:\Users\*****~1\AppData\Local\Temp\afryqaob.sys


---- System - GMER 1.0.15 ----

SSDT            A3C9AC9F                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                        81CF9D84 4 Bytes  [9F, AC, C9, A3]
?               System32\drivers\mojdflll.sys                                                                        Das System kann den angegebenen Pfad nicht finden. !
                C:\Program Files\CyberLink\PlayMovie\000.fcl                                                         entry point in "" section [0xA6514000]
.clc            C:\Program Files\CyberLink\PlayMovie\000.fcl                                                         unknown last section [0xA6515000, 0x1000, 0x00000000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74787817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [747DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [7478BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [7477F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [747875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7477E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [747B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [7478DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [7477FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7477FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [747771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7480CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [747AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [7477D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74776853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7477687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74782AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5012c6                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5012c6@0022988a6041             0x27 0x78 0xC0 0x61 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd5012c6 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd5012c6@0022988a6041                 0x27 0x78 0xC0 0x61 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

Larusso · 19.06.2010, 19:19

Schritt 1

Die *** sind zu editieren.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
O4 - HKCU..\Run: [Halo2] C:\Users\*****~1\AppData\Local\Temp\sshnas21.DLL File not found
[2010.04.25 17:21:41 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.06.19 01:29:23 | 000,087,608 | ---- | M] () -- C:\Users\*****\AppData\Roaming\inst.exe
@Alternate Data Stream - 24 bytes -> C:\Windows:16D6A4F5AB524BFF
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

Schritt 3

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
Otlfix Log
Combofix.txt
OTL.txt
Extras.txt

Reissdorf79 · 19.06.2010, 19:53

Was heißt die **** sind zu editieren? Da hab ich meinen Namen überschrieben.... sind das die Fehler? Wenn ja führ ich alles so aus, wie Du gesagt hast.... btw: Der ie geht seit Malwarebytes nicht mehr auf....

Larusso · 19.06.2010, 19:57

Ne ich hab ein script geschrieben, da stehen nun auch die *** drinnen. diese gehören ersetzt da das tool den Pfad der Dateien nicht finden wird.

Das mit dem IE sehen wir uns nachher an.

Reissdorf79 · 19.06.2010, 20:57

So... hab fast (vieleciht) alles richtig gemacht:

Hab beim ersten durchlauf bei OTL die **** nicht editiert... also 2 Berichte:

ocesses killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 deleted successfully.
C:\Programme\Conduit\Community Alerts folder moved successfully.
Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot.
File C:\Users\*****\AppData\Roaming\inst.exe not found.
ADS C:\Windows:16D6A4F5AB524BFF deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: *****
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 123129205 bytes
->Java cache emptied: 207345339 bytes
->FireFox cache emptied: 42567813 bytes
->Flash cache emptied: 9659 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71926 bytes
RecycleBin emptied: 3715012 bytes

Total Files Cleaned = 359,00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06192010_205741

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot.

Registry entries deleted on Reboot...

und hier der Bericht editiert:

rocesses killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 not found.
Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot.
C:\Users\*****\AppData\Roaming\inst.exe moved successfully.
Unable to delete ADS C:\Windows:16D6A4F5AB524BFF .
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: *****
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10085527 bytes
->Flash cache emptied: 434 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3487 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10,00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06192010_210835

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-06-18.03 - ***** 19.06.2010  21:24:02.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.1916.1024 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix123.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-05-19 bis 2010-06-19  ))))))))))))))))))))))))))))))
.

2010-06-19 19:30 . 2010-06-19 19:31	--------	d-----w-	c:\users\*****\AppData\Local\temp
2010-06-19 19:30 . 2010-06-19 19:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-19 18:57 . 2010-06-19 18:57	--------	d-----w-	C:\_OTL
2010-06-19 06:36 . 2010-06-19 06:36	--------	d-----w-	c:\users\*****\AppData\Roaming\Malwarebytes
2010-06-19 06:36 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 06:36 . 2010-06-19 06:36	--------	d-----w-	c:\programdata\Malwarebytes
2010-06-19 06:36 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-19 06:36 . 2010-06-19 06:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-18 23:29 . 2010-06-18 23:31	--------	d-----w-	c:\users\*****\AppData\Roaming\Vso
2010-06-18 23:29 . 2010-06-18 23:29	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2010-06-18 23:29 . 2010-06-18 23:29	47360	----a-w-	c:\users\*****\AppData\Roaming\pcouffin.sys
2010-06-18 23:29 . 2010-06-18 23:29	--------	d-----w-	c:\program files\DVDFab 7
2010-06-17 18:00 . 2010-06-17 18:00	--------	d-----w-	c:\program files\Driver
2010-06-17 17:31 . 2010-06-17 17:33	--------	d-----w-	C:\dvbdream
2010-06-17 17:23 . 2010-06-17 18:17	--------	d-----w-	c:\program files\AMC2000
2010-06-07 19:47 . 2010-06-07 19:47	--------	d-----w-	c:\users\*****\AppData\Local\Mango_Enterprise_-_http__
2010-06-06 19:34 . 2010-06-06 19:34	--------	d-----w-	c:\program files\Toshiba
2010-05-25 19:17 . 2010-05-25 19:17	--------	d-----w-	c:\program files\Common Files\Java
2010-05-25 19:17 . 2010-04-23 14:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-05-25 19:15 . 2010-04-12 15:29	411368	----a-w-	c:\windows\system32\deployJava1.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 19:17 . 2008-08-11 19:04	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-06-19 19:17 . 2008-08-11 19:04	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-06-19 19:08 . 2008-12-24 18:36	12	----a-w-	c:\windows\bthservsdp.dat
2010-06-19 18:57 . 2010-04-25 15:21	--------	d-----w-	c:\program files\Conduit
2010-06-19 16:15 . 2009-01-11 15:57	--------	d-----w-	c:\programdata\DVD Shrink
2010-06-17 18:29 . 2008-08-11 09:40	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-06-17 18:28 . 2009-05-25 17:05	5311698	----a-w-	c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-06-17 18:20 . 2008-08-11 09:51	--------	d-----w-	c:\program files\Google
2010-06-17 17:44 . 2009-07-24 11:15	--------	d-----w-	c:\program files\ProgDVB
2010-06-11 21:04 . 2009-10-18 08:46	--------	d-----w-	c:\users\*****\AppData\Roaming\ICQ
2010-06-09 18:30 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-06-08 20:00 . 2009-08-02 09:34	--------	d-----w-	c:\users\*****\AppData\Roaming\DivX
2010-05-26 17:06 . 2010-06-08 19:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-08 19:13	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-25 19:14 . 2009-03-29 18:06	--------	d-----w-	c:\program files\Java
2010-05-21 12:14 . 2009-10-02 16:40	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-04 19:15 . 2010-06-08 19:13	834048	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-08 19:13	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-05-02 21:03 . 2010-05-02 21:03	--------	d-----w-	c:\users\*****\AppData\Roaming\SharePod
2010-05-02 08:48 . 2010-05-02 08:48	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-02 08:48 . 2010-05-02 08:48	56766	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-02 08:48 . 2010-05-02 08:43	--------	d-----w-	c:\programdata\DivX
2010-05-02 08:48 . 2009-05-24 14:06	--------	d-----w-	c:\program files\DivX
2010-05-02 08:48 . 2009-05-24 14:06	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-05-02 08:48 . 2010-05-02 08:48	56978	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-05-02 08:48 . 2010-05-02 08:48	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-05-02 08:48 . 2010-05-02 08:48	57679	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-05-02 08:46 . 2010-05-02 08:46	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-02 08:46 . 2010-05-02 08:46	56969	----a-w-	c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-02 08:43 . 2010-05-02 08:43	144696	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-02 08:43 . 2010-05-02 08:48	754984	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-05-02 08:43 . 2010-05-02 08:48	1180952	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-01 14:13 . 2010-06-08 19:13	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-04-29 20:05 . 2010-04-13 20:41	--------	d-----w-	c:\program files\Opera
2010-04-29 18:32 . 2010-04-29 18:32	--------	d-----w-	c:\program files\Veetle
2010-04-29 18:07 . 2010-04-29 18:07	--------	d-----w-	c:\users\*****\AppData\Roaming\Avira
2010-04-26 17:46 . 2010-04-25 15:21	--------	d-----w-	c:\program files\Winload
2010-04-25 17:09 . 2010-04-25 17:09	--------	d-----w-	c:\program files\DVD Profiler
2010-04-25 17:08 . 2009-04-26 15:37	--------	d-----w-	c:\program files\Common Files\Buhl Data Service
2010-04-25 17:06 . 2009-09-01 17:40	--------	d-----w-	c:\users\*****\AppData\Roaming\TVcentral-Core
2010-04-25 17:05 . 2009-08-02 09:33	--------	d-----w-	c:\users\*****\AppData\Roaming\WatchTVProEx
2010-04-23 21:17 . 2008-12-24 18:19	55392	----a-w-	c:\users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-05 17:01 . 2010-06-08 19:13	67072	----a-w-	c:\windows\system32\asycfilt.dll
2010-03-31 01:58 . 2008-08-11 09:46	133616	------w-	c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2008-08-11 09:46	125424	------w-	c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2008-08-11 09:46	123888	------w-	c:\windows\system32\pxcpyi64.exe
2008-08-11 19:09 . 2008-08-11 19:09	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-02-22 552960]
"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19	207360	----a-w-	c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-04-11 21:22	196608	------w-	c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent]
2008-03-21 18:56	143360	------w-	c:\program files\CyberLink\PowerCinema\PCMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-03-31 08:51	172032	----a-w-	c:\program files\CyberLink\PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 05:22	1826816	----a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-05-07 12:36	247144	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-20 16:20	28672	----a-w-	c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2a,48,d0,92,8d,52,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
R3 DVBT_Loader;DVB-T Adapter firmware loader;c:\windows\system32\Drivers\DVBT_Loader.sys [2006-07-13 44800]
R3 GenDTV;DVB-T receiver Driver;c:\windows\system32\Drivers\Geniausb.sys [2006-06-23 84992]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-07-27 351232]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-12-07 453632]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04	8192	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners

2010-06-19 c:\windows\Tasks\Erweiterte Garantie-*****.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-08-11 10:13]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 17:32]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 17:32]

2010-06-19 c:\windows\Tasks\Recovery DVD Creator-*****.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-11 10:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mebdgxfo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-19 21:31
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Zeit der Fertigstellung: 2010-06-19  21:33:23
ComboFix-quarantined-files.txt  2010-06-19 19:33

Vor Suchlauf: 13 Verzeichnis(se), 14.290.100.224 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 17.307.996.160 Bytes frei

- - End Of File - - 2E2F41F0ABD8FF3CE8CEB2330137B64E

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.06.2010 21:37:44 - Run 3
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\*****\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,05 Gb Total Space | 16,16 Gb Free Space | 11,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
PRC - C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (sisagp) -- C:\Windows\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (DVBT_Loader) -- C:\Windows\System32\drivers\DVBT_Loader.sys (anchor chips)
DRV - (GenDTV) -- C:\Windows\System32\drivers\Geniausb.sys (Windows (R) 2000 DDK provider)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: contact@searchfiles.de:1.3
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 17:48:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:15:05 | 000,000,000 | ---D | M]
 
[2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.06.19 00:50:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions
[2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.08 15:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.05.29 18:39:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.05.29 18:39:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.01 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\contact@searchfiles.de
[2010.05.29 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\personas@christopher.beard
[2010.04.01 22:56:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2010.04.01 22:36:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\SkipScreen@SkipScreen
[2010.05.08 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\youtube2mp3@mondayx.de
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\mebdgxfo.default\searchplugins\conduit.xml
[2010.05.25 21:15:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.25 21:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.03.13 12:02:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.13 12:02:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.13 12:02:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.13 12:02:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.13 12:02:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.19 21:30:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google\Google_BAE\BAE.dll (Packard Bell)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232315708398 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.19 21:33:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.06.19 21:33:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.06.19 21:33:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\temp
[2010.06.19 21:21:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.06.19 21:21:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.06.19 21:21:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.06.19 21:21:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.06.19 21:21:00 | 000,000,000 | ---D | C] -- C:\ComboFix123
[2010.06.19 21:20:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.19 21:20:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.06.19 20:57:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.19 08:36:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2010.06.19 08:36:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.19 08:36:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.19 08:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.19 08:36:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.19 08:20:33 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2010.06.19 01:29:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys
[2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Vso
[2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\PcSetup
[2010.06.19 01:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVDFab
[2010.06.19 01:29:12 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 7
[2010.06.17 21:32:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\t680t328briver
[2010.06.17 20:00:32 | 000,000,000 | ---D | C] -- C:\Programme\Driver
[2010.06.17 19:31:52 | 000,000,000 | ---D | C] -- C:\dvbdream
[2010.06.17 19:23:07 | 000,000,000 | ---D | C] -- C:\Programme\AMC2000
[2010.06.16 22:32:39 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\John_Sinclair_Classics_-_Folge_01_-_Der_Anfang
[2010.06.16 21:52:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Sebastian Fitzek - Der Augensammler
[2010.06.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc3
[2010.06.12 10:49:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc2
[2010.06.08 21:13:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.08 21:13:53 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.08 21:13:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.08 21:13:45 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.08 21:13:44 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.06.08 21:13:44 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.08 21:13:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.06.08 21:13:37 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.07 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Mango_Enterprise_-_http__
[2010.06.06 21:34:36 | 000,000,000 | ---D | C] -- C:\Programme\Toshiba
[2010.06.06 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\TOSHIBA_v5.10.02
[2010.06.04 23:16:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Stefanie_Heinzmann_-_Roots_to_Grow-2009-MOD
[2010.06.03 12:00:27 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Miller, Henry
[2010.05.26 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Die_Drei_Fragezeichen-F138_Die_Geheime_Treppe-AUDIOBOOK-DE-2010-VOiCE
[2010.05.25 21:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.25 21:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.05.25 21:17:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.25 21:15:05 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.05.25 21:15:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.05.25 21:15:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.05.25 21:15:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.19 21:37:37 | 002,621,440 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT
[2010.06.19 21:31:05 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.06.19 21:30:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.06.19 21:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-*****.job
[2010.06.19 21:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-*****.job
[2010.06.19 21:17:08 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.19 21:17:08 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.19 21:17:08 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.19 21:17:08 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.19 21:17:08 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.19 21:16:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.19 21:10:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 21:10:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 21:10:10 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.19 21:10:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.19 21:10:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.19 21:10:01 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.19 21:08:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.19 21:08:44 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TMContainer00000000000000000001.regtrans-ms
[2010.06.19 21:08:44 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TM.blf
[2010.06.19 20:55:45 | 003,715,012 | R--- | M] () -- C:\Users\*****\Desktop\ComboFix123.exe
[2010.06.19 19:38:09 | 001,927,404 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db
[2010.06.19 18:23:09 | 000,293,376 | ---- | M] () -- C:\Users\*****\Desktop\ef9n80ex.exe
[2010.06.19 08:20:45 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2010.06.19 01:29:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys
[2010.06.19 01:29:23 | 000,007,887 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat
[2010.06.19 01:29:23 | 000,001,144 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf
[2010.06.17 23:04:36 | 000,102,466 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_230409.reg
[2010.06.17 20:25:52 | 000,310,078 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_202524.reg
[2010.06.17 19:38:46 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2010.06.09 20:33:59 | 001,596,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.09 19:56:41 | 000,027,136 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 21:42:59 | 000,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010.06.06 11:52:09 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2010.05.26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.21 07:37:35 | 001,238,528 | ---- | M] () -- C:\Users\*****\Desktop\ADPJS.ppt
[1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.19 21:21:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.06.19 21:21:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.06.19 21:21:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.06.19 21:21:04 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.06.19 21:21:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.06.19 20:55:39 | 003,715,012 | R--- | C] () -- C:\Users\*****\Desktop\ComboFix123.exe
[2010.06.19 18:23:06 | 000,293,376 | ---- | C] () -- C:\Users\*****\Desktop\ef9n80ex.exe
[2010.06.19 01:31:41 | 000,000,034 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.log
[2010.06.19 01:29:23 | 000,007,887 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat
[2010.06.19 01:29:23 | 000,001,144 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf
[2010.06.17 23:04:11 | 000,102,466 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_230409.reg
[2010.06.17 20:25:34 | 000,310,078 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_202524.reg
[2010.06.17 19:38:46 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2010.06.06 21:36:36 | 000,000,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010.04.22 19:44:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.22 22:52:18 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2009.10.20 20:59:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.01 19:40:03 | 000,000,096 | ---- | C] () -- C:\Windows\buhl.ini
[2009.04.26 17:38:47 | 000,000,804 | ---- | C] () -- C:\Windows\wiso.ini
[2009.04.23 22:11:04 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2008.08.11 20:57:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.18 15:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 19.06.2010 21:37:44 - Run 3
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\*****\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,05 Gb Total Space | 16,16 Gb Free Space | 11,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18A352D1-7320-4FA0-B32D-9EB3A5717D75}" = rport=139 | protocol=6 | dir=out | app=system | 
"{260D2C28-00DC-4D2C-9CCF-CB07AD3850FC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4B0D467D-E991-464F-BDFC-09B321CA818B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4F411467-457B-456F-827B-90D6C3EE47E0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{66F235F4-D869-4177-89C8-6A6C876AC67E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7B7FD6E2-B600-4161-96E7-BF26E20FC848}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8753CA5F-BFFB-4113-9D54-AFB294AB700A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DEA08378-C348-4B3F-BFBA-08BF5E844A12}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ED777BB1-BE03-4395-ACE2-4F40B9A4811F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F400EE87-6514-41E1-A133-87B0A688467E}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042D8DED-F234-4AF9-8BB9-CF8167EC26D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{09CE619F-0331-4A00-99A0-04EF6FBE5E59}" = dir=in | app=c:\program files\cyberlink\playmovie\pmvservice.exe | 
"{40F16749-2014-43A1-9CE8-CD4CB7E58826}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | 
"{48DF4209-FC4B-406B-A03B-036212F5D794}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{566D1BC1-C223-4B70-8996-A94522BA5E56}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe | 
"{9FB99FDF-4F07-40F6-90E7-E0B058B45980}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AFBB4E90-1C35-43C1-BA61-1D572A648433}" = dir=in | app=c:\program files\cyberlink\playmovie\playmovie.exe | 
"{B8F578F4-423A-4C41-964C-EA9F8D6BBEBE}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe | 
"{BF8B1674-AA17-4BB3-BDB4-EC5F7F2507F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C36B5FA8-9EF0-4D05-B717-3F0C1AD91E85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DCA96E4B-F416-419E-80E3-9A442B9732AE}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe | 
"{EECFD67A-FD71-4DA7-9C84-9F73A75BFF24}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{0AE2BBEB-C34A-4F28-AC40-478C3AA32A72}C:\program files\progdvb\progdvbnet.exe" = protocol=6 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | 
"TCP Query User{20EFDA74-3031-47A3-B290-9183C2470CF7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{22FBB13F-DD97-4EE3-A949-DC10508CD052}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{29FE9840-E12F-4014-ABF4-78AA3A84035C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{3344EB71-9A8C-4BAA-B68C-561B95DA6612}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{3BC628C3-7820-41D2-BEF7-31B06F1F9633}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | 
"TCP Query User{44D9E08E-5394-4A81-ADC1-4C68F982B284}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | 
"TCP Query User{62C52104-E27A-44F7-8436-D4AF69D6D8C9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{66C78630-CC65-4D47-BCD1-6EC1493292C3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{8A273679-CAB5-4DC5-9AEC-5C0471137141}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{A230BC83-A911-493B-9BD0-48D05445FFD7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{A4B02D25-CEAB-49B1-842C-BDA2D0818CFD}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{B8DD51F3-17F5-4792-BE85-3D4D21B783BD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{F5C8E625-42B8-46B2-A607-5396059E3F86}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{0F0766F1-FAF7-4FE2-8DE7-6DEDAD5D3DD8}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | 
"UDP Query User{124DAF3B-9886-43D2-8B35-083968F75B22}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{3F2C753C-F803-472B-8BB1-675B4FA3FE55}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | 
"UDP Query User{492D52B6-2E39-48C1-A156-9901B45B7CB2}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{6138D00C-43FA-4DFB-83B0-2A76E9CCA483}C:\program files\progdvb\progdvbnet.exe" = protocol=17 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | 
"UDP Query User{6568C2CA-710A-4901-8AE4-BD1DFAE4774D}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{685EF35C-60E3-4F4D-A1AB-2D870B5E709A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{6BB093EF-CF71-443A-A366-E34B75D1D4E6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{6FB8879D-342F-4E0D-88F5-3E9445CEB0FE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{9062B275-1E2E-439F-ABA8-A51E44D4AA12}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{A9485396-4663-4684-87DD-34E42509CF41}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{AB66E8C7-2922-45F6-AADC-A7EC79DD2C94}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{EB67035C-BFC0-4BE3-81B6-A57BFBA20B26}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{EDC8DA24-BE57-4634-94E1-1400651246E3}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5B161EDB-F927-4F30-BE04-AD955AFBDF8B}" = Driver Instll 32-bit
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{84ACBCA0-E149-4830-97E6-107D70D9CA0A}" = WISO Steuer 2008
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{980B9958-1239-4FC5-8C88-AC5650321031}" = Nero 8 Essentials
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobePE6" = Adobe Photoshop Elements 6
"AdobeReader" = Adobe Reader 8
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Betsson" = Betsson (remove only)
"Carbonite" = Carbonite
"Carbonite Setup Lite" = Sichern Sie Ihre Daten
"CCleaner" = CCleaner (remove only)
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
"GoogleBAE" = Google BAE
"GoogleToolbar" = Google Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0.0.1
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"InstallShield_{5B161EDB-F927-4F30-BE04-AD955AFBDF8B}" = Driver Instll 32-bit
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.6.1
"LCDTest" = Packard Bell LCD Test
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"METABOLI" = Metaboli
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero8" = Nero 8 Essentials
"PartyPokerNet" = PartyPokerNet
"Picasa 3" = Picasa 3
"Picasa_2" = Picasa2
"PokerStars" = PokerStars
"PowerCinema6" = Power Cinema 6
"ProgDVB" = ProgDVB
"SETUPMYPC_DE" = SetUp My PC
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SiS VGA Utilities" = SiS VGA Utilities
"Skat 3000 Special Edition_is1" = Skat 3000 SE
"SKYPE" = Skype 3.6.2.248
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.4.1962
"Updator" = Packard Bell Updator
"Veetle TV" = Veetle TV 0.9.17
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"57daec2035483565" = Save.TV EasyRecord DownloadManager
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Larusso · 20.06.2010, 12:23

Schritt 1

Software mit Revo Uninstaller deinstallieren

Downloade Dir bitte den Revo Uninstaller

Doppelklick auf die revosetup.exe.
Installiere das Tool in den vorgegebenen Pfad.
Doppelklick auf das Revo Uninstall Icon.
Suche Dir nun folgende Software aus der Code-Box.
Code:
ATTFilter
```
BufferChm
Google BAE
Google Toolbar
         
```
Klicke darauf und bestätige mit Ja.
Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
Klick auf den Markiere alle Button und klick auf löschen und bestätige mit Ja.

Bebilderte Anleitung

Starte den Rechner neu auf.

Schritt 2

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\mebdgxfo.default\searchplugins\conduit.xml
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[emptyflash]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3

Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter
Als alternative würde ich dir den schlankeren Foxit Reader empfehlen

Schritt 4

Infos zu Pokerspielen

Party Poker, PartyCasino, Ultimate Bet, EmpirePoker und andere Poker-Websites (Liste schädlicher Pokerseiten) beinhalten das Risiko, dass Du Dir beim Besuch der Seiten Malware auf den Rechner holst. In vielen Fällen werden ungefragt Plugins installiert, die weitere Parasiten "nachladen". Mir derzeit bekannte sichere Alternativen sind PokerStars und Pogo.com. Meine Empfehlung lautet, alle anderen über Systemsteuerung => Software zu deinstallieren.

Schritt 5

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Schritt 6

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Signaturen werden heruntergeladen.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Schritt 7

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Bitte poste in Deiner nächsten Antwort
OTLfix Log
MBAM Logfile
Eset Logfile
OTL.txt
Berichte wie der Rechner läuft

Reissdorf79 · 20.06.2010, 13:14

Bevor ich starte eine Frage:

BufferChm
Google BAE
Google Toolbar

Google BAE und Google Toolbar findet Revo.... BufferChm steht nicht in der Liste... Soll ich ohne fortfahren?

Larusso · 20.06.2010, 14:03

Ja das deinstallieren wir dann anders

Reissdorf79 · 20.06.2010, 19:54

Machs lieber in 2 Schritten:

Der 2. OTL Bericht folgt gleich....

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\mebdgxfo.default\searchplugins\conduit.xml moved successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: *****
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3927635 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3487 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: *****
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06202010_181032

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4218

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20.06.2010 18:30:24
mbam-log-2010-06-20 (18-30-24).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 124834
Laufzeit: 7 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=66ce7b6de4ed884fa6d19d2499158d1d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-20 05:55:21
# local_time=2010-06-20 07:55:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 1198844 51948565 102419 0
# compatibility_mode=5892 16776573 100 100 0 114584773 0 0
# compatibility_mode=8192 67108863 100 0 275 275 0 0
# compatibility_mode=9217 16777214 0 9 5860673 5860673 0 0
# scanned=140316
# found=0
# cleaned=0
# scan_time=4519

Reissdorf79 · 20.06.2010, 20:05

Ich werde einem Rechner nie wieder meinen eigenen Namen gebene.... da wirst Du ja wahnsinnig mit den ganzen Sternen.....

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.06.2010 20:10:00 - Run 4
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\*****\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,05 Gb Total Space | 10,26 Gb Free Space | 7,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (sisagp) -- C:\Windows\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (DVBT_Loader) -- C:\Windows\System32\drivers\DVBT_Loader.sys (anchor chips)
DRV - (GenDTV) -- C:\Windows\System32\drivers\Geniausb.sys (Windows (R) 2000 DDK provider)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: contact@searchfiles.de:1.3
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 17:48:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.20 18:17:42 | 000,000,000 | ---D | M]
 
[2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.06.20 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions
[2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.08 15:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.05.29 18:39:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.05.29 18:39:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.01 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\contact@searchfiles.de
[2010.05.29 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\personas@christopher.beard
[2010.04.01 22:56:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2010.04.01 22:36:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\SkipScreen@SkipScreen
[2010.05.08 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\youtube2mp3@mondayx.de
[2010.05.25 21:15:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.25 21:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.03.13 12:02:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.13 12:02:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.13 12:02:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.13 12:02:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.13 12:02:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.19 21:30:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232315708398 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.20 18:35:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.06.20 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\87294-ie-oeffnet-von-selber-malwarebytes-otl-ergebnisse-folgen-Dateien
[2010.06.20 14:10:55 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2010.06.19 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc4
[2010.06.19 21:33:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.06.19 21:33:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.06.19 21:33:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\temp
[2010.06.19 21:21:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.06.19 21:21:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.06.19 21:21:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.06.19 21:21:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.06.19 21:21:00 | 000,000,000 | ---D | C] -- C:\ComboFix123
[2010.06.19 21:20:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.19 21:20:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.06.19 20:57:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.19 08:36:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2010.06.19 08:36:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.19 08:36:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.19 08:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.19 08:36:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.19 08:20:33 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2010.06.19 01:29:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys
[2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Vso
[2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\PcSetup
[2010.06.19 01:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVDFab
[2010.06.19 01:29:12 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 7
[2010.06.17 21:32:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\t680t328briver
[2010.06.17 20:00:32 | 000,000,000 | ---D | C] -- C:\Programme\Driver
[2010.06.17 19:31:52 | 000,000,000 | ---D | C] -- C:\dvbdream
[2010.06.17 19:23:07 | 000,000,000 | ---D | C] -- C:\Programme\AMC2000
[2010.06.16 22:32:39 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\John_Sinclair_Classics_-_Folge_01_-_Der_Anfang
[2010.06.16 21:52:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Sebastian Fitzek - Der Augensammler
[2010.06.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc3
[2010.06.12 10:49:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc2
[2010.06.07 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Mango_Enterprise_-_http__
[2010.06.06 21:34:36 | 000,000,000 | ---D | C] -- C:\Programme\Toshiba
[2010.06.06 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\TOSHIBA_v5.10.02
[2010.06.04 23:16:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Stefanie_Heinzmann_-_Roots_to_Grow-2009-MOD
[2010.06.03 12:00:27 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Miller, Henry
[2010.05.26 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Die_Drei_Fragezeichen-F138_Die_Geheime_Treppe-AUDIOBOOK-DE-2010-VOiCE
[2010.05.25 21:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.25 21:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.05.13 11:49:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\NeroVision
[2010.05.02 23:03:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SharePod
[2010.05.02 10:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.29 20:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Veetle
[2010.04.29 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira
[2010.04.29 20:01:54 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.29 20:01:54 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.25 19:10:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\DVD Profiler
[2010.04.25 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVD Profiler
[2010.04.25 19:09:35 | 000,000,000 | ---D | C] -- C:\Programme\DVD Profiler
[2010.04.25 17:21:40 | 000,000,000 | ---D | C] -- C:\Programme\Winload
[2010.04.25 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\*****\Application Data
[2010.04.24 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\VLN 24.04.2010
[2010.04.22 19:42:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Designer
[2010.04.22 19:40:58 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2010.04.22 19:40:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.04.13 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Opera
[2010.04.13 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Opera
[2010.04.13 22:42:08 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2010.04.13 22:41:27 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2010.04.13 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.04.13 21:46:41 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.03.27 23:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4
[1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.20 20:11:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.20 20:11:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.20 20:08:29 | 002,621,440 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT
[2010.06.20 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-*****.job
[2010.06.20 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-*****.job
[2010.06.20 19:16:07 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.20 18:34:23 | 002,672,312 | ---- | M] () -- C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
[2010.06.20 18:20:23 | 005,082,883 | ---- | M] () -- C:\Users\*****\Desktop\FoxitReader331_enu.zip
[2010.06.20 18:18:41 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.20 18:18:41 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.20 18:18:41 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.20 18:18:41 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.20 18:18:41 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.20 18:11:52 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.20 18:11:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.20 18:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.20 18:11:43 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.20 18:10:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.20 18:10:37 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TMContainer00000000000000000001.regtrans-ms
[2010.06.20 18:10:37 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TM.blf
[2010.06.20 17:57:56 | 002,934,570 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db
[2010.06.20 17:57:30 | 000,236,838 | ---- | M] () -- C:\Users\*****\Desktop\87294-ie-oeffnet-von-selber-malwarebytes-otl-ergebnisse-folgen.html
[2010.06.20 14:10:56 | 000,001,060 | ---- | M] () -- C:\Users\*****\Desktop\Revo Uninstaller.lnk
[2010.06.19 23:44:08 | 000,028,160 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 22:17:55 | 002,252,057 | ---- | M] () -- C:\Users\*****\Desktop\Bild 025.jpg
[2010.06.19 22:17:35 | 002,317,088 | ---- | M] () -- C:\Users\*****\Desktop\Bild 024.jpg
[2010.06.19 21:31:05 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.06.19 21:30:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.06.19 20:55:45 | 003,715,012 | R--- | M] () -- C:\Users\*****\Desktop\ComboFix123.exe
[2010.06.19 18:23:09 | 000,293,376 | ---- | M] () -- C:\Users\*****\Desktop\ef9n80ex.exe
[2010.06.19 08:20:45 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2010.06.19 01:29:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys
[2010.06.19 01:29:23 | 000,007,887 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat
[2010.06.19 01:29:23 | 000,001,144 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf
[2010.06.17 23:04:36 | 000,102,466 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_230409.reg
[2010.06.17 20:25:52 | 000,310,078 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_202524.reg
[2010.06.17 19:38:46 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2010.06.09 20:33:59 | 001,596,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.06 21:42:59 | 000,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010.06.06 11:52:09 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2010.05.21 07:37:35 | 001,238,528 | ---- | M] () -- C:\Users\*****\Desktop\ADPJS.ppt
[2010.05.03 18:37:16 | 000,055,392 | ---- | M] () -- C:\Users\*****\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.05.02 10:48:25 | 000,001,411 | ---- | M] () -- C:\Users\*****\Desktop\DivX Movies.lnk
[2010.05.02 10:47:44 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.05.02 10:47:12 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010.04.25 19:09:38 | 000,000,909 | ---- | M] () -- C:\Users\*****\Desktop\DVD Profiler.lnk
[2010.04.23 23:17:37 | 000,055,392 | ---- | M] () -- C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.22 19:44:10 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.04.22 19:43:35 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini
[2010.04.22 19:42:16 | 000,001,883 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.03.28 01:06:33 | 000,001,656 | ---- | M] () -- C:\Users\*****\Desktop\Zattoo.lnk
[1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.20 18:34:12 | 002,672,312 | ---- | C] () -- C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
[2010.06.20 18:20:01 | 005,082,883 | ---- | C] () -- C:\Users\*****\Desktop\FoxitReader331_enu.zip
[2010.06.20 17:57:27 | 000,236,838 | ---- | C] () -- C:\Users\*****\Desktop\87294-ie-oeffnet-von-selber-malwarebytes-otl-ergebnisse-folgen.html
[2010.06.20 14:10:56 | 000,001,060 | ---- | C] () -- C:\Users\*****\Desktop\Revo Uninstaller.lnk
[2010.06.19 22:17:46 | 002,252,057 | ---- | C] () -- C:\Users\*****\Desktop\Bild 025.jpg
[2010.06.19 22:17:24 | 002,317,088 | ---- | C] () -- C:\Users\*****\Desktop\Bild 024.jpg
[2010.06.19 21:21:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.06.19 21:21:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.06.19 21:21:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.06.19 21:21:04 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.06.19 21:21:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.06.19 20:55:39 | 003,715,012 | R--- | C] () -- C:\Users\*****\Desktop\ComboFix123.exe
[2010.06.19 18:23:06 | 000,293,376 | ---- | C] () -- C:\Users\*****\Desktop\ef9n80ex.exe
[2010.06.19 01:31:41 | 000,000,034 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.log
[2010.06.19 01:29:23 | 000,007,887 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat
[2010.06.19 01:29:23 | 000,001,144 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf
[2010.06.17 23:04:11 | 000,102,466 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_230409.reg
[2010.06.17 20:25:34 | 000,310,078 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_202524.reg
[2010.06.17 19:38:46 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2010.06.06 21:36:36 | 000,000,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010.05.20 21:14:49 | 001,238,528 | ---- | C] () -- C:\Users\*****\Desktop\ADPJS.ppt
[2010.05.02 10:48:25 | 000,001,411 | ---- | C] () -- C:\Users\*****\Desktop\DivX Movies.lnk
[2010.05.02 10:47:44 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.05.02 10:47:12 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.04.29 19:32:46 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.29 19:32:41 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.25 19:09:38 | 000,000,909 | ---- | C] () -- C:\Users\*****\Desktop\DVD Profiler.lnk
[2010.04.22 19:44:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.22 19:42:16 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.03.27 23:01:28 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2009.10.22 22:52:18 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2009.10.20 20:59:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.01 19:40:03 | 000,000,096 | ---- | C] () -- C:\Windows\buhl.ini
[2009.04.26 17:38:47 | 000,000,804 | ---- | C] () -- C:\Windows\wiso.ini
[2009.04.23 22:11:04 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2008.08.11 20:57:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.18 15:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2009.04.26 17:39:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service
[2010.01.31 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EscapeTheMuseum2
[2009.12.21 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2010.06.11 23:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2010.04.13 22:42:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2008.12.25 02:50:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Packard Bell
[2009.05.28 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\saveTV
[2010.05.02 23:03:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SharePod
[2009.03.15 19:52:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TomTom
[2010.04.25 19:06:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TVcentral-Core
[2010.06.19 01:31:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Vso
[2010.04.25 19:05:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WatchTVProEx
[2009.03.08 18:33:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zylom
[2010.06.20 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-*****.job
[2010.06.20 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-*****.job
[2010.06.20 18:10:39 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Reissdorf79 · 20.06.2010, 20:07

Ach so: Habe das Gefühl, das mein Rechner bedeutend besser läuft....

20.06.2010, 14:03	#12
Larusso /// Selecta Jahrusso	IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Ja das deinstallieren wir dann anders __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)...

Log-Analyse und Auswertung: IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)...