|
Log-Analyse und Auswertung: IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.06.2010, 08:12 | #1 |
| IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Guten Morgen! Habe seit gestern immer wieder einen aufgehenden ie. Da bei mir der FIrefox Standart ist, hats mich zumindest gestern noch nicht gestört... Hier mal die Ergebnisse, die Ihr auchbei den anderen User haben wolltet, die damit zu kämpfen haben. (btw: Super-Dau ) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4214 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 19.06.2010 08:57:04 mbam-log-2010-06-19 (08-57-04).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 123338 Laufzeit: 10 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 10 Infizierte Speicherprozesse: C:\Users\*******\AppData\Local\Temp\Ctl.exe (Trojan.FraudPack) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FraudPack) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Users\*****\AppData\Roaming\pridl (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\*****\AppData\Local\Temp\Ctl.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Temp\Ctj.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Temp\Ctm.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Temp\Cto.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Uninstall.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. So... Nachdem löschen fordert Malwarebytes zum Neustart auf... Soll ich das machen? (Befehl: Bestimmte Objekte konnten nicht entfernt werden. Eine Logdatei wurde im Logdatei-Verzeichnis gespeichert. Der Computer muss neu gestartet werden, um den Entfernungsprozess abzuschließen. Möchten Sie den Neustart jetzt durchführen? Danach würde ich dann den OTL Bericht Posten. Oder andere Befehle ausführen Gruß Reissdorf |
19.06.2010, 12:10 | #2 |
/// Selecta Jahrusso | IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)...Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs %SYSTEMDRIVE%\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\user32.dll /md5 %systemroot%\system32\ws2_32.dll /md5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs
Bitte poste in Deiner nächsten Antwort OTL.txt Extras.txt
__________________ |
19.06.2010, 17:07 | #3 |
| IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Hier die OTl.Txt...
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.06.2010 17:39:45 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\*****\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,05 Gb Total Space | 5,63 Gb Free Space | 4,11% Space Free | Partition Type: NTFS Drive D: | 6,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) PRC - C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation) PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (sisagp) -- C:\Windows\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (DVBT_Loader) -- C:\Windows\System32\drivers\DVBT_Loader.sys (anchor chips) DRV - (GenDTV) -- C:\Windows\System32\drivers\Geniausb.sys (Windows (R) 2000 DDK provider) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.packardbell.com/?id=9283 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo FF - prefs.js..extensions.enabledItems: contact@searchfiles.de:1.3 FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 17:48:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:15:05 | 000,000,000 | ---D | M] [2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.06.19 00:50:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions [2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.08.08 15:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.05.29 18:39:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.05.29 18:39:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.01 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\contact@searchfiles.de [2010.05.29 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\personas@christopher.beard [2010.04.01 22:56:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\rsDownloadHelper@yevgenyandrov.net [2010.04.01 22:36:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\SkipScreen@SkipScreen [2010.05.08 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\youtube2mp3@mondayx.de [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\mebdgxfo.default\searchplugins\conduit.xml [2010.05.25 21:15:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.25 21:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.03.13 12:02:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 12:02:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 12:02:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 12:02:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 12:02:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google\Google_BAE\BAE.dll (Packard Bell) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Halo2] C:\Users\*****~1\AppData\Local\Temp\sshnas21.DLL File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O13 - gopher Prefix: missing O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232315708398 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 04:46:39 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.06.19 09:24:10 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Defiance [2010.06.19 08:36:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.06.19 08:36:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.19 08:36:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.19 08:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.19 08:36:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.19 08:20:33 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.06.19 07:50:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\milk [2010.06.19 01:29:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys [2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Vso [2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\PcSetup [2010.06.19 01:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVDFab [2010.06.19 01:29:12 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 7 [2010.06.17 21:32:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\t680t328briver [2010.06.17 20:00:32 | 000,000,000 | ---D | C] -- C:\Programme\Driver [2010.06.17 19:31:52 | 000,000,000 | ---D | C] -- C:\dvbdream [2010.06.17 19:23:07 | 000,000,000 | ---D | C] -- C:\Programme\AMC2000 [2010.06.16 22:32:39 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\John_Sinclair_Classics_-_Folge_01_-_Der_Anfang [2010.06.16 21:52:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Sebastian Fitzek - Der Augensammler [2010.06.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc3 [2010.06.12 10:49:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc2 [2010.06.07 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Mango_Enterprise_-_http__ [2010.06.06 21:34:36 | 000,000,000 | ---D | C] -- C:\Programme\Toshiba [2010.06.06 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\TOSHIBA_v5.10.02 [2010.06.06 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\wwm [2010.06.06 20:44:22 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\1000 Handy Games fuer alle java faehigen handys [2010.06.04 23:16:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Stefanie_Heinzmann_-_Roots_to_Grow-2009-MOD [2010.06.03 12:00:27 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Miller, Henry [2010.05.26 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Die_Drei_Fragezeichen-F138_Die_Geheime_Treppe-AUDIOBOOK-DE-2010-VOiCE [2010.05.25 21:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.05.25 21:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.05.13 11:49:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\NeroVision [2010.05.02 23:03:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SharePod [2010.05.02 10:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.04.29 20:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Veetle [2010.04.29 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira [2010.04.29 20:01:54 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.04.29 20:01:54 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.25 19:10:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\DVD Profiler [2010.04.25 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVD Profiler [2010.04.25 19:09:35 | 000,000,000 | ---D | C] -- C:\Programme\DVD Profiler [2010.04.25 17:21:41 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.04.25 17:21:40 | 000,000,000 | ---D | C] -- C:\Programme\Winload [2010.04.25 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\*****\Application Data [2010.04.24 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\VLN 24.04.2010 [2010.04.22 19:42:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Designer [2010.04.22 19:40:58 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew [2010.04.22 19:40:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.04.13 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Opera [2010.04.13 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Opera [2010.04.13 22:42:08 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs [2010.04.13 22:41:27 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2010.04.13 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.04.13 21:46:41 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.03.27 23:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4 [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.06.19 17:39:05 | 002,621,440 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT [2010.06.19 17:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-*****.job [2010.06.19 17:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-*****.job [2010.06.19 17:28:21 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.19 17:28:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.19 12:04:27 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.19 12:04:26 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.19 12:04:26 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.19 12:04:26 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.19 12:04:26 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.19 11:57:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 11:57:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 11:57:16 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.19 11:57:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.19 11:57:03 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys [2010.06.19 11:54:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.06.19 11:54:45 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TMContainer00000000000000000001.regtrans-ms [2010.06.19 11:54:45 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TM.blf [2010.06.19 11:54:42 | 006,291,456 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.06.19 08:20:45 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.06.19 01:29:23 | 000,087,608 | ---- | M] () -- C:\Users\*****\AppData\Roaming\inst.exe [2010.06.19 01:29:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys [2010.06.19 01:29:23 | 000,007,887 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat [2010.06.19 01:29:23 | 000,001,144 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf [2010.06.17 23:04:36 | 000,102,466 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_230409.reg [2010.06.17 20:25:52 | 000,310,078 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_202524.reg [2010.06.17 19:38:46 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk [2010.06.09 20:33:59 | 001,596,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.09 19:56:41 | 000,027,136 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.06 21:42:59 | 000,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010.06.06 11:52:09 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2010.05.21 07:37:35 | 001,238,528 | ---- | M] () -- C:\Users\*****\Desktop\ADPJS.ppt [2010.05.03 18:37:16 | 000,055,392 | ---- | M] () -- C:\Users\*****\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010.05.02 10:48:25 | 000,001,411 | ---- | M] () -- C:\Users\*****\Desktop\DivX Movies.lnk [2010.05.02 10:47:44 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.05.02 10:47:12 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.25 21:38:37 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2010.04.25 19:09:38 | 000,000,909 | ---- | M] () -- C:\Users\*****\Desktop\DVD Profiler.lnk [2010.04.23 23:17:37 | 000,055,392 | ---- | M] () -- C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.22 19:44:10 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2010.04.22 19:43:35 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini [2010.04.22 19:42:16 | 000,001,883 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2010.03.28 01:06:33 | 000,001,656 | ---- | M] () -- C:\Users\*****\Desktop\Zattoo.lnk [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.19 01:31:41 | 000,000,034 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.log [2010.06.19 01:29:23 | 000,087,608 | ---- | C] () -- C:\Users\*****\AppData\Roaming\inst.exe [2010.06.19 01:29:23 | 000,007,887 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat [2010.06.19 01:29:23 | 000,001,144 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf [2010.06.17 23:04:11 | 000,102,466 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_230409.reg [2010.06.17 20:25:34 | 000,310,078 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_202524.reg [2010.06.17 19:38:46 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk [2010.06.06 21:36:36 | 000,000,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010.05.20 21:14:49 | 001,238,528 | ---- | C] () -- C:\Users\*****\Desktop\ADPJS.ppt [2010.05.02 10:48:25 | 000,001,411 | ---- | C] () -- C:\Users\*****\Desktop\DivX Movies.lnk [2010.05.02 10:47:44 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.05.02 10:47:12 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.04.29 19:32:46 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.29 19:32:41 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.04.25 19:09:38 | 000,000,909 | ---- | C] () -- C:\Users\*****\Desktop\DVD Profiler.lnk [2010.04.22 19:44:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.04.22 19:42:16 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2010.03.27 23:01:28 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2009.10.22 22:52:18 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2009.10.20 20:59:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.01 19:40:03 | 000,000,096 | ---- | C] () -- C:\Windows\buhl.ini [2009.04.26 17:38:47 | 000,000,804 | ---- | C] () -- C:\Windows\wiso.ini [2009.04.23 22:11:04 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini [2008.08.11 20:57:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.06.18 15:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2009.04.26 17:39:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service [2010.01.31 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EscapeTheMuseum2 [2009.12.21 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2010.06.11 23:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.04.13 22:42:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera [2008.12.25 02:50:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Packard Bell [2009.05.28 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\saveTV [2010.05.02 23:03:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SharePod [2009.03.15 19:52:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TomTom [2010.04.25 19:06:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TVcentral-Core [2010.06.19 01:31:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Vso [2010.04.25 19:05:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WatchTVProEx [2009.03.08 18:33:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zylom [2010.06.19 17:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-*****.job [2010.06.19 17:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-*****.job [2010.06.19 11:54:58 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008.08.11 20:57:22 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2008.04.23 17:10:04 | 000,002,916 | ---- | M] () -- C:\files.crc [2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2010.06.19 11:57:03 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2008.12.25 23:19:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.12.25 23:19:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.06.19 11:56:57 | 2324,119,552 | -HS- | M] () -- C:\pagefile.sys [2009.09.01 19:15:46 | 000,000,033 | ---- | M] () -- C:\ProgDVB.ini [2008.08.11 11:41:09 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log [2008.08.11 11:40:28 | 000,000,086 | ---- | M] () -- C:\sis19x.log [2009.10.27 23:25:07 | 000,394,626 | ---- | M] () -- C:\temp.raw [2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.19 01:29:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys < %systemroot%\system32\user32.dll /md5 > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 04:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:16D6A4F5AB524BFF < End of report > Es kommt/öffnet sich keine Extra.Txt... |
19.06.2010, 17:20 | #4 |
/// Selecta Jahrusso | IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Bitte
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
19.06.2010, 18:48 | #5 |
| IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... So... ich hoffe ich habe alles richtig gemacht: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-06-19 19:36:57 Windows 6.0.6002 Service Pack 2 Running: ef9n80ex.exe; Driver: C:\Users\*****~1\AppData\Local\Temp\afryqaob.sys ---- System - GMER 1.0.15 ---- SSDT A3C9AC9F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 621 81CF9D84 4 Bytes [9F, AC, C9, A3] ? System32\drivers\mojdflll.sys Das System kann den angegebenen Pfad nicht finden. ! C:\Program Files\CyberLink\PlayMovie\000.fcl entry point in "" section [0xA6514000] .clc C:\Program Files\CyberLink\PlayMovie\000.fcl unknown last section [0xA6515000, 0x1000, 0x00000000] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74787817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7478BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7477F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7477E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7478DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7477FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7477FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7480CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7477D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74776853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7477687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74782AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5012c6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5012c6@0022988a6041 0x27 0x78 0xC0 0x61 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd5012c6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd5012c6@0022988a6041 0x27 0x78 0xC0 0x61 ... ---- EOF - GMER 1.0.15 ---- |
19.06.2010, 19:19 | #6 |
/// Selecta Jahrusso | IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Schritt 1 Die *** sind zu editieren.
Code:
ATTFilter :OTL FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" O4 - HKCU..\Run: [Halo2] C:\Users\*****~1\AppData\Local\Temp\sshnas21.DLL File not found [2010.04.25 17:21:41 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.06.19 01:29:23 | 000,087,608 | ---- | M] () -- C:\Users\*****\AppData\Roaming\inst.exe @Alternate Data Stream - 24 bytes -> C:\Windows:16D6A4F5AB524BFF :services :files :reg :Commands [purity] [emptytemp] [reboot]
Schritt 2 Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**
Schritt 3 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in Deiner nächsten Antwort Otlfix Log Combofix.txt OTL.txt Extras.txt
__________________ --> IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... |
19.06.2010, 19:53 | #7 |
| IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Was heißt die **** sind zu editieren? Da hab ich meinen Namen überschrieben.... sind das die Fehler? Wenn ja führ ich alles so aus, wie Du gesagt hast.... btw: Der ie geht seit Malwarebytes nicht mehr auf.... |
19.06.2010, 19:57 | #8 |
/// Selecta Jahrusso | IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Ne ich hab ein script geschrieben, da stehen nun auch die *** drinnen. diese gehören ersetzt da das tool den Pfad der Dateien nicht finden wird. Das mit dem IE sehen wir uns nachher an.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
19.06.2010, 20:57 | #9 |
| IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... So... hab fast (vieleciht) alles richtig gemacht: Hab beim ersten durchlauf bei OTL die **** nicht editiert... also 2 Berichte: ocesses killed ========== OTL ========== Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 deleted successfully. C:\Programme\Conduit\Community Alerts folder moved successfully. Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot. File C:\Users\*****\AppData\Roaming\inst.exe not found. ADS C:\Windows:16D6A4F5AB524BFF deleted successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ***** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 123129205 bytes ->Java cache emptied: 207345339 bytes ->FireFox cache emptied: 42567813 bytes ->Flash cache emptied: 9659 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 71926 bytes RecycleBin emptied: 3715012 bytes Total Files Cleaned = 359,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06192010_205741 Files\Folders moved on Reboot... Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot. Registry entries deleted on Reboot... und hier der Bericht editiert: rocesses killed ========== OTL ========== Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Halo2 not found. Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot. C:\Users\*****\AppData\Roaming\inst.exe moved successfully. Unable to delete ADS C:\Windows:16D6A4F5AB524BFF . ========== SERVICES/DRIVERS ========== ========== FILES ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ***** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 10085527 bytes ->Flash cache emptied: 434 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3487 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 10,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06192010_210835 Files\Folders moved on Reboot... Folder move failed. C:\Programme\Conduit scheduled to be moved on reboot. Registry entries deleted on Reboot... Combofix Logfile: Code:
ATTFilter ComboFix 10-06-18.03 - ***** 19.06.2010 21:24:02.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1916.1024 [GMT 2:00] ausgeführt von:: c:\users\*****\Desktop\ComboFix123.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Install.exe . ((((((((((((((((((((((( Dateien erstellt von 2010-05-19 bis 2010-06-19 )))))))))))))))))))))))))))))) . 2010-06-19 19:30 . 2010-06-19 19:31 -------- d-----w- c:\users\*****\AppData\Local\temp 2010-06-19 19:30 . 2010-06-19 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-19 18:57 . 2010-06-19 18:57 -------- d-----w- C:\_OTL 2010-06-19 06:36 . 2010-06-19 06:36 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes 2010-06-19 06:36 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 06:36 . 2010-06-19 06:36 -------- d-----w- c:\programdata\Malwarebytes 2010-06-19 06:36 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 06:36 . 2010-06-19 06:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-18 23:29 . 2010-06-18 23:31 -------- d-----w- c:\users\*****\AppData\Roaming\Vso 2010-06-18 23:29 . 2010-06-18 23:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-06-18 23:29 . 2010-06-18 23:29 47360 ----a-w- c:\users\*****\AppData\Roaming\pcouffin.sys 2010-06-18 23:29 . 2010-06-18 23:29 -------- d-----w- c:\program files\DVDFab 7 2010-06-17 18:00 . 2010-06-17 18:00 -------- d-----w- c:\program files\Driver 2010-06-17 17:31 . 2010-06-17 17:33 -------- d-----w- C:\dvbdream 2010-06-17 17:23 . 2010-06-17 18:17 -------- d-----w- c:\program files\AMC2000 2010-06-07 19:47 . 2010-06-07 19:47 -------- d-----w- c:\users\*****\AppData\Local\Mango_Enterprise_-_http__ 2010-06-06 19:34 . 2010-06-06 19:34 -------- d-----w- c:\program files\Toshiba 2010-05-25 19:17 . 2010-05-25 19:17 -------- d-----w- c:\program files\Common Files\Java 2010-05-25 19:17 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-25 19:15 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-19 19:17 . 2008-08-11 19:04 618442 ----a-w- c:\windows\system32\perfh007.dat 2010-06-19 19:17 . 2008-08-11 19:04 122842 ----a-w- c:\windows\system32\perfc007.dat 2010-06-19 19:08 . 2008-12-24 18:36 12 ----a-w- c:\windows\bthservsdp.dat 2010-06-19 18:57 . 2010-04-25 15:21 -------- d-----w- c:\program files\Conduit 2010-06-19 16:15 . 2009-01-11 15:57 -------- d-----w- c:\programdata\DVD Shrink 2010-06-17 18:29 . 2008-08-11 09:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-17 18:28 . 2009-05-25 17:05 5311698 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe 2010-06-17 18:20 . 2008-08-11 09:51 -------- d-----w- c:\program files\Google 2010-06-17 17:44 . 2009-07-24 11:15 -------- d-----w- c:\program files\ProgDVB 2010-06-11 21:04 . 2009-10-18 08:46 -------- d-----w- c:\users\*****\AppData\Roaming\ICQ 2010-06-09 18:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-08 20:00 . 2009-08-02 09:34 -------- d-----w- c:\users\*****\AppData\Roaming\DivX 2010-05-26 17:06 . 2010-06-08 19:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-08 19:13 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-25 19:14 . 2009-03-29 18:06 -------- d-----w- c:\program files\Java 2010-05-21 12:14 . 2009-10-02 16:40 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-04 19:15 . 2010-06-08 19:13 834048 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 18:37 . 2010-06-08 19:13 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-02 21:03 . 2010-05-02 21:03 -------- d-----w- c:\users\*****\AppData\Roaming\SharePod 2010-05-02 08:48 . 2010-05-02 08:48 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-02 08:48 . 2010-05-02 08:48 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-02 08:48 . 2010-05-02 08:43 -------- d-----w- c:\programdata\DivX 2010-05-02 08:48 . 2009-05-24 14:06 -------- d-----w- c:\program files\DivX 2010-05-02 08:48 . 2009-05-24 14:06 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-05-02 08:48 . 2010-05-02 08:48 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-05-02 08:48 . 2010-05-02 08:48 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-05-02 08:48 . 2010-05-02 08:48 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-05-02 08:46 . 2010-05-02 08:46 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-05-02 08:46 . 2010-05-02 08:46 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe 2010-05-02 08:43 . 2010-05-02 08:43 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-02 08:43 . 2010-05-02 08:48 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-05-02 08:43 . 2010-05-02 08:48 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-05-01 14:13 . 2010-06-08 19:13 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 20:05 . 2010-04-13 20:41 -------- d-----w- c:\program files\Opera 2010-04-29 18:32 . 2010-04-29 18:32 -------- d-----w- c:\program files\Veetle 2010-04-29 18:07 . 2010-04-29 18:07 -------- d-----w- c:\users\*****\AppData\Roaming\Avira 2010-04-26 17:46 . 2010-04-25 15:21 -------- d-----w- c:\program files\Winload 2010-04-25 17:09 . 2010-04-25 17:09 -------- d-----w- c:\program files\DVD Profiler 2010-04-25 17:08 . 2009-04-26 15:37 -------- d-----w- c:\program files\Common Files\Buhl Data Service 2010-04-25 17:06 . 2009-09-01 17:40 -------- d-----w- c:\users\*****\AppData\Roaming\TVcentral-Core 2010-04-25 17:05 . 2009-08-02 09:33 -------- d-----w- c:\users\*****\AppData\Roaming\WatchTVProEx 2010-04-23 21:17 . 2008-12-24 18:19 55392 ----a-w- c:\users\*****\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-05 17:01 . 2010-06-08 19:13 67072 ----a-w- c:\windows\system32\asycfilt.dll 2010-03-31 01:58 . 2008-08-11 09:46 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58 . 2008-08-11 09:46 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2008-08-11 09:46 123888 ------w- c:\windows\system32\pxcpyi64.exe 2008-08-11 19:09 . 2008-08-11 19:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-02-22 552960] "CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk backup=c:\windows\pss\TMMonitor.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-04-11 21:22 196608 ------w- c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent] 2008-03-21 18:56 143360 ------w- c:\program files\CyberLink\PowerCinema\PCMAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] 2008-03-31 08:51 172032 ----a-w- c:\program files\CyberLink\PlayMovie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-05-07 12:36 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):2a,48,d0,92,8d,52,ca,01 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176] R3 DVBT_Loader;DVB-T Adapter firmware loader;c:\windows\system32\Drivers\DVBT_Loader.sys [2006-07-13 44800] R3 GenDTV;DVB-T receiver Driver;c:\windows\system32\Drivers\Geniausb.sys [2006-06-23 84992] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-07-27 351232] S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-12-07 453632] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}] 2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Inhalt des "geplante Tasks" Ordners 2010-06-19 c:\windows\Tasks\Erweiterte Garantie-*****.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-08-11 10:13] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 17:32] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 17:32] 2010-06-19 c:\windows\Tasks\Recovery DVD Creator-*****.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-11 10:13] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 uInternet Settings,ProxyOverride = local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mebdgxfo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q= FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-06-19 21:31 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . Zeit der Fertigstellung: 2010-06-19 21:33:23 ComboFix-quarantined-files.txt 2010-06-19 19:33 Vor Suchlauf: 13 Verzeichnis(se), 14.290.100.224 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 17.307.996.160 Bytes frei - - End Of File - - 2E2F41F0ABD8FF3CE8CEB2330137B64E OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.06.2010 21:37:44 - Run 3 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\*****\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,05 Gb Total Space | 16,16 Gb Free Space | 11,79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) PRC - C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation) PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (sisagp) -- C:\Windows\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (DVBT_Loader) -- C:\Windows\System32\drivers\DVBT_Loader.sys (anchor chips) DRV - (GenDTV) -- C:\Windows\System32\drivers\Geniausb.sys (Windows (R) 2000 DDK provider) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo FF - prefs.js..extensions.enabledItems: contact@searchfiles.de:1.3 FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 17:48:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:15:05 | 000,000,000 | ---D | M] [2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.06.19 00:50:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions [2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.08.08 15:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.05.29 18:39:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.05.29 18:39:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.01 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\contact@searchfiles.de [2010.05.29 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\personas@christopher.beard [2010.04.01 22:56:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\rsDownloadHelper@yevgenyandrov.net [2010.04.01 22:36:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\SkipScreen@SkipScreen [2010.05.08 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\youtube2mp3@mondayx.de [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\mebdgxfo.default\searchplugins\conduit.xml [2010.05.25 21:15:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.25 21:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.03.13 12:02:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 12:02:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 12:02:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 12:02:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 12:02:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.19 21:30:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google\Google_BAE\BAE.dll (Packard Bell) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232315708398 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.19 21:33:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.06.19 21:33:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.06.19 21:33:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\temp [2010.06.19 21:21:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.06.19 21:21:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.06.19 21:21:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.06.19 21:21:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.06.19 21:21:00 | 000,000,000 | ---D | C] -- C:\ComboFix123 [2010.06.19 21:20:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.19 21:20:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.06.19 20:57:41 | 000,000,000 | ---D | C] -- C:\_OTL [2010.06.19 08:36:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.06.19 08:36:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.19 08:36:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.19 08:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.19 08:36:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.19 08:20:33 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.06.19 01:29:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys [2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Vso [2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\PcSetup [2010.06.19 01:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVDFab [2010.06.19 01:29:12 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 7 [2010.06.17 21:32:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\t680t328briver [2010.06.17 20:00:32 | 000,000,000 | ---D | C] -- C:\Programme\Driver [2010.06.17 19:31:52 | 000,000,000 | ---D | C] -- C:\dvbdream [2010.06.17 19:23:07 | 000,000,000 | ---D | C] -- C:\Programme\AMC2000 [2010.06.16 22:32:39 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\John_Sinclair_Classics_-_Folge_01_-_Der_Anfang [2010.06.16 21:52:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Sebastian Fitzek - Der Augensammler [2010.06.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc3 [2010.06.12 10:49:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc2 [2010.06.08 21:13:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.08 21:13:53 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.08 21:13:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.08 21:13:45 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.06.08 21:13:44 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.06.08 21:13:44 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.08 21:13:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.06.08 21:13:37 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.07 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Mango_Enterprise_-_http__ [2010.06.06 21:34:36 | 000,000,000 | ---D | C] -- C:\Programme\Toshiba [2010.06.06 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\TOSHIBA_v5.10.02 [2010.06.04 23:16:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Stefanie_Heinzmann_-_Roots_to_Grow-2009-MOD [2010.06.03 12:00:27 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Miller, Henry [2010.05.26 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Die_Drei_Fragezeichen-F138_Die_Geheime_Treppe-AUDIOBOOK-DE-2010-VOiCE [2010.05.25 21:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.05.25 21:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.05.25 21:17:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.25 21:15:05 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.05.25 21:15:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.05.25 21:15:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.05.25 21:15:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.19 21:37:37 | 002,621,440 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT [2010.06.19 21:31:05 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.06.19 21:30:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.06.19 21:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-*****.job [2010.06.19 21:30:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-*****.job [2010.06.19 21:17:08 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.19 21:17:08 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.19 21:17:08 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.19 21:17:08 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.19 21:17:08 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.19 21:16:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.19 21:10:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 21:10:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 21:10:10 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.19 21:10:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.19 21:10:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.19 21:10:01 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys [2010.06.19 21:08:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.06.19 21:08:44 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TMContainer00000000000000000001.regtrans-ms [2010.06.19 21:08:44 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TM.blf [2010.06.19 20:55:45 | 003,715,012 | R--- | M] () -- C:\Users\*****\Desktop\ComboFix123.exe [2010.06.19 19:38:09 | 001,927,404 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.06.19 18:23:09 | 000,293,376 | ---- | M] () -- C:\Users\*****\Desktop\ef9n80ex.exe [2010.06.19 08:20:45 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.06.19 01:29:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys [2010.06.19 01:29:23 | 000,007,887 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat [2010.06.19 01:29:23 | 000,001,144 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf [2010.06.17 23:04:36 | 000,102,466 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_230409.reg [2010.06.17 20:25:52 | 000,310,078 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_202524.reg [2010.06.17 19:38:46 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk [2010.06.09 20:33:59 | 001,596,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.09 19:56:41 | 000,027,136 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.06 21:42:59 | 000,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010.06.06 11:52:09 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2010.05.26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.21 07:37:35 | 001,238,528 | ---- | M] () -- C:\Users\*****\Desktop\ADPJS.ppt [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.19 21:21:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.06.19 21:21:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.06.19 21:21:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.06.19 21:21:04 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.06.19 21:21:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.06.19 20:55:39 | 003,715,012 | R--- | C] () -- C:\Users\*****\Desktop\ComboFix123.exe [2010.06.19 18:23:06 | 000,293,376 | ---- | C] () -- C:\Users\*****\Desktop\ef9n80ex.exe [2010.06.19 01:31:41 | 000,000,034 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.log [2010.06.19 01:29:23 | 000,007,887 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat [2010.06.19 01:29:23 | 000,001,144 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf [2010.06.17 23:04:11 | 000,102,466 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_230409.reg [2010.06.17 20:25:34 | 000,310,078 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_202524.reg [2010.06.17 19:38:46 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk [2010.06.06 21:36:36 | 000,000,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010.04.22 19:44:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.22 22:52:18 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2009.10.20 20:59:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.01 19:40:03 | 000,000,096 | ---- | C] () -- C:\Windows\buhl.ini [2009.04.26 17:38:47 | 000,000,804 | ---- | C] () -- C:\Windows\wiso.ini [2009.04.23 22:11:04 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini [2008.08.11 20:57:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.06.18 15:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.06.2010 21:37:44 - Run 3 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\*****\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,05 Gb Total Space | 16,16 Gb Free Space | 11,79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18A352D1-7320-4FA0-B32D-9EB3A5717D75}" = rport=139 | protocol=6 | dir=out | app=system | "{260D2C28-00DC-4D2C-9CCF-CB07AD3850FC}" = lport=445 | protocol=6 | dir=in | app=system | "{4B0D467D-E991-464F-BDFC-09B321CA818B}" = rport=137 | protocol=17 | dir=out | app=system | "{4F411467-457B-456F-827B-90D6C3EE47E0}" = lport=139 | protocol=6 | dir=in | app=system | "{66F235F4-D869-4177-89C8-6A6C876AC67E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7B7FD6E2-B600-4161-96E7-BF26E20FC848}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8753CA5F-BFFB-4113-9D54-AFB294AB700A}" = rport=138 | protocol=17 | dir=out | app=system | "{DEA08378-C348-4B3F-BFBA-08BF5E844A12}" = rport=445 | protocol=6 | dir=out | app=system | "{ED777BB1-BE03-4395-ACE2-4F40B9A4811F}" = lport=137 | protocol=17 | dir=in | app=system | "{F400EE87-6514-41E1-A133-87B0A688467E}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{042D8DED-F234-4AF9-8BB9-CF8167EC26D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{09CE619F-0331-4A00-99A0-04EF6FBE5E59}" = dir=in | app=c:\program files\cyberlink\playmovie\pmvservice.exe | "{40F16749-2014-43A1-9CE8-CD4CB7E58826}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | "{48DF4209-FC4B-406B-A03B-036212F5D794}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{566D1BC1-C223-4B70-8996-A94522BA5E56}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe | "{9FB99FDF-4F07-40F6-90E7-E0B058B45980}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{AFBB4E90-1C35-43C1-BA61-1D572A648433}" = dir=in | app=c:\program files\cyberlink\playmovie\playmovie.exe | "{B8F578F4-423A-4C41-964C-EA9F8D6BBEBE}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe | "{BF8B1674-AA17-4BB3-BDB4-EC5F7F2507F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C36B5FA8-9EF0-4D05-B717-3F0C1AD91E85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DCA96E4B-F416-419E-80E3-9A442B9732AE}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe | "{EECFD67A-FD71-4DA7-9C84-9F73A75BFF24}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{0AE2BBEB-C34A-4F28-AC40-478C3AA32A72}C:\program files\progdvb\progdvbnet.exe" = protocol=6 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | "TCP Query User{20EFDA74-3031-47A3-B290-9183C2470CF7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{22FBB13F-DD97-4EE3-A949-DC10508CD052}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{29FE9840-E12F-4014-ABF4-78AA3A84035C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{3344EB71-9A8C-4BAA-B68C-561B95DA6612}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{3BC628C3-7820-41D2-BEF7-31B06F1F9633}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | "TCP Query User{44D9E08E-5394-4A81-ADC1-4C68F982B284}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | "TCP Query User{62C52104-E27A-44F7-8436-D4AF69D6D8C9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{66C78630-CC65-4D47-BCD1-6EC1493292C3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{8A273679-CAB5-4DC5-9AEC-5C0471137141}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{A230BC83-A911-493B-9BD0-48D05445FFD7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{A4B02D25-CEAB-49B1-842C-BDA2D0818CFD}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{B8DD51F3-17F5-4792-BE85-3D4D21B783BD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{F5C8E625-42B8-46B2-A607-5396059E3F86}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{0F0766F1-FAF7-4FE2-8DE7-6DEDAD5D3DD8}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | "UDP Query User{124DAF3B-9886-43D2-8B35-083968F75B22}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{3F2C753C-F803-472B-8BB1-675B4FA3FE55}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | "UDP Query User{492D52B6-2E39-48C1-A156-9901B45B7CB2}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{6138D00C-43FA-4DFB-83B0-2A76E9CCA483}C:\program files\progdvb\progdvbnet.exe" = protocol=17 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | "UDP Query User{6568C2CA-710A-4901-8AE4-BD1DFAE4774D}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{685EF35C-60E3-4F4D-A1AB-2D870B5E709A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{6BB093EF-CF71-443A-A366-E34B75D1D4E6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{6FB8879D-342F-4E0D-88F5-3E9445CEB0FE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{9062B275-1E2E-439F-ABA8-A51E44D4AA12}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{A9485396-4663-4684-87DD-34E42509CF41}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{AB66E8C7-2922-45F6-AADC-A7EC79DD2C94}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{EB67035C-BFC0-4BE3-81B6-A57BFBA20B26}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{EDC8DA24-BE57-4634-94E1-1400651246E3}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009 "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20 "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX "{5B161EDB-F927-4F30-BE04-AD955AFBDF8B}" = Driver Instll 32-bit "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6 "{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{84ACBCA0-E149-4830-97E6-107D70D9CA0A}" = WISO Steuer 2008 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in "{980B9958-1239-4FC5-8C88-AC5650321031}" = Nero 8 Essentials "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1568757-E564-4cb5-8980-9333119A4384}" = F300 "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Adobe Shockwave Player" = Adobe Shockwave Player "AdobePE6" = Adobe Photoshop Elements 6 "AdobeReader" = Adobe Reader 8 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Betsson" = Betsson (remove only) "Carbonite" = Carbonite "Carbonite Setup Lite" = Sichern Sie Ihre Daten "CCleaner" = CCleaner (remove only) "DivX Setup.divx.com" = DivX-Setup "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010) "GoogleBAE" = Google BAE "GoogleToolbar" = Google Toolbar "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ImageWriter" = Packard Bell ImageWriter "Infocentre" = Infocentre Rev. 2.0.0.1 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema "InstallShield_{5B161EDB-F927-4F30-BE04-AD955AFBDF8B}" = Driver Instll 32-bit "InvelosDVDProfiler_is1" = DVD Profiler Version 3.6.1 "LCDTest" = Packard Bell LCD Test "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "METABOLI" = Metaboli "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Nero8" = Nero 8 Essentials "PartyPokerNet" = PartyPokerNet "Picasa 3" = Picasa 3 "Picasa_2" = Picasa2 "PokerStars" = PokerStars "PowerCinema6" = Power Cinema 6 "ProgDVB" = ProgDVB "SETUPMYPC_DE" = SetUp My PC "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SiS VGA Utilities" = SiS VGA Utilities "Skat 3000 Special Edition_is1" = Skat 3000 SE "SKYPE" = Skype 3.6.2.248 "SopCast" = SopCast 3.2.4 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TomTom HOME" = TomTom HOME 2.7.4.1962 "Updator" = Packard Bell Updator "Veetle TV" = Veetle TV 0.9.17 "WinRAR archiver" = WinRAR "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "57daec2035483565" = Save.TV EasyRecord DownloadManager ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
20.06.2010, 12:23 | #10 |
/// Selecta Jahrusso | IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Schritt 1 Software mit Revo Uninstaller deinstallieren Downloade Dir bitte den Revo Uninstaller
Bebilderte Anleitung Starte den Rechner neu auf. Schritt 2
Code:
ATTFilter :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825 FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\mebdgxfo.default\searchplugins\conduit.xml :services :files :reg :Commands [purity] [emptytemp] [emptyflash] [reboot]
Schritt 3 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter Als alternative würde ich dir den schlankeren Foxit Reader empfehlen Schritt 4 Infos zu Pokerspielen Party Poker, PartyCasino, Ultimate Bet, EmpirePoker und andere Poker-Websites (Liste schädlicher Pokerseiten) beinhalten das Risiko, dass Du Dir beim Besuch der Seiten Malware auf den Rechner holst. In vielen Fällen werden ungefragt Plugins installiert, die weitere Parasiten "nachladen". Mir derzeit bekannte sichere Alternativen sind PokerStars und Pogo.com. Meine Empfehlung lautet, alle anderen über Systemsteuerung => Software zu deinstallieren. Schritt 5 Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan) Downloade Dir bitte Malwarebytes
Schritt 6 Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 7 Starte bitte OTL.exe und klicke auf den Quick Scan Button. Bitte poste in Deiner nächsten Antwort OTLfix Log MBAM Logfile Eset Logfile OTL.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
20.06.2010, 13:14 | #11 |
| IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Bevor ich starte eine Frage: BufferChm Google BAE Google Toolbar Google BAE und Google Toolbar findet Revo.... BufferChm steht nicht in der Liste... Soll ich ohne fortfahren? |
20.06.2010, 14:03 | #12 |
/// Selecta Jahrusso | IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Ja das deinstallieren wir dann anders
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
20.06.2010, 19:54 | #13 |
| IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Machs lieber in 2 Schritten: Der 2. OTL Bericht folgt gleich.... All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\mebdgxfo.default\searchplugins\conduit.xml moved successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ***** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3927635 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3487 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: ***** ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06202010_181032 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4218 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 20.06.2010 18:30:24 mbam-log-2010-06-20 (18-30-24).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 124834 Laufzeit: 7 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=66ce7b6de4ed884fa6d19d2499158d1d # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-06-20 05:55:21 # local_time=2010-06-20 07:55:21 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 100 1198844 51948565 102419 0 # compatibility_mode=5892 16776573 100 100 0 114584773 0 0 # compatibility_mode=8192 67108863 100 0 275 275 0 0 # compatibility_mode=9217 16777214 0 9 5860673 5860673 0 0 # scanned=140316 # found=0 # cleaned=0 # scan_time=4519 |
20.06.2010, 20:05 | #14 |
| IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Ich werde einem Rechner nie wieder meinen eigenen Namen gebene.... da wirst Du ja wahnsinnig mit den ganzen Sternen..... OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.06.2010 20:10:00 - Run 4 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\*****\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,05 Gb Total Space | 10,26 Gb Free Space | 7,49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) PRC - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SiS6350) -- C:\Windows\System32\drivers\SISGRKMD.sys (Silicon Integrated Systems Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (sisagp) -- C:\Windows\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (DVBT_Loader) -- C:\Windows\System32\drivers\DVBT_Loader.sys (anchor chips) DRV - (GenDTV) -- C:\Windows\System32\drivers\Geniausb.sys (Windows (R) 2000 DDK provider) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo FF - prefs.js..extensions.enabledItems: contact@searchfiles.de:1.3 FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 17:48:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.20 18:17:42 | 000,000,000 | ---D | M] [2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.06.20 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions [2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.08.08 15:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.05.29 18:39:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.05.29 18:39:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.05.29 18:39:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.01 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\contact@searchfiles.de [2010.05.29 18:39:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\personas@christopher.beard [2010.04.01 22:56:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\rsDownloadHelper@yevgenyandrov.net [2010.04.01 22:36:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\SkipScreen@SkipScreen [2010.05.08 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mebdgxfo.default\extensions\youtube2mp3@mondayx.de [2010.05.25 21:15:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.25 21:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.03.13 12:02:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 12:02:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 12:02:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 12:02:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 12:02:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.19 21:30:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe () O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232315708398 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.06.20 18:35:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.06.20 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\87294-ie-oeffnet-von-selber-malwarebytes-otl-ergebnisse-folgen-Dateien [2010.06.20 14:10:55 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group [2010.06.19 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc4 [2010.06.19 21:33:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.06.19 21:33:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.06.19 21:33:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\temp [2010.06.19 21:21:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.06.19 21:21:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.06.19 21:21:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.06.19 21:21:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.06.19 21:21:00 | 000,000,000 | ---D | C] -- C:\ComboFix123 [2010.06.19 21:20:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.19 21:20:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.06.19 20:57:41 | 000,000,000 | ---D | C] -- C:\_OTL [2010.06.19 08:36:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.06.19 08:36:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.19 08:36:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.19 08:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.19 08:36:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.19 08:20:33 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.06.19 01:29:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys [2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Vso [2010.06.19 01:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\PcSetup [2010.06.19 01:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVDFab [2010.06.19 01:29:12 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 7 [2010.06.17 21:32:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\t680t328briver [2010.06.17 20:00:32 | 000,000,000 | ---D | C] -- C:\Programme\Driver [2010.06.17 19:31:52 | 000,000,000 | ---D | C] -- C:\dvbdream [2010.06.17 19:23:07 | 000,000,000 | ---D | C] -- C:\Programme\AMC2000 [2010.06.16 22:32:39 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\John_Sinclair_Classics_-_Folge_01_-_Der_Anfang [2010.06.16 21:52:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Sebastian Fitzek - Der Augensammler [2010.06.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc3 [2010.06.12 10:49:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\BraveVol1.Disc2 [2010.06.07 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Mango_Enterprise_-_http__ [2010.06.06 21:34:36 | 000,000,000 | ---D | C] -- C:\Programme\Toshiba [2010.06.06 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\TOSHIBA_v5.10.02 [2010.06.04 23:16:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Stefanie_Heinzmann_-_Roots_to_Grow-2009-MOD [2010.06.03 12:00:27 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Miller, Henry [2010.05.26 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Die_Drei_Fragezeichen-F138_Die_Geheime_Treppe-AUDIOBOOK-DE-2010-VOiCE [2010.05.25 21:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.05.25 21:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.05.13 11:49:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\NeroVision [2010.05.02 23:03:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SharePod [2010.05.02 10:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.04.29 20:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Veetle [2010.04.29 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira [2010.04.29 20:01:54 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.04.29 20:01:54 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.25 19:10:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\DVD Profiler [2010.04.25 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\DVD Profiler [2010.04.25 19:09:35 | 000,000,000 | ---D | C] -- C:\Programme\DVD Profiler [2010.04.25 17:21:40 | 000,000,000 | ---D | C] -- C:\Programme\Winload [2010.04.25 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\*****\Application Data [2010.04.24 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\VLN 24.04.2010 [2010.04.22 19:42:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Designer [2010.04.22 19:40:58 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew [2010.04.22 19:40:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.04.13 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Opera [2010.04.13 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Opera [2010.04.13 22:42:08 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs [2010.04.13 22:41:27 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2010.04.13 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.04.13 21:46:41 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.03.27 23:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4 [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.06.20 20:11:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.20 20:11:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.20 20:08:29 | 002,621,440 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT [2010.06.20 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-*****.job [2010.06.20 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-*****.job [2010.06.20 19:16:07 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.20 18:34:23 | 002,672,312 | ---- | M] () -- C:\Users\*****\Desktop\esetsmartinstaller_enu.exe [2010.06.20 18:20:23 | 005,082,883 | ---- | M] () -- C:\Users\*****\Desktop\FoxitReader331_enu.zip [2010.06.20 18:18:41 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.20 18:18:41 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.20 18:18:41 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.20 18:18:41 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.20 18:18:41 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.20 18:11:52 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.20 18:11:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.20 18:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.20 18:11:43 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys [2010.06.20 18:10:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.06.20 18:10:37 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TMContainer00000000000000000001.regtrans-ms [2010.06.20 18:10:37 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{0b6316d0-b644-11de-bf64-001e6888f2b7}.TM.blf [2010.06.20 17:57:56 | 002,934,570 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.06.20 17:57:30 | 000,236,838 | ---- | M] () -- C:\Users\*****\Desktop\87294-ie-oeffnet-von-selber-malwarebytes-otl-ergebnisse-folgen.html [2010.06.20 14:10:56 | 000,001,060 | ---- | M] () -- C:\Users\*****\Desktop\Revo Uninstaller.lnk [2010.06.19 23:44:08 | 000,028,160 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.19 22:17:55 | 002,252,057 | ---- | M] () -- C:\Users\*****\Desktop\Bild 025.jpg [2010.06.19 22:17:35 | 002,317,088 | ---- | M] () -- C:\Users\*****\Desktop\Bild 024.jpg [2010.06.19 21:31:05 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.06.19 21:30:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.06.19 20:55:45 | 003,715,012 | R--- | M] () -- C:\Users\*****\Desktop\ComboFix123.exe [2010.06.19 18:23:09 | 000,293,376 | ---- | M] () -- C:\Users\*****\Desktop\ef9n80ex.exe [2010.06.19 08:20:45 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.06.19 01:29:23 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\*****\AppData\Roaming\pcouffin.sys [2010.06.19 01:29:23 | 000,007,887 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat [2010.06.19 01:29:23 | 000,001,144 | ---- | M] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf [2010.06.17 23:04:36 | 000,102,466 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_230409.reg [2010.06.17 20:25:52 | 000,310,078 | ---- | M] () -- C:\Users\*****\Documents\cc_20100617_202524.reg [2010.06.17 19:38:46 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk [2010.06.09 20:33:59 | 001,596,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.06 21:42:59 | 000,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010.06.06 11:52:09 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2010.05.21 07:37:35 | 001,238,528 | ---- | M] () -- C:\Users\*****\Desktop\ADPJS.ppt [2010.05.03 18:37:16 | 000,055,392 | ---- | M] () -- C:\Users\*****\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010.05.02 10:48:25 | 000,001,411 | ---- | M] () -- C:\Users\*****\Desktop\DivX Movies.lnk [2010.05.02 10:47:44 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.05.02 10:47:12 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe [2010.04.25 19:09:38 | 000,000,909 | ---- | M] () -- C:\Users\*****\Desktop\DVD Profiler.lnk [2010.04.23 23:17:37 | 000,055,392 | ---- | M] () -- C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.22 19:44:10 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2010.04.22 19:43:35 | 000,000,275 | ---- | M] () -- C:\Windows\win.ini [2010.04.22 19:42:16 | 000,001,883 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2010.03.28 01:06:33 | 000,001,656 | ---- | M] () -- C:\Users\*****\Desktop\Zattoo.lnk [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.20 18:34:12 | 002,672,312 | ---- | C] () -- C:\Users\*****\Desktop\esetsmartinstaller_enu.exe [2010.06.20 18:20:01 | 005,082,883 | ---- | C] () -- C:\Users\*****\Desktop\FoxitReader331_enu.zip [2010.06.20 17:57:27 | 000,236,838 | ---- | C] () -- C:\Users\*****\Desktop\87294-ie-oeffnet-von-selber-malwarebytes-otl-ergebnisse-folgen.html [2010.06.20 14:10:56 | 000,001,060 | ---- | C] () -- C:\Users\*****\Desktop\Revo Uninstaller.lnk [2010.06.19 22:17:46 | 002,252,057 | ---- | C] () -- C:\Users\*****\Desktop\Bild 025.jpg [2010.06.19 22:17:24 | 002,317,088 | ---- | C] () -- C:\Users\*****\Desktop\Bild 024.jpg [2010.06.19 21:21:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.06.19 21:21:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.06.19 21:21:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.06.19 21:21:04 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.06.19 21:21:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.06.19 20:55:39 | 003,715,012 | R--- | C] () -- C:\Users\*****\Desktop\ComboFix123.exe [2010.06.19 18:23:06 | 000,293,376 | ---- | C] () -- C:\Users\*****\Desktop\ef9n80ex.exe [2010.06.19 01:31:41 | 000,000,034 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.log [2010.06.19 01:29:23 | 000,007,887 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.cat [2010.06.19 01:29:23 | 000,001,144 | ---- | C] () -- C:\Users\*****\AppData\Roaming\pcouffin.inf [2010.06.17 23:04:11 | 000,102,466 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_230409.reg [2010.06.17 20:25:34 | 000,310,078 | ---- | C] () -- C:\Users\*****\Documents\cc_20100617_202524.reg [2010.06.17 19:38:46 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk [2010.06.06 21:36:36 | 000,000,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010.05.20 21:14:49 | 001,238,528 | ---- | C] () -- C:\Users\*****\Desktop\ADPJS.ppt [2010.05.02 10:48:25 | 000,001,411 | ---- | C] () -- C:\Users\*****\Desktop\DivX Movies.lnk [2010.05.02 10:47:44 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.05.02 10:47:12 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.04.29 19:32:46 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.29 19:32:41 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.04.25 19:09:38 | 000,000,909 | ---- | C] () -- C:\Users\*****\Desktop\DVD Profiler.lnk [2010.04.22 19:44:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.04.22 19:42:16 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2010.03.27 23:01:28 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2009.10.22 22:52:18 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2009.10.20 20:59:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.01 19:40:03 | 000,000,096 | ---- | C] () -- C:\Windows\buhl.ini [2009.04.26 17:38:47 | 000,000,804 | ---- | C] () -- C:\Windows\wiso.ini [2009.04.23 22:11:04 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini [2008.08.11 20:57:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.06.18 15:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2009.04.26 17:39:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service [2010.01.31 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EscapeTheMuseum2 [2009.12.21 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2010.06.11 23:04:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.04.13 22:42:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera [2008.12.25 02:50:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Packard Bell [2009.05.28 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\saveTV [2010.05.02 23:03:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SharePod [2009.03.15 19:52:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2009.06.18 19:53:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TomTom [2010.04.25 19:06:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TVcentral-Core [2010.06.19 01:31:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Vso [2010.04.25 19:05:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WatchTVProEx [2009.03.08 18:33:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zylom [2010.06.20 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-*****.job [2010.06.20 20:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-*****.job [2010.06.20 18:10:39 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
20.06.2010, 20:07 | #15 |
| IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... Ach so: Habe das Gefühl, das mein Rechner bedeutend besser läuft.... |
Themen zu IE öffnet von selber - Malwarebytes & OTL Ergebnisse (folgen)... |
.dll, anti-malware, appdata, bericht, computer, dateien, explorer, firefox, folge, handle, live, local\temp, logdatei, löschen, m.exe, malwarebytes, microsoft, neustart, protection system, roaming, rogue.protectionsystem, software, start, start menu, system, temp, trojan.fakealert, version, öffnet |