Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HijackThis Logs zur Fehlersuche

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 17.10.2010, 19:47   #1
Helen
 
HijackThis Logs zur Fehlersuche - Unglücklich

HijackThis Logs zur Fehlersuche



Huhu,
meine 2 Browser (IE + FF) verweigern mir bei ca 2/3 der aufgerufenen Seiten (ebay, gmx, wikipedia) den Zugriff. Cache + Cookies sind überall gelöscht bzw geleert, Router schon mehrmals resetet, alles mehrmals neu gestartet. kA worans liegen kann. Ich kann auch viele Downloads nicht starten - zb n neuen Browser (das Setup) runterladen. MTU ist bei 1492. Skype + ICQ funktionieren problemlos.
Hab mal ge-hijackt- vllt findet ihr die Lösung - ich bin da hilflos da keine/kaum Ahnung.




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:41, on 17.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

--
End of file - 4403 bytes

Alt 17.10.2010, 20:13   #2
Chris4You
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



Hi,

wie lautet den die Fehlermeldung?


Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 17.10.2010, 20:26   #3
Helen
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



die Fehlermeldung?
Der Fehler liegt daran, dass sich nix öffnet.
In der Taskleiste steht bei ebay zb ganz normal "Ebay: neue und gebrauchte..." - unten auf der statusleiste steht "warten auf "ebay.de" der wartebalken läd bis zu nem Drittel vllt und dann ist Schluss. Die Seite bleibt weiß. Da steht nichts, dass kein Netz da ist oder die Seite nicht gefunden wurde. Einfach nur weiß.

Ich kann zb auch keine Downloads starten - mir wird zwar angezeigt, dass ein Download aktiv ist - die Restdauer aber unbekannt und mehr passiert da nicht.
Virusscan findet nix. Bringt auch nix, wenn ich n Rechtsklick auf ne exe-Datei mach - die wird zwar gespeichert, aber nicht runtergeladen.
__________________

Alt 17.10.2010, 20:35   #4
Chris4You
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



Hi,

bitte wie beschrieben vorgehen...
Hast Du schon probiert die Adressen anzupingen (Netzwerk Diagnose unter Windows - TanMar Tutorials)

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 17.10.2010, 20:53   #5
Helen
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



@ping:
Ja hab ich -

Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.

Pakete: Gesendet: 4 , Empfangen = 0, Verloren = 4 (Verlust 100%)



ExtrasTxtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.10.2010 21:37:11 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.013,00 Mb Total Physical Memory | 210,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,50 Gb Total Space | 40,99 Gb Free Space | 43,37% Space Free | Partition Type: NTFS
Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3947326332-630706141-2089850424-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17F4B6EF-A17F-455B-B70F-47B9741217D9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{418907D4-A6CE-4F3A-A93C-93EA5A9056D4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{56A81444-85D4-49E9-BC4F-0B7B51A61E74}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6A09DCE4-4DF0-4484-A649-5B8664C49450}" = lport=139 | protocol=6 | dir=in | app=system | 
"{924E09E6-5F77-4DCE-AB28-B6D71FD4F9E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{973D1399-2FB3-4498-B394-9E2D220D95EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AAFCC71A-A25F-4ACD-ACC0-37E8BF41F20F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BF792065-D02C-4C9F-AC27-14767D37EE66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E21E4B23-2217-4D03-B56A-065D002091E8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F7D8B7B8-4155-4BCB-9555-D509167E0C4B}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F73C362-BFF5-4030-9210-CF0366A424F6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\***\counter-strike\hl.exe | 
"{379F429F-DCC2-4ACD-A986-1E90ED746F96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3F95632C-36C9-4369-96BF-03E989154444}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4B8CDBB5-5FED-4D0B-A284-23A32BCF45C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{82C2E825-9660-4148-93E3-F1639A756B9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8594EC3D-1228-4917-8534-7C4E7013010F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{951D2455-32CB-49FF-9937-58E3F88E436D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C326AE81-1CBD-4298-B23F-5989647A9E97}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{EB8B3198-6823-40D6-95BF-F4935BC8EB35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\***\counter-strike\hl.exe | 
"TCP Query User{2DD9E89F-4FE5-4070-936A-B2B58F231045}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{33B530FC-91F0-4DB8-9718-47D2D1D69A26}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{BF0324EC-B880-4364-A849-3E3A4DC19564}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D21775D6-9CD7-45F9-854F-A4D8D388A10A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{0DD20A2E-E2B3-42BF-B669-A8D56266B755}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{4050A612-8AA1-459B-AD13-F4E57613FB65}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{63962421-CE0C-41A5-AC4F-C74C61F17B4B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{65097969-CF41-4FD1-BCB4-C5BEF6E4B8B6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.20
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{94AE1214-8B04-4E1F-BE05-BAB20B6DDF43}" = Microsoft Protection Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.20
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E4C7B3EF-B3DB-4BB6-A812-E8FAE47534D3}" = OpenOffice.org 2.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WinRAR archiver" = WinRAR
"WinSS" = Windows Live OneCare
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---



OTLTxt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.10.2010 21:37:11 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.013,00 Mb Total Physical Memory | 210,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,50 Gb Total Space | 40,99 Gb Free Space | 43,37% Space Free | Partition Type: NTFS
Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (winss) -- C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
SRV - (OcHealthMon) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
SRV - (OneCareMP) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (msfwsvc) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MSFWDrv) -- C:\Windows\System32\drivers\msfwdrv.sys (Microsoft Corporation)
DRV - (MSFWHLPR) -- C:\Windows\System32\drivers\msfwhlpr.sys (Microsoft Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.17 21:19:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.17 21:19:25 | 000,000,000 | ---D | M]
 
[2008.12.15 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.17 17:20:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions
[2010.07.31 11:51:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.11 19:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.11.12 10:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\moveplayer@movenetworks.com
[2010.10.17 17:24:33 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-1.xml
[2008.10.22 10:01:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-2.xml
[2008.11.16 21:52:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-3.xml
[2009.04.20 08:17:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-4.xml
[2009.04.21 20:19:11 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-5.xml
[2008.07.08 09:51:56 | 000,000,951 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin.xml
[2010.10.17 21:19:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.06.24 10:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.07 10:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.07 11:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.17 20:27:19 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.10.14 06:20:00 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.14 06:19:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.14 06:18:22 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.14 06:17:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.14 06:17:57 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.14 06:17:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.14 06:17:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.14 06:17:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.14 06:17:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.14 06:17:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.14 06:17:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.14 06:17:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.14 06:17:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.14 06:17:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.14 06:17:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.14 06:17:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.14 06:17:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.14 06:17:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.14 06:17:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.14 06:17:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.14 06:17:45 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.14 06:17:44 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.14 06:17:38 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.14 06:17:33 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.14 06:17:28 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.09.30 17:39:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.07.09 17:26:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.17 21:39:10 | 002,097,152 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.10.17 21:19:29 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.17 21:10:15 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.17 21:10:15 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.17 21:10:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.17 21:10:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.17 21:09:39 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.17 21:06:23 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.17 21:06:22 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.10.17 21:05:59 | 002,784,779 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.10.17 21:04:17 | 000,014,224 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json
[2010.10.17 20:44:32 | 000,002,525 | ---- | M] () -- C:\Users\Helene\Desktop\HiJackThis.lnk
[2010.10.17 20:31:16 | 000,145,938 | ---- | M] () -- C:\Users\***\Desktop\Hijack.jpg
[2010.10.17 17:07:26 | 000,237,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.13 21:36:24 | 000,066,048 | ---- | M] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc
[2010.10.12 20:19:36 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\J.doc
[2010.10.12 18:37:56 | 000,167,833 | ---- | M] () -- C:\Users\***\Desktop\styletipps.rar
[2010.10.12 15:53:26 | 011,497,791 | ---- | M] () -- C:\Users\***\Desktop\styletipp.rar
[2010.10.09 02:13:39 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.09 02:13:39 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.09 02:13:38 | 001,541,518 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.09 02:13:38 | 000,664,270 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.09 02:13:38 | 000,142,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.23 22:14:04 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.17 21:19:29 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.17 21:04:17 | 000,014,224 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json
[2010.10.17 20:31:16 | 000,145,938 | ---- | C] () -- C:\Users\***\Desktop\Hijack.jpg
[2010.10.17 20:27:24 | 000,002,525 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2010.10.13 21:36:21 | 000,066,048 | ---- | C] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc
[2010.10.12 20:19:34 | 000,080,896 | ---- | C] () -- C:\Users\***\Desktop\J.doc
[2010.10.12 18:37:56 | 000,167,833 | ---- | C] () -- C:\Users\***\Desktop\styletipps.rar
[2010.10.12 15:51:31 | 011,497,791 | ---- | C] () -- C:\Users\***\Desktop\styletipp.rar
[2010.04.26 10:05:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.09 17:29:17 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2009.07.09 17:29:11 | 000,000,033 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log
[2009.07.09 17:26:40 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2009.07.09 17:26:40 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2009.07.09 17:26:40 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2009.01.31 16:15:46 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2008.10.19 21:57:24 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2008.10.19 21:56:30 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008.08.22 19:51:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.08.14 19:20:25 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.06.23 08:00:30 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.23 00:49:24 | 002,784,779 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db
[2007.06.22 23:28:17 | 000,050,576 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2006.11.02 14:50:50 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 001,541,518 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006.11.02 12:23:31 | 000,000,660 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 12:23:31 | 000,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006.11.02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006.11.02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006.11.02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006.11.02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006.11.02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006.11.02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006.11.02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006.11.02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006.11.02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006.11.02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006.11.02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006.11.02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006.11.02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006.11.02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006.11.02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
 
========== LOP Check ==========
 
[2008.12.17 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.06.15 22:09:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.17 21:13:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2007.06.26 08:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQLite
[2007.08.21 19:50:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft
[2009.02.01 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2009.07.13 17:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2010.10.17 21:07:02 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 72 bytes -> C:\Windows:0A6E870EF35503B5

< End of report >
         
--- --- ---



Das wären die 2 Txt. Danke vielmals im voraus - ich doktor da schon 2 Tage dran rum - mit Neuinstallation etc. Und wenn man keine Ahnung hat, ist das natürlich wenig ertragreich.


Alt 17.10.2010, 21:08   #6
Chris4You
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



Hi,

du hängst an einem Router?

Hast Du schon probiert Firewall etc. auzuschalten, oder über einen anderen Rechner (Notebook) über den gleichen Anschluß ins INet zu gehen?
Passiert es eher bei geschlüsselten Verbindungen?

Schaue mir morgen das Log genauer an, aber was offensichtliches ist mir nicht ins Auge gefallen...

Hast Du bereist Neuinstalliert und wurde dabei die Festplatte formatiert?
Wenn nein:

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bek&#228;mpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris
__________________
--> HijackThis Logs zur Fehlersuche

Alt 17.10.2010, 21:30   #7
Helen
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



TDSSKiller benutzt, komplett gescant, nix gefunden.


Firewall ausgeschaltet - keine Veränderung.
Hab Firefox schon neu installiert, ebenfalls keine Änderung.




MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: MEDION
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: MEDION
System Product Name: WIM2120
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 143):
0x81C16000 \SystemRoot\system32\ntoskrnl.exe
0x81FC0000 \SystemRoot\system32\hal.dll
0x8580A000 \SystemRoot\system32\kdcom.dll
0x85812000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x85872000 \SystemRoot\system32\PSHED.dll
0x85883000 \SystemRoot\system32\BOOTVID.dll
0x8588B000 \SystemRoot\system32\CLFS.SYS
0x858CC000 \SystemRoot\system32\CI.dll
0x859AC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x85A28000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x85A35000 \SystemRoot\system32\drivers\acpi.sys
0x85A7B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x85A84000 \SystemRoot\system32\drivers\msisadrv.sys
0x85A8C000 \SystemRoot\system32\drivers\pci.sys
0x85AB3000 \SystemRoot\System32\drivers\partmgr.sys
0x85AC2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x85AC5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x85ACF000 \SystemRoot\system32\drivers\volmgr.sys
0x85ADE000 \SystemRoot\System32\drivers\volmgrx.sys
0x85B28000 \SystemRoot\system32\drivers\intelide.sys
0x85B2F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x85B3D000 \SystemRoot\System32\drivers\mountmgr.sys
0x85B4D000 \SystemRoot\system32\drivers\atapi.sys
0x85B55000 \SystemRoot\system32\drivers\ataport.SYS
0x85B73000 \SystemRoot\system32\drivers\msahci.sys
0x85B7D000 \SystemRoot\system32\drivers\fltmgr.sys
0x85BAF000 \SystemRoot\system32\drivers\fileinfo.sys
0x85BBF000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x85C08000 \SystemRoot\System32\Drivers\ksecdd.sys
0x85C79000 \SystemRoot\system32\drivers\ndis.sys
0x85D84000 \SystemRoot\system32\drivers\msrpc.sys
0x85DAF000 \SystemRoot\system32\drivers\NETIO.SYS
0x85DE9000 \SystemRoot\System32\drivers\tcpip.sys
0x85ED2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x85EED000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86008000 \SystemRoot\system32\drivers\volsnap.sys
0x86041000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x86052000 \SystemRoot\System32\Drivers\spldr.sys
0x8605A000 \SystemRoot\System32\Drivers\mup.sys
0x86069000 \SystemRoot\System32\drivers\ecache.sys
0x86090000 \SystemRoot\system32\drivers\disk.sys
0x860A1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x860C2000 \SystemRoot\system32\drivers\crcdisk.sys
0x860ED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x860F8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86101000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x86110000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A004000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8A6B3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A752000 \SystemRoot\System32\drivers\watchdog.sys
0x8A75F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A771000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8A780000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A78B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A7C9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A7D8000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8A7E8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x86119000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8A7F6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x86133000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x86146000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x86151000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8615C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x86174000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8617C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x861AA000 \SystemRoot\system32\DRIVERS\storport.sys
0x861EB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x861F6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8620D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x86218000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8623B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8624A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8625E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x86273000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A7FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x86283000 \SystemRoot\system32\DRIVERS\ks.sys
0x862AD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x862B7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x862C4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x862F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x86309000 \SystemRoot\system32\drivers\HdAudio.sys
0x86348000 \SystemRoot\system32\drivers\portcls.sys
0x86375000 \SystemRoot\system32\drivers\drmk.sys
0x8A80E000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8A905000 \SystemRoot\system32\drivers\modem.sys
0x8A912000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8A91B000 \SystemRoot\System32\Drivers\Null.SYS
0x8A922000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A932000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A939000 \SystemRoot\System32\drivers\vga.sys
0x8A945000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A966000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8A96E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A976000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A981000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A98F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8A998000 \SystemRoot\system32\DRIVERS\msfwhlpr.sys
0x8A9A4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A9BA000 \SystemRoot\system32\DRIVERS\smb.sys
0x8A9CE000 \SystemRoot\system32\drivers\afd.sys
0x8AA16000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8AA48000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8AA5E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8AA6C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8AA7F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8AA85000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8AAC1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8AACB000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8AAD0000 \SystemRoot\System32\Drivers\dfsc.sys
0x8AAE7000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8AB03000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8AB05000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8AB2D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8AB3A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8AB45000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x90C10000 \SystemRoot\System32\win32k.sys
0x8AB4F000 \SystemRoot\System32\drivers\Dxapi.sys
0x8AB59000 \SystemRoot\system32\DRIVERS\monitor.sys
0x90E30000 \SystemRoot\System32\TSDDD.dll
0x90E50000 \SystemRoot\System32\cdd.dll
0x8AB68000 \SystemRoot\system32\drivers\luafv.sys
0x8AB83000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA5002000 \SystemRoot\system32\drivers\spsys.sys
0xA50B1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA50C1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA50D4000 \SystemRoot\system32\drivers\HTTP.sys
0xA5141000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA515E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA5177000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA518C000 \SystemRoot\system32\drivers\mrxdav.sys
0xA51AC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA51CB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA5204000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA521C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA5244000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5292000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xA529D000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA52AF000 \SystemRoot\system32\DRIVERS\msfwdrv.sys
0xA52C7000 \SystemRoot\system32\drivers\peauth.sys
0xA53A5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA53AF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA53BB000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77680000 \Windows\System32\ntdll.dll

Processes (total 55):
0 System Idle Process
4 System
392 C:\Windows\System32\smss.exe
460 csrss.exe
504 C:\Windows\System32\wininit.exe
516 csrss.exe
548 C:\Windows\System32\services.exe
564 C:\Windows\System32\lsass.exe
572 C:\Windows\System32\lsm.exe
624 C:\Windows\System32\winlogon.exe
760 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
876 C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
1020 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\audiodg.exe
1224 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\SLsvc.exe
1276 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\spoolsv.exe
1624 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1636 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1648 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\taskeng.exe
224 C:\Windows\System32\dwm.exe
520 C:\Windows\explorer.exe
292 C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
236 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
656 C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
2072 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2100 C:\Windows\ehome\ehtray.exe
2192 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
2328 C:\Windows\System32\svchost.exe
2344 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\svchost.exe
2404 C:\Windows\System32\SearchIndexer.exe
2484 C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
2540 C:\Program Files\Microsoft Windows OneCare Live\winss.exe
2856 C:\Program Files\Windows Media Player\wmpnscfg.exe
3244 C:\Windows\ehome\ehmsas.exe
3284 C:\Program Files\Windows Media Player\wmpnetwk.exe
3432 WmiPrvSE.exe
3544 C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
3768 C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
912 C:\Windows\System32\taskeng.exe
3424 C:\Program Files\ICQ6.5\ICQ.exe
1052 C:\Windows\System32\wuauclt.exe
4056 C:\Program Files\Mozilla Firefox\firefox.exe
3568 C:\Windows\System32\conime.exe
3884 C:\Program Files\Skype\Phone\Skype.exe
2516 C:\Program Files\Skype\Plugin Manager\skypePM.exe
1992 C:\Program Files\Mozilla Firefox\plugin-container.exe


\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`9fe8de00 (FAT32)

PhysicalDrive0 Model Number: WDCWD1200BEVS-22LAT0, Rev: 01.06M01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Geändert von Helen (17.10.2010 um 21:42 Uhr)

Alt 18.10.2010, 07:01   #8
Chris4You
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



Hi,



Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.
O4 - HKCU..\Run: []  File not found
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 72 bytes -> C:\Windows:0A6E870EF35503B5


:Commands
[emptytemp]
[resethosts]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Geändert von Chris4You (18.10.2010 um 07:53 Uhr)

Alt 18.10.2010, 08:12   #9
Helen
 
HijackThis Logs zur Fehlersuche - Unglücklich

HijackThis Logs zur Fehlersuche



All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\System32\drivers\blbdrive.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a194578-81ea-4850-9911-13ba2d71efbd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a194578-81ea-4850-9911-13ba2d71efbd}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\Windows:0A6E870EF35503B5 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 72925595 bytes
->Temporary Internet Files folder emptied: 7567354 bytes
->Java cache emptied: 13658610 bytes
->FireFox cache emptied: 30656398 bytes
->Flash cache emptied: 102315 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 72 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111134469 bytes
RecycleBin emptied: 4809834065 bytes

Total Files Cleaned = 4.812,00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.15.2 log created on 10182010_090053

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




keine Veränderung

Alt 18.10.2010, 08:28   #10
Chris4You
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



Hi,

das Hosts-File hat bei Dir gefehlt, OTL sollte es resettet haben, poste einen neuen OTL-Log...

Hast du schon versucht über einen anderen Rechner über den gleichen Anschluß ins INet zu gehen? Wenn das geht würde ich mal die Netzwerkkarte oder das Kabel tauschen... (Malware hängt sich selten selbst von "Ihrem" Medium, dem Internet ab...).

Passiert es eher bei geschlüsselten Verbindungen?

Hast du schon versucht das Netzwerk mit Windowsboardmitteln reparieren zu lassen?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 18.10.2010, 14:03   #11
Helen
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



iOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.10.2010 14:44:03 - Run 2
OTL by OldTimer - Version 3.2.15.2     Folder = c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.013,00 Mb Total Physical Memory | 326,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,50 Gb Total Space | 44,77 Gb Free Space | 47,38% Space Free | Partition Type: NTFS
Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32
Drive E: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (winss) -- C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
SRV - (OcHealthMon) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
SRV - (OneCareMP) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (msfwsvc) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MSFWDrv) -- C:\Windows\System32\drivers\msfwdrv.sys (Microsoft Corporation)
DRV - (MSFWHLPR) -- C:\Windows\System32\drivers\msfwhlpr.sys (Microsoft Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.17 21:19:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.17 21:19:25 | 000,000,000 | ---D | M]
 
[2008.12.15 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.17 17:20:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions
[2010.07.31 11:51:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.11 19:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.11.12 10:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\moveplayer@movenetworks.com
[2010.10.17 17:24:33 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-1.xml
[2008.10.22 10:01:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-2.xml
[2008.11.16 21:52:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-3.xml
[2009.04.20 08:17:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-4.xml
[2009.04.21 20:19:11 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-5.xml
[2008.07.08 09:51:56 | 000,000,951 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin.xml
[2010.10.17 21:19:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.06.24 10:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.07 10:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.07 11:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.18 09:02:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.18 09:00:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.17 20:27:19 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.10.14 06:20:00 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.14 06:19:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.14 06:18:22 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.14 06:17:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.14 06:17:57 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.14 06:17:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.14 06:17:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.14 06:17:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.14 06:17:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.14 06:17:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.14 06:17:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.14 06:17:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.14 06:17:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.14 06:17:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.14 06:17:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.14 06:17:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.14 06:17:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.14 06:17:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.14 06:17:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.14 06:17:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.14 06:17:45 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.14 06:17:44 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.14 06:17:38 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.14 06:17:33 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.14 06:17:28 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.09.30 17:39:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.07.09 17:26:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.18 14:18:53 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.18 14:18:52 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.18 14:18:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.18 09:04:31 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.18 09:02:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.10.17 21:19:29 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.17 21:04:17 | 000,014,224 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json
[2010.10.17 20:44:32 | 000,002,525 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2010.10.17 20:31:16 | 000,145,938 | ---- | M] () -- C:\Users\***\Desktop\Hijack.jpg
[2010.10.17 17:07:26 | 000,237,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.13 21:36:24 | 000,066,048 | ---- | M] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc
[2010.10.12 20:19:36 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\J.doc
[2010.10.12 18:37:56 | 000,167,833 | ---- | M] () -- C:\Users\***\Desktop\styletipps.rar
[2010.10.12 15:53:26 | 011,497,791 | ---- | M] () -- C:\Users\***\Desktop\styletipp.rar
[2010.10.09 02:13:39 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.09 02:13:39 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.09 02:13:38 | 000,664,270 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.09 02:13:38 | 000,142,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.23 22:14:04 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2010.10.17 21:19:29 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.17 21:04:17 | 000,014,224 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json
[2010.10.17 20:31:16 | 000,145,938 | ---- | C] () -- C:\Users\***\Desktop\Hijack.jpg
[2010.10.17 20:27:24 | 000,002,525 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2010.10.13 21:36:21 | 000,066,048 | ---- | C] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc
[2010.10.12 20:19:34 | 000,080,896 | ---- | C] () -- C:\Users\***\Desktop\J.doc
[2010.10.12 18:37:56 | 000,167,833 | ---- | C] () -- C:\Users\***\Desktop\styletipps.rar
[2010.10.12 15:51:31 | 011,497,791 | ---- | C] () -- C:\Users\***\Desktop\styletipp.rar
[2010.04.26 10:05:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.09 17:29:17 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2009.07.09 17:29:11 | 000,000,033 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log
[2009.07.09 17:26:40 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2009.07.09 17:26:40 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2009.07.09 17:26:40 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2009.01.31 16:15:46 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2008.08.22 19:51:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.08.14 19:20:25 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.06.23 08:00:30 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.10.2010 14:44:07 - Run 2
OTL by OldTimer - Version 3.2.15.2     Folder = c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.013,00 Mb Total Physical Memory | 326,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,50 Gb Total Space | 44,77 Gb Free Space | 47,38% Space Free | Partition Type: NTFS
Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32
Drive E: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3947326332-630706141-2089850424-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17F4B6EF-A17F-455B-B70F-47B9741217D9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{418907D4-A6CE-4F3A-A93C-93EA5A9056D4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{56A81444-85D4-49E9-BC4F-0B7B51A61E74}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6A09DCE4-4DF0-4484-A649-5B8664C49450}" = lport=139 | protocol=6 | dir=in | app=system | 
"{924E09E6-5F77-4DCE-AB28-B6D71FD4F9E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{973D1399-2FB3-4498-B394-9E2D220D95EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AAFCC71A-A25F-4ACD-ACC0-37E8BF41F20F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BF792065-D02C-4C9F-AC27-14767D37EE66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E21E4B23-2217-4D03-B56A-065D002091E8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F7D8B7B8-4155-4BCB-9555-D509167E0C4B}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F73C362-BFF5-4030-9210-CF0366A424F6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\***\counter-strike\hl.exe | 
"{379F429F-DCC2-4ACD-A986-1E90ED746F96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3F95632C-36C9-4369-96BF-03E989154444}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4B8CDBB5-5FED-4D0B-A284-23A32BCF45C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{82C2E825-9660-4148-93E3-F1639A756B9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8594EC3D-1228-4917-8534-7C4E7013010F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{951D2455-32CB-49FF-9937-58E3F88E436D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C326AE81-1CBD-4298-B23F-5989647A9E97}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{EB8B3198-6823-40D6-95BF-F4935BC8EB35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\***\counter-strike\hl.exe | 
"TCP Query User{2DD9E89F-4FE5-4070-936A-B2B58F231045}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{33B530FC-91F0-4DB8-9718-47D2D1D69A26}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{BF0324EC-B880-4364-A849-3E3A4DC19564}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D21775D6-9CD7-45F9-854F-A4D8D388A10A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{0DD20A2E-E2B3-42BF-B669-A8D56266B755}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{4050A612-8AA1-459B-AD13-F4E57613FB65}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{63962421-CE0C-41A5-AC4F-C74C61F17B4B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{65097969-CF41-4FD1-BCB4-C5BEF6E4B8B6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.20
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{94AE1214-8B04-4E1F-BE05-BAB20B6DDF43}" = Microsoft Protection Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.20
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E4C7B3EF-B3DB-4BB6-A812-E8FAE47534D3}" = OpenOffice.org 2.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WinRAR archiver" = WinRAR
"WinSS" = Windows Live OneCare
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.10.2010 11:12:32 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 10:13:29 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 12:30:41 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.10.2010 07:46:35 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.10.2010 08:35:03 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.10.2010 09:14:15 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.10.2010 09:17:59 | Computer Name = Helenchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul msxml6.dll, Version 6.20.4001.0, Zeitstempel 0x4a7ffde1,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000091ea,  Prozess-ID 0xlÍF lÍF $, Anwendungsstartzeit
 lÍF lÍF $.
 
Error - 17.10.2010 11:12:45 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.10.2010 11:41:16 | Computer Name = Helenchen | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: c5c  Anfangszeit: 01cb6e11a0e0a28b  Zeitpunkt der Beendigung:
 15
 
Error - 17.10.2010 15:10:52 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 17.10.2010 18:27:07 | Computer Name = Helenchen | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 17.10.2010 18:28:08 | Computer Name = Helenchen | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 17.10.2010 18:28:14 | Computer Name = Helenchen | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 17.10.2010 18:28:19 | Computer Name = Helenchen | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 17.10.2010 18:28:25 | Computer Name = Helenchen | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 18.10.2010 02:49:11 | Computer Name = Helenchen | Source = HTTP | ID = 15016
Description = 
 
Error - 18.10.2010 02:49:54 | Computer Name = Helenchen | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 0016D3810699 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 18.10.2010 03:00:55 | Computer Name = Helenchen | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 18.10.2010 03:04:44 | Computer Name = Helenchen | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 0016D3810699 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 18.10.2010 03:04:45 | Computer Name = Helenchen | Source = HTTP | ID = 15016
Description = 
 
[ Windows OneCare Events ]
Error - 14.04.2009 03:30:21 | Computer Name = Helenchen | Source = WinSS | ID = 1002
Description = Dienst konnte nicht gestartet werden.
 
 
< End of report >
         
--- --- ---



Boardmittel ja, erfolglos
ja, andere Rechner auch - die kamen problemlos auf die Seiten.

Alt 18.10.2010, 14:15   #12
Chris4You
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



Hi,

bringt er da einen Fehlertext?
Oder sagt er es sei alles i. O. und das wars dann?

Schau mir die Logs heute abend an, muss jetzt leider weg...

Schau zwischenzeitlich hier mal rein:
Internetst&#246;rungen – &#220;bersicht der h&#228;ufigsten Probleme und Fehlerquellen

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 18.10.2010, 14:18   #13
Helen
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



"regsvr32 urlmon.dll" geht
bei "shdocvw.dll" sagter mir, dass das nicht geladen wurde, dllregisterserver-eingangspunkt würde nicht gefunden. und ich solle sicherstellen, dass das eine gültige datei ist und den vorgang wiederholen
bei ACTXPRXy.dll steht "fehlercode 0x80070005" - und ich solle online nach dem fehlercode suchen
bei oleaut32 steht das gleiche - s. fehlercode
bei mshtml wurd der eingangspkt nicht gefunden
bei browseui auch nich
shell32 funktioniert
regsvr32 /u wuv3is.dllkann nicht geladen werden, binärdatei am angegebenen pfad gespeichert? Datei debuggen - modul nicht gefunden

Alt 18.10.2010, 20:57   #14
Helen
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



Habe gerade einen Durchlauf mit Malwarebytes gemacht - hat 22 infizierte Dateien gefunden - habe diese gelöscht.

Hier ist der Bericht dazu - leider hat sich (auch nach einem Neustart) nichts verändert

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4875

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

18.10.2010 21:30:23
mbam-log-2010-10-18 (21-30-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131077
Laufzeit: 10 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 22
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




Hab die Scan.Txt Datei von MFT bei OTL eingefügt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.10.2010 22:04:50 - Run 3
OTL by OldTimer - Version 3.2.15.2     Folder = c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.013,00 Mb Total Physical Memory | 289,00 Mb Available Physical Memory | 28,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,50 Gb Total Space | 45,71 Gb Free Space | 48,37% Space Free | Partition Type: NTFS
Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32
Drive E: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox1.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Windows OneCare Live\winssnotifye.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\IconCodecService.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (winss) -- C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
SRV - (OcHealthMon) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
SRV - (OneCareMP) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (msfwsvc) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MSFWDrv) -- C:\Windows\System32\drivers\msfwdrv.sys (Microsoft Corporation)
DRV - (MSFWHLPR) -- C:\Windows\System32\drivers\msfwhlpr.sys (Microsoft Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.17 21:19:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.17 21:19:25 | 000,000,000 | ---D | M]
 
[2008.12.15 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.18 19:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions
[2010.07.31 11:51:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.11 19:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.11.12 10:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\moveplayer@movenetworks.com
[2010.10.17 17:24:33 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-1.xml
[2008.10.22 10:01:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-2.xml
[2008.11.16 21:52:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-3.xml
[2009.04.20 08:17:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-4.xml
[2009.04.21 20:19:11 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-5.xml
[2008.07.08 09:51:56 | 000,000,951 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin.xml
[2010.10.17 21:19:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.06.24 10:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.07 10:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.07 11:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.18 09:02:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.10.18 21:59:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools
[2010.10.18 21:18:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.10.18 21:17:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.18 21:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.18 21:17:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.18 21:17:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.18 09:00:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.17 20:27:19 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.11 13:30:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Rammstein Referat
[2009.07.09 17:26:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.10.18 21:47:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.18 21:47:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.18 21:46:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.18 21:46:46 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.18 09:02:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.10.17 21:19:29 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.17 21:04:17 | 000,014,224 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json
[2010.10.17 20:44:32 | 000,002,525 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2010.10.17 17:07:26 | 000,237,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.13 21:36:24 | 000,066,048 | ---- | M] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc
[2010.10.12 20:19:36 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\J.doc
[2010.10.12 18:37:56 | 000,167,833 | ---- | M] () -- C:\Users\***\Desktop\styletipps.rar
[2010.10.12 15:53:26 | 011,497,791 | ---- | M] () -- C:\Users\***\Desktop\styletipp.rar
[2010.10.09 02:13:39 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.09 02:13:39 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.09 02:13:38 | 000,664,270 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.09 02:13:38 | 000,142,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.23 22:14:04 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.08 01:12:15 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.09.07 11:21:53 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.31 01:15:26 | 000,000,165 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.07.30 22:04:41 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
 
========== Files Created - No Company Name ==========
 
[2010.10.18 20:56:42 | 1063,444,480 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.17 21:19:29 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.17 21:04:17 | 000,014,224 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json
[2010.10.17 20:27:24 | 000,002,525 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2010.10.13 21:36:21 | 000,066,048 | ---- | C] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc
[2010.10.12 20:19:34 | 000,080,896 | ---- | C] () -- C:\Users\***\Desktop\J.doc
[2010.10.12 18:37:56 | 000,167,833 | ---- | C] () -- C:\Users\***\Desktop\styletipps.rar
[2010.10.12 15:51:31 | 011,497,791 | ---- | C] () -- C:\Users\***\Desktop\styletipp.rar
[2010.04.26 10:05:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.09 17:29:17 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2009.07.09 17:29:11 | 000,000,033 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log
[2009.07.09 17:26:40 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2009.07.09 17:26:40 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2009.07.09 17:26:40 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2009.01.31 16:15:46 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2008.08.22 19:51:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.08.14 19:20:25 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.06.23 08:00:30 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2008.12.17 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.06.15 22:09:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelper
[2010.10.18 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2007.06.26 08:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQLite
[2007.08.21 19:50:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft
[2009.02.01 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2009.07.13 17:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2010.10.18 21:45:33 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.19 09:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007.06.22 23:58:44 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.10.18 21:46:46 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2007.01.13 04:02:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.06.01 23:21:42 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2007.01.13 04:02:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.10.18 21:46:44 | 1377,247,232 | -HS- | M] () -- C:\pagefile.sys
[2010.10.17 22:15:48 | 000,055,662 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_17.10.2010_22.15.13_log.txt
[2010.10.17 22:17:36 | 000,055,662 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_17.10.2010_22.17.06_log.txt
[2009.02.07 00:08:23 | 000,000,160 | ---- | M] () -- C:\TO_InstallLog.txt
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.12.09 12:40:43 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old\Windows\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows.old\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 13:51:18

< End of report >
         
--- --- ---

Geändert von Helen (18.10.2010 um 21:32 Uhr)

Alt 19.10.2010, 06:55   #15
Chris4You
 
HijackThis Logs zur Fehlersuche - Standard

HijackThis Logs zur Fehlersuche



Hi,

das sieht nach einem teilzerschossenen Systeme aus (zumindest was ActiveX angeht)...

Win7/Vista
1.Die Befehlszeile aufrufen über Start -> Im Suchfeld „cmd“ eingeben
Nun nicht Enter drücken sondern folgende Tastenkombination:
[Strg]+[Umschalten/Shift]+[Return/Eingabe]
Damit wird die Console als Administrator gestartet, was unerlässlich für die Reperatur ist. Alternativ über Rechtsklick auf den Desktop, Neu-Verknüpfung erstellen, Ziel:
C:\Windows\System32\cmd.exe Name eingeben, Fertig.
Dann Rechtsklick auf die neu erstellte Verknüpfung und "Ausführen als
Administrator"
auswählen.

2.Nun in der Befehlszeile/Console folgenden Befehl eingeben:
sfc /scannow

3.Nun wird die Systemsuche gestartet und die defekten Dateien werken lokalisiert. Nun nur noch die Win7/Vista DVD einlegen und die defekten Dateien werden durch die von der DVD ersetzt.

4.Unbedingt ein Windows Update ausführen um die reparierten Systemdateien auf dem neuesten Stand zu haben.

Wenn es danach immer noch nicht funktioniert:
Verbessern Sie die Leistung und Sicherheit von Internet Explorer
Dann rechts den Button "Jetzt ausführen"...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu HijackThis Logs zur Fehlersuche
adobe, antivir, antivir guard, avg, avira, bho, browser, defender, desktop, ebay, explorer, firefox, hijack, hijackthis, internet, internet explorer, mozilla, nicht starten, plug-in, router, seiten, software, starten, system, vista, windows, wmp




Ähnliche Themen: HijackThis Logs zur Fehlersuche


  1. 3 Logs (mbam,otl,hijackthis)
    Log-Analyse und Auswertung - 16.01.2012 (29)
  2. HiJackThis Logs posten
    Log-Analyse und Auswertung - 13.12.2010 (10)
  3. TRJOAN Detected HiJackThis Logs
    Log-Analyse und Auswertung - 22.03.2010 (3)
  4. HiJackThis Logs bewerten
    Mülltonne - 01.03.2010 (1)
  5. wie kann ich logs von hijackthis posten
    Log-Analyse und Auswertung - 25.10.2009 (7)
  6. Trojaner.generic HiJackthis Logs
    Mülltonne - 26.11.2008 (0)
  7. msn virus HiJackThis Logs
    Log-Analyse und Auswertung - 02.10.2008 (2)
  8. Hilfe zu HiJackThis-Logs TR/Spy.Agent
    Log-Analyse und Auswertung - 02.08.2008 (1)
  9. HiJackThis Logs + Probleme mit Seekmo und CiD
    Log-Analyse und Auswertung - 14.02.2008 (2)
  10. Bitte um Kontrolle meines HiJackThis Logs
    Log-Analyse und Auswertung - 01.01.2008 (0)
  11. hijackthis logs überprüfen bitte :)
    Mülltonne - 09.06.2007 (1)
  12. Nervige Pop-Ups - Bitte um Auswertung d. HiJackThis Logs!
    Log-Analyse und Auswertung - 19.07.2006 (2)
  13. HiJackThis Logs zum checken :)
    Log-Analyse und Auswertung - 07.01.2006 (5)
  14. HiJackThis Logs und eScan log bitte mal nachschauen
    Log-Analyse und Auswertung - 06.02.2005 (1)
  15. HiJackThis Logs Hilfe Lahmer pc
    Log-Analyse und Auswertung - 05.02.2005 (1)
  16. BDS/Agent.AY logs von escan und HIjackthis
    Plagegeister aller Art und deren Bekämpfung - 24.01.2005 (5)

Zum Thema HijackThis Logs zur Fehlersuche - Huhu, meine 2 Browser (IE + FF) verweigern mir bei ca 2/3 der aufgerufenen Seiten (ebay, gmx, wikipedia) den Zugriff. Cache + Cookies sind überall gelöscht bzw geleert, Router schon - HijackThis Logs zur Fehlersuche...
Archiv
Du betrachtest: HijackThis Logs zur Fehlersuche auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.