|
Log-Analyse und Auswertung: HijackThis Logs zur FehlersucheWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.10.2010, 19:47 | #1 |
| HijackThis Logs zur Fehlersuche Huhu, meine 2 Browser (IE + FF) verweigern mir bei ca 2/3 der aufgerufenen Seiten (ebay, gmx, wikipedia) den Zugriff. Cache + Cookies sind überall gelöscht bzw geleert, Router schon mehrmals resetet, alles mehrmals neu gestartet. kA worans liegen kann. Ich kann auch viele Downloads nicht starten - zb n neuen Browser (das Setup) runterladen. MTU ist bei 1492. Skype + ICQ funktionieren problemlos. Hab mal ge-hijackt- vllt findet ihr die Lösung - ich bin da hilflos da keine/kaum Ahnung. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:45:41, on 17.10.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wuauclt.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\conime.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- End of file - 4403 bytes |
17.10.2010, 20:13 | #2 |
| HijackThis Logs zur Fehlersuche Hi,
__________________wie lautet den die Fehlermeldung? Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
17.10.2010, 20:26 | #3 |
| HijackThis Logs zur Fehlersuche die Fehlermeldung?
__________________Der Fehler liegt daran, dass sich nix öffnet. In der Taskleiste steht bei ebay zb ganz normal "Ebay: neue und gebrauchte..." - unten auf der statusleiste steht "warten auf "ebay.de" der wartebalken läd bis zu nem Drittel vllt und dann ist Schluss. Die Seite bleibt weiß. Da steht nichts, dass kein Netz da ist oder die Seite nicht gefunden wurde. Einfach nur weiß. Ich kann zb auch keine Downloads starten - mir wird zwar angezeigt, dass ein Download aktiv ist - die Restdauer aber unbekannt und mehr passiert da nicht. Virusscan findet nix. Bringt auch nix, wenn ich n Rechtsklick auf ne exe-Datei mach - die wird zwar gespeichert, aber nicht runtergeladen. |
17.10.2010, 20:35 | #4 |
| HijackThis Logs zur Fehlersuche Hi, bitte wie beschrieben vorgehen... Hast Du schon probiert die Adressen anzupingen (Netzwerk Diagnose unter Windows - TanMar Tutorials) chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
17.10.2010, 20:53 | #5 |
| HijackThis Logs zur Fehlersuche @ping: Ja hab ich - Zeitüberschreitung der Anforderung. Zeitüberschreitung der Anforderung. Zeitüberschreitung der Anforderung. Zeitüberschreitung der Anforderung. Pakete: Gesendet: 4 , Empfangen = 0, Verloren = 4 (Verlust 100%) ExtrasTxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.10.2010 21:37:11 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 210,00 Mb Available Physical Memory | 21,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,50 Gb Total Space | 40,99 Gb Free Space | 43,37% Space Free | Partition Type: NTFS Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3947326332-630706141-2089850424-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{17F4B6EF-A17F-455B-B70F-47B9741217D9}" = rport=138 | protocol=17 | dir=out | app=system | "{418907D4-A6CE-4F3A-A93C-93EA5A9056D4}" = lport=137 | protocol=17 | dir=in | app=system | "{56A81444-85D4-49E9-BC4F-0B7B51A61E74}" = lport=138 | protocol=17 | dir=in | app=system | "{6A09DCE4-4DF0-4484-A649-5B8664C49450}" = lport=139 | protocol=6 | dir=in | app=system | "{924E09E6-5F77-4DCE-AB28-B6D71FD4F9E2}" = rport=139 | protocol=6 | dir=out | app=system | "{973D1399-2FB3-4498-B394-9E2D220D95EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AAFCC71A-A25F-4ACD-ACC0-37E8BF41F20F}" = rport=137 | protocol=17 | dir=out | app=system | "{BF792065-D02C-4C9F-AC27-14767D37EE66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E21E4B23-2217-4D03-B56A-065D002091E8}" = lport=445 | protocol=6 | dir=in | app=system | "{F7D8B7B8-4155-4BCB-9555-D509167E0C4B}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2F73C362-BFF5-4030-9210-CF0366A424F6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\***\counter-strike\hl.exe | "{379F429F-DCC2-4ACD-A986-1E90ED746F96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3F95632C-36C9-4369-96BF-03E989154444}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4B8CDBB5-5FED-4D0B-A284-23A32BCF45C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{82C2E825-9660-4148-93E3-F1639A756B9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8594EC3D-1228-4917-8534-7C4E7013010F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{951D2455-32CB-49FF-9937-58E3F88E436D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C326AE81-1CBD-4298-B23F-5989647A9E97}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{EB8B3198-6823-40D6-95BF-F4935BC8EB35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\***\counter-strike\hl.exe | "TCP Query User{2DD9E89F-4FE5-4070-936A-B2B58F231045}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{33B530FC-91F0-4DB8-9718-47D2D1D69A26}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | "TCP Query User{BF0324EC-B880-4364-A849-3E3A4DC19564}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{D21775D6-9CD7-45F9-854F-A4D8D388A10A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{0DD20A2E-E2B3-42BF-B669-A8D56266B755}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | "UDP Query User{4050A612-8AA1-459B-AD13-F4E57613FB65}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{63962421-CE0C-41A5-AC4F-C74C61F17B4B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{65097969-CF41-4FD1-BCB4-C5BEF6E4B8B6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.20 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare "{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1 "{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting "{94AE1214-8B04-4E1F-BE05-BAB20B6DDF43}" = Microsoft Protection Service "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.20 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus "{E4C7B3EF-B3DB-4BB6-A812-E8FAE47534D3}" = OpenOffice.org 2.2 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CloneDVD2" = CloneDVD2 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Shrink_is1" = DVD Shrink 3.2 "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VideoLAN VLC media player 0.8.6h "WinRAR archiver" = WinRAR "WinSS" = Windows Live OneCare ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > OTLTxt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.10.2010 21:37:11 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 210,00 Mb Available Physical Memory | 21,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,50 Gb Total Space | 40,99 Gb Free Space | 43,37% Space Free | Partition Type: NTFS Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org) ========== Modules (SafeList) ========== MOD - C:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (winss) -- C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) SRV - (OcHealthMon) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) SRV - (OneCareMP) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (msfwsvc) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (MSFWDrv) -- C:\Windows\System32\drivers\msfwdrv.sys (Microsoft Corporation) DRV - (MSFWHLPR) -- C:\Windows\System32\drivers\msfwhlpr.sys (Microsoft Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.17 21:19:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.17 21:19:25 | 000,000,000 | ---D | M] [2008.12.15 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.17 17:20:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions [2010.07.31 11:51:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.11 19:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.12 10:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\moveplayer@movenetworks.com [2010.10.17 17:24:33 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-1.xml [2008.10.22 10:01:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-2.xml [2008.11.16 21:52:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-3.xml [2009.04.20 08:17:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-4.xml [2009.04.21 20:19:11 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-5.xml [2008.07.08 09:51:56 | 000,000,951 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin.xml [2010.10.17 21:19:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.06.24 10:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.07 10:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.07 11:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - No CLSID value found. O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.17 20:27:19 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.10.14 06:20:00 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 06:19:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.14 06:18:22 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 06:17:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 06:17:57 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 06:17:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.14 06:17:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.14 06:17:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.14 06:17:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.14 06:17:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.14 06:17:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 06:17:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.14 06:17:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.14 06:17:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.14 06:17:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.14 06:17:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.14 06:17:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.14 06:17:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.14 06:17:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.14 06:17:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.14 06:17:45 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 06:17:44 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 06:17:38 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 06:17:33 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.14 06:17:28 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.09.30 17:39:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009.07.09 17:26:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys [2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.17 21:39:10 | 002,097,152 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.10.17 21:19:29 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.17 21:10:15 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.17 21:10:15 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.17 21:10:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.17 21:10:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.17 21:09:39 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys [2010.10.17 21:06:23 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.10.17 21:06:22 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.10.17 21:05:59 | 002,784,779 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.10.17 21:04:17 | 000,014,224 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json [2010.10.17 20:44:32 | 000,002,525 | ---- | M] () -- C:\Users\Helene\Desktop\HiJackThis.lnk [2010.10.17 20:31:16 | 000,145,938 | ---- | M] () -- C:\Users\***\Desktop\Hijack.jpg [2010.10.17 17:07:26 | 000,237,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.13 21:36:24 | 000,066,048 | ---- | M] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc [2010.10.12 20:19:36 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\J.doc [2010.10.12 18:37:56 | 000,167,833 | ---- | M] () -- C:\Users\***\Desktop\styletipps.rar [2010.10.12 15:53:26 | 011,497,791 | ---- | M] () -- C:\Users\***\Desktop\styletipp.rar [2010.10.09 02:13:39 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.09 02:13:39 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.09 02:13:38 | 001,541,518 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.10.09 02:13:38 | 000,664,270 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.09 02:13:38 | 000,142,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.23 22:14:04 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.17 21:19:29 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.17 21:04:17 | 000,014,224 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json [2010.10.17 20:31:16 | 000,145,938 | ---- | C] () -- C:\Users\***\Desktop\Hijack.jpg [2010.10.17 20:27:24 | 000,002,525 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk [2010.10.13 21:36:21 | 000,066,048 | ---- | C] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc [2010.10.12 20:19:34 | 000,080,896 | ---- | C] () -- C:\Users\***\Desktop\J.doc [2010.10.12 18:37:56 | 000,167,833 | ---- | C] () -- C:\Users\***\Desktop\styletipps.rar [2010.10.12 15:51:31 | 011,497,791 | ---- | C] () -- C:\Users\***\Desktop\styletipp.rar [2010.04.26 10:05:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.09 17:29:17 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll [2009.07.09 17:29:11 | 000,000,033 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log [2009.07.09 17:26:40 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2009.07.09 17:26:40 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2009.07.09 17:26:40 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll [2009.01.31 16:15:46 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.10.19 21:57:24 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2008.10.19 21:56:30 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008.08.22 19:51:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2007.08.14 19:20:25 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2007.06.23 08:00:30 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.23 00:49:24 | 002,784,779 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db [2007.06.22 23:28:17 | 000,050,576 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2006.11.02 14:50:50 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 001,541,518 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 12:23:31 | 000,000,660 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 12:23:31 | 000,000,144 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll ========== LOP Check ========== [2008.12.17 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2010.06.15 22:09:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.17 21:13:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2007.06.26 08:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQLite [2007.08.21 19:50:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft [2009.02.01 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2009.07.13 17:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso [2010.10.17 21:07:02 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:260575F1 @Alternate Data Stream - 72 bytes -> C:\Windows:0A6E870EF35503B5 < End of report > Das wären die 2 Txt. Danke vielmals im voraus - ich doktor da schon 2 Tage dran rum - mit Neuinstallation etc. Und wenn man keine Ahnung hat, ist das natürlich wenig ertragreich. |
17.10.2010, 21:08 | #6 |
| HijackThis Logs zur Fehlersuche Hi, du hängst an einem Router? Hast Du schon probiert Firewall etc. auzuschalten, oder über einen anderen Rechner (Notebook) über den gleichen Anschluß ins INet zu gehen? Passiert es eher bei geschlüsselten Verbindungen? Schaue mir morgen das Log genauer an, aber was offensichtliches ist mir nicht ins Auge gefallen... Hast Du bereist Neuinstalliert und wurde dabei die Festplatte formatiert? Wenn nein: TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... MBR-Check Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
chris
__________________ --> HijackThis Logs zur Fehlersuche |
17.10.2010, 21:30 | #7 |
| HijackThis Logs zur Fehlersuche TDSSKiller benutzt, komplett gescant, nix gefunden. Firewall ausgeschaltet - keine Veränderung. Hab Firefox schon neu installiert, ebenfalls keine Änderung. MBRCheck MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: MEDION BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: MEDION System Product Name: WIM2120 Logical Drives Mask: 0x0000001c Kernel Drivers (total 143): 0x81C16000 \SystemRoot\system32\ntoskrnl.exe 0x81FC0000 \SystemRoot\system32\hal.dll 0x8580A000 \SystemRoot\system32\kdcom.dll 0x85812000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x85872000 \SystemRoot\system32\PSHED.dll 0x85883000 \SystemRoot\system32\BOOTVID.dll 0x8588B000 \SystemRoot\system32\CLFS.SYS 0x858CC000 \SystemRoot\system32\CI.dll 0x859AC000 \SystemRoot\system32\drivers\Wdf01000.sys 0x85A28000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x85A35000 \SystemRoot\system32\drivers\acpi.sys 0x85A7B000 \SystemRoot\system32\drivers\WMILIB.SYS 0x85A84000 \SystemRoot\system32\drivers\msisadrv.sys 0x85A8C000 \SystemRoot\system32\drivers\pci.sys 0x85AB3000 \SystemRoot\System32\drivers\partmgr.sys 0x85AC2000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x85AC5000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x85ACF000 \SystemRoot\system32\drivers\volmgr.sys 0x85ADE000 \SystemRoot\System32\drivers\volmgrx.sys 0x85B28000 \SystemRoot\system32\drivers\intelide.sys 0x85B2F000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x85B3D000 \SystemRoot\System32\drivers\mountmgr.sys 0x85B4D000 \SystemRoot\system32\drivers\atapi.sys 0x85B55000 \SystemRoot\system32\drivers\ataport.SYS 0x85B73000 \SystemRoot\system32\drivers\msahci.sys 0x85B7D000 \SystemRoot\system32\drivers\fltmgr.sys 0x85BAF000 \SystemRoot\system32\drivers\fileinfo.sys 0x85BBF000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x85C08000 \SystemRoot\System32\Drivers\ksecdd.sys 0x85C79000 \SystemRoot\system32\drivers\ndis.sys 0x85D84000 \SystemRoot\system32\drivers\msrpc.sys 0x85DAF000 \SystemRoot\system32\drivers\NETIO.SYS 0x85DE9000 \SystemRoot\System32\drivers\tcpip.sys 0x85ED2000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x85EED000 \SystemRoot\System32\Drivers\Ntfs.sys 0x86008000 \SystemRoot\system32\drivers\volsnap.sys 0x86041000 \SystemRoot\system32\DRIVERS\uagp35.sys 0x86052000 \SystemRoot\System32\Drivers\spldr.sys 0x8605A000 \SystemRoot\System32\Drivers\mup.sys 0x86069000 \SystemRoot\System32\drivers\ecache.sys 0x86090000 \SystemRoot\system32\drivers\disk.sys 0x860A1000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x860C2000 \SystemRoot\system32\drivers\crcdisk.sys 0x860ED000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x860F8000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x86101000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x86110000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8A004000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8A6B3000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8A752000 \SystemRoot\System32\drivers\watchdog.sys 0x8A75F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8A771000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8A780000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8A78B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8A7C9000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8A7D8000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8A7E8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x86119000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x8A7F6000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x86133000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x86146000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x86151000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8615C000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x86174000 \SystemRoot\system32\DRIVERS\serscan.sys 0x8617C000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x861AA000 \SystemRoot\system32\DRIVERS\storport.sys 0x861EB000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x861F6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8620D000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x86218000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8623B000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8624A000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8625E000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x86273000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8A7FA000 \SystemRoot\system32\DRIVERS\swenum.sys 0x86283000 \SystemRoot\system32\DRIVERS\ks.sys 0x862AD000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x862B7000 \SystemRoot\system32\DRIVERS\umbus.sys 0x862C4000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x862F8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x86309000 \SystemRoot\system32\drivers\HdAudio.sys 0x86348000 \SystemRoot\system32\drivers\portcls.sys 0x86375000 \SystemRoot\system32\drivers\drmk.sys 0x8A80E000 \SystemRoot\system32\DRIVERS\smserial.sys 0x8A905000 \SystemRoot\system32\drivers\modem.sys 0x8A912000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8A91B000 \SystemRoot\System32\Drivers\Null.SYS 0x8A922000 \SystemRoot\System32\Drivers\Beep.SYS 0x8A932000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8A939000 \SystemRoot\System32\drivers\vga.sys 0x8A945000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8A966000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8A96E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8A976000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8A981000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8A98F000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8A998000 \SystemRoot\system32\DRIVERS\msfwhlpr.sys 0x8A9A4000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8A9BA000 \SystemRoot\system32\DRIVERS\smb.sys 0x8A9CE000 \SystemRoot\system32\drivers\afd.sys 0x8AA16000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8AA48000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8AA5E000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8AA6C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8AA7F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8AA85000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8AAC1000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8AACB000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x8AAD0000 \SystemRoot\System32\Drivers\dfsc.sys 0x8AAE7000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8AB03000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8AB05000 \SystemRoot\System32\Drivers\fastfat.SYS 0x8AB2D000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8AB3A000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8AB45000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x90C10000 \SystemRoot\System32\win32k.sys 0x8AB4F000 \SystemRoot\System32\drivers\Dxapi.sys 0x8AB59000 \SystemRoot\system32\DRIVERS\monitor.sys 0x90E30000 \SystemRoot\System32\TSDDD.dll 0x90E50000 \SystemRoot\System32\cdd.dll 0x8AB68000 \SystemRoot\system32\drivers\luafv.sys 0x8AB83000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA5002000 \SystemRoot\system32\drivers\spsys.sys 0xA50B1000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA50C1000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA50D4000 \SystemRoot\system32\drivers\HTTP.sys 0xA5141000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA515E000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA5177000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA518C000 \SystemRoot\system32\drivers\mrxdav.sys 0xA51AC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA51CB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA5204000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA521C000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA5244000 \SystemRoot\System32\DRIVERS\srv.sys 0xA5292000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0xA529D000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys 0xA52AF000 \SystemRoot\system32\DRIVERS\msfwdrv.sys 0xA52C7000 \SystemRoot\system32\drivers\peauth.sys 0xA53A5000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA53AF000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA53BB000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77680000 \Windows\System32\ntdll.dll Processes (total 55): 0 System Idle Process 4 System 392 C:\Windows\System32\smss.exe 460 csrss.exe 504 C:\Windows\System32\wininit.exe 516 csrss.exe 548 C:\Windows\System32\services.exe 564 C:\Windows\System32\lsass.exe 572 C:\Windows\System32\lsm.exe 624 C:\Windows\System32\winlogon.exe 760 C:\Windows\System32\svchost.exe 840 C:\Windows\System32\svchost.exe 876 C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe 1020 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\svchost.exe 1196 C:\Windows\System32\audiodg.exe 1224 C:\Windows\System32\svchost.exe 1240 C:\Windows\System32\SLsvc.exe 1276 C:\Windows\System32\svchost.exe 1420 C:\Windows\System32\svchost.exe 1600 C:\Windows\System32\spoolsv.exe 1624 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1636 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1648 C:\Windows\System32\svchost.exe 296 C:\Windows\System32\taskeng.exe 224 C:\Windows\System32\dwm.exe 520 C:\Windows\explorer.exe 292 C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe 236 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 656 C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe 2072 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2100 C:\Windows\ehome\ehtray.exe 2192 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe 2328 C:\Windows\System32\svchost.exe 2344 C:\Windows\System32\svchost.exe 2372 C:\Windows\System32\svchost.exe 2404 C:\Windows\System32\SearchIndexer.exe 2484 C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe 2540 C:\Program Files\Microsoft Windows OneCare Live\winss.exe 2856 C:\Program Files\Windows Media Player\wmpnscfg.exe 3244 C:\Windows\ehome\ehmsas.exe 3284 C:\Program Files\Windows Media Player\wmpnetwk.exe 3432 WmiPrvSE.exe 3544 C:\Program Files\OpenOffice.org 2.2\program\soffice.exe 3768 C:\Program Files\OpenOffice.org 2.2\program\soffice.bin 912 C:\Windows\System32\taskeng.exe 3424 C:\Program Files\ICQ6.5\ICQ.exe 1052 C:\Windows\System32\wuauclt.exe 4056 C:\Program Files\Mozilla Firefox\firefox.exe 3568 C:\Windows\System32\conime.exe 3884 C:\Program Files\Skype\Phone\Skype.exe 2516 C:\Program Files\Skype\Plugin Manager\skypePM.exe 1992 C:\Program Files\Mozilla Firefox\plugin-container.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000017`9fe8de00 (FAT32) PhysicalDrive0 Model Number: WDCWD1200BEVS-22LAT0, Rev: 01.06M01 Size Device Name MBR Status -------------------------------------------- 111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! Geändert von Helen (17.10.2010 um 21:42 Uhr) |
18.10.2010, 07:01 | #8 |
| HijackThis Logs zur Fehlersuche Hi, Fix für OTL:
Code:
ATTFilter :OTL DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - No CLSID value found. O4 - HKCU..\Run: [] File not found @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:260575F1 @Alternate Data Stream - 72 bytes -> C:\Windows:0A6E870EF35503B5 :Commands [emptytemp] [resethosts] [Reboot]
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (18.10.2010 um 07:53 Uhr) |
18.10.2010, 08:12 | #9 |
| HijackThis Logs zur Fehlersuche All processes killed ========== OTL ========== Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a194578-81ea-4850-9911-13ba2d71efbd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a194578-81ea-4850-9911-13ba2d71efbd}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ADS C:\ProgramData\TEMP:260575F1 deleted successfully. ADS C:\Windows:0A6E870EF35503B5 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 72925595 bytes ->Temporary Internet Files folder emptied: 7567354 bytes ->Java cache emptied: 13658610 bytes ->FireFox cache emptied: 30656398 bytes ->Flash cache emptied: 102315 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 72 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 111134469 bytes RecycleBin emptied: 4809834065 bytes Total Files Cleaned = 4.812,00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.2.15.2 log created on 10182010_090053 Files\Folders moved on Reboot... Registry entries deleted on Reboot... keine Veränderung |
18.10.2010, 08:28 | #10 |
| HijackThis Logs zur Fehlersuche Hi, das Hosts-File hat bei Dir gefehlt, OTL sollte es resettet haben, poste einen neuen OTL-Log... Hast du schon versucht über einen anderen Rechner über den gleichen Anschluß ins INet zu gehen? Wenn das geht würde ich mal die Netzwerkkarte oder das Kabel tauschen... (Malware hängt sich selten selbst von "Ihrem" Medium, dem Internet ab...). Passiert es eher bei geschlüsselten Verbindungen? Hast du schon versucht das Netzwerk mit Windowsboardmitteln reparieren zu lassen? chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
18.10.2010, 14:03 | #11 |
| HijackThis Logs zur Fehlersuche iOTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2010 14:44:03 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 326,00 Mb Available Physical Memory | 32,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,50 Gb Total Space | 44,77 Gb Free Space | 47,38% Space Free | Partition Type: NTFS Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32 Drive E: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org) ========== Modules (SafeList) ========== MOD - c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (winss) -- C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) SRV - (OcHealthMon) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) SRV - (OneCareMP) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (msfwsvc) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (MSFWDrv) -- C:\Windows\System32\drivers\msfwdrv.sys (Microsoft Corporation) DRV - (MSFWHLPR) -- C:\Windows\System32\drivers\msfwhlpr.sys (Microsoft Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.17 21:19:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.17 21:19:25 | 000,000,000 | ---D | M] [2008.12.15 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.17 17:20:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions [2010.07.31 11:51:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.11 19:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.12 10:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\moveplayer@movenetworks.com [2010.10.17 17:24:33 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-1.xml [2008.10.22 10:01:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-2.xml [2008.11.16 21:52:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-3.xml [2009.04.20 08:17:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-4.xml [2009.04.21 20:19:11 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-5.xml [2008.07.08 09:51:56 | 000,000,951 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin.xml [2010.10.17 21:19:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.06.24 10:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.07 10:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.07 11:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.18 09:02:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - No CLSID value found. O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.18 09:00:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010.10.17 20:27:19 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.10.14 06:20:00 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 06:19:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.14 06:18:22 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 06:17:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 06:17:57 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 06:17:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.14 06:17:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.14 06:17:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.14 06:17:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.14 06:17:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.14 06:17:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 06:17:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.14 06:17:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.14 06:17:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.14 06:17:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.14 06:17:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.14 06:17:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.14 06:17:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.14 06:17:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.14 06:17:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.14 06:17:45 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 06:17:44 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 06:17:38 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 06:17:33 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.14 06:17:28 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.09.30 17:39:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009.07.09 17:26:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys [2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll ========== Files - Modified Within 30 Days ========== [2010.10.18 14:18:53 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.18 14:18:52 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.18 14:18:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.18 09:04:31 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys [2010.10.18 09:02:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010.10.17 21:19:29 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.17 21:04:17 | 000,014,224 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json [2010.10.17 20:44:32 | 000,002,525 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk [2010.10.17 20:31:16 | 000,145,938 | ---- | M] () -- C:\Users\***\Desktop\Hijack.jpg [2010.10.17 17:07:26 | 000,237,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.13 21:36:24 | 000,066,048 | ---- | M] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc [2010.10.12 20:19:36 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\J.doc [2010.10.12 18:37:56 | 000,167,833 | ---- | M] () -- C:\Users\***\Desktop\styletipps.rar [2010.10.12 15:53:26 | 011,497,791 | ---- | M] () -- C:\Users\***\Desktop\styletipp.rar [2010.10.09 02:13:39 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.09 02:13:39 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.09 02:13:38 | 000,664,270 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.09 02:13:38 | 000,142,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.23 22:14:04 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2010.10.17 21:19:29 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.17 21:04:17 | 000,014,224 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json [2010.10.17 20:31:16 | 000,145,938 | ---- | C] () -- C:\Users\***\Desktop\Hijack.jpg [2010.10.17 20:27:24 | 000,002,525 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk [2010.10.13 21:36:21 | 000,066,048 | ---- | C] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc [2010.10.12 20:19:34 | 000,080,896 | ---- | C] () -- C:\Users\***\Desktop\J.doc [2010.10.12 18:37:56 | 000,167,833 | ---- | C] () -- C:\Users\***\Desktop\styletipps.rar [2010.10.12 15:51:31 | 011,497,791 | ---- | C] () -- C:\Users\***\Desktop\styletipp.rar [2010.04.26 10:05:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.09 17:29:17 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll [2009.07.09 17:29:11 | 000,000,033 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log [2009.07.09 17:26:40 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2009.07.09 17:26:40 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2009.07.09 17:26:40 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll [2009.01.31 16:15:46 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.08.22 19:51:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2007.08.14 19:20:25 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2007.06.23 08:00:30 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.10.2010 14:44:07 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 326,00 Mb Available Physical Memory | 32,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,50 Gb Total Space | 44,77 Gb Free Space | 47,38% Space Free | Partition Type: NTFS Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32 Drive E: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3947326332-630706141-2089850424-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{17F4B6EF-A17F-455B-B70F-47B9741217D9}" = rport=138 | protocol=17 | dir=out | app=system | "{418907D4-A6CE-4F3A-A93C-93EA5A9056D4}" = lport=137 | protocol=17 | dir=in | app=system | "{56A81444-85D4-49E9-BC4F-0B7B51A61E74}" = lport=138 | protocol=17 | dir=in | app=system | "{6A09DCE4-4DF0-4484-A649-5B8664C49450}" = lport=139 | protocol=6 | dir=in | app=system | "{924E09E6-5F77-4DCE-AB28-B6D71FD4F9E2}" = rport=139 | protocol=6 | dir=out | app=system | "{973D1399-2FB3-4498-B394-9E2D220D95EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AAFCC71A-A25F-4ACD-ACC0-37E8BF41F20F}" = rport=137 | protocol=17 | dir=out | app=system | "{BF792065-D02C-4C9F-AC27-14767D37EE66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E21E4B23-2217-4D03-B56A-065D002091E8}" = lport=445 | protocol=6 | dir=in | app=system | "{F7D8B7B8-4155-4BCB-9555-D509167E0C4B}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2F73C362-BFF5-4030-9210-CF0366A424F6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\***\counter-strike\hl.exe | "{379F429F-DCC2-4ACD-A986-1E90ED746F96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3F95632C-36C9-4369-96BF-03E989154444}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4B8CDBB5-5FED-4D0B-A284-23A32BCF45C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{82C2E825-9660-4148-93E3-F1639A756B9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8594EC3D-1228-4917-8534-7C4E7013010F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{951D2455-32CB-49FF-9937-58E3F88E436D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C326AE81-1CBD-4298-B23F-5989647A9E97}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{EB8B3198-6823-40D6-95BF-F4935BC8EB35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\***\counter-strike\hl.exe | "TCP Query User{2DD9E89F-4FE5-4070-936A-B2B58F231045}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{33B530FC-91F0-4DB8-9718-47D2D1D69A26}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | "TCP Query User{BF0324EC-B880-4364-A849-3E3A4DC19564}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{D21775D6-9CD7-45F9-854F-A4D8D388A10A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{0DD20A2E-E2B3-42BF-B669-A8D56266B755}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | "UDP Query User{4050A612-8AA1-459B-AD13-F4E57613FB65}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{63962421-CE0C-41A5-AC4F-C74C61F17B4B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{65097969-CF41-4FD1-BCB4-C5BEF6E4B8B6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.20 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare "{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1 "{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting "{94AE1214-8B04-4E1F-BE05-BAB20B6DDF43}" = Microsoft Protection Service "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.20 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus "{E4C7B3EF-B3DB-4BB6-A812-E8FAE47534D3}" = OpenOffice.org 2.2 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CloneDVD2" = CloneDVD2 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Shrink_is1" = DVD Shrink 3.2 "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VideoLAN VLC media player 0.8.6h "WinRAR archiver" = WinRAR "WinSS" = Windows Live OneCare ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09.10.2010 11:12:32 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 12.10.2010 10:13:29 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 12.10.2010 12:30:41 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 14.10.2010 07:46:35 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 14.10.2010 08:35:03 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 14.10.2010 09:14:15 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 14.10.2010 09:17:59 | Computer Name = Helenchen | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel 0x4907e242, fehlerhaftes Modul msxml6.dll, Version 6.20.4001.0, Zeitstempel 0x4a7ffde1, Ausnahmecode 0xc0000005, Fehleroffset 0x000091ea, Prozess-ID 0xlÍF lÍF $, Anwendungsstartzeit lÍF lÍF $. Error - 17.10.2010 11:12:45 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 17.10.2010 11:41:16 | Computer Name = Helenchen | Source = Application Hang | ID = 1002 Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: c5c Anfangszeit: 01cb6e11a0e0a28b Zeitpunkt der Beendigung: 15 Error - 17.10.2010 15:10:52 | Computer Name = Helenchen | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 17.10.2010 18:27:07 | Computer Name = Helenchen | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 17.10.2010 18:28:08 | Computer Name = Helenchen | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 17.10.2010 18:28:14 | Computer Name = Helenchen | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 17.10.2010 18:28:19 | Computer Name = Helenchen | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 17.10.2010 18:28:25 | Computer Name = Helenchen | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 18.10.2010 02:49:11 | Computer Name = Helenchen | Source = HTTP | ID = 15016 Description = Error - 18.10.2010 02:49:54 | Computer Name = Helenchen | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse 0016D3810699 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 18.10.2010 03:00:55 | Computer Name = Helenchen | Source = Service Control Manager | ID = 7031 Description = Error - 18.10.2010 03:04:44 | Computer Name = Helenchen | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse 0016D3810699 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 18.10.2010 03:04:45 | Computer Name = Helenchen | Source = HTTP | ID = 15016 Description = [ Windows OneCare Events ] Error - 14.04.2009 03:30:21 | Computer Name = Helenchen | Source = WinSS | ID = 1002 Description = Dienst konnte nicht gestartet werden. < End of report > Boardmittel ja, erfolglos ja, andere Rechner auch - die kamen problemlos auf die Seiten. |
18.10.2010, 14:15 | #12 |
| HijackThis Logs zur Fehlersuche Hi, bringt er da einen Fehlertext? Oder sagt er es sei alles i. O. und das wars dann? Schau mir die Logs heute abend an, muss jetzt leider weg... Schau zwischenzeitlich hier mal rein: Internetstörungen – Übersicht der häufigsten Probleme und Fehlerquellen chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
18.10.2010, 14:18 | #13 |
| HijackThis Logs zur Fehlersuche "regsvr32 urlmon.dll" geht bei "shdocvw.dll" sagter mir, dass das nicht geladen wurde, dllregisterserver-eingangspunkt würde nicht gefunden. und ich solle sicherstellen, dass das eine gültige datei ist und den vorgang wiederholen bei ACTXPRXy.dll steht "fehlercode 0x80070005" - und ich solle online nach dem fehlercode suchen bei oleaut32 steht das gleiche - s. fehlercode bei mshtml wurd der eingangspkt nicht gefunden bei browseui auch nich shell32 funktioniert regsvr32 /u wuv3is.dllkann nicht geladen werden, binärdatei am angegebenen pfad gespeichert? Datei debuggen - modul nicht gefunden |
18.10.2010, 20:57 | #14 |
| HijackThis Logs zur Fehlersuche Habe gerade einen Durchlauf mit Malwarebytes gemacht - hat 22 infizierte Dateien gefunden - habe diese gelöscht. Hier ist der Bericht dazu - leider hat sich (auch nach einem Neustart) nichts verändert Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4875 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18975 18.10.2010 21:30:23 mbam-log-2010-10-18 (21-30-23).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 131077 Laufzeit: 10 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 22 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Hab die Scan.Txt Datei von MFT bei OTL eingefügt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2010 22:04:50 - Run 3 OTL by OldTimer - Version 3.2.15.2 Folder = c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 289,00 Mb Available Physical Memory | 28,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,50 Gb Total Space | 45,71 Gb Free Space | 48,37% Space Free | Partition Type: NTFS Drive D: | 17,28 Gb Total Space | 6,36 Gb Free Space | 36,78% Space Free | Partition Type: FAT32 Drive E: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox1.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft Windows OneCare Live\winssnotifye.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org) ========== Modules (SafeList) ========== MOD - c:\Users\***\Documents\ICQ\175918017\ReceivedFiles\190560107 Marvin\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation) MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation) MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation) MOD - C:\Windows\System32\duser.dll (Microsoft Corporation) MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\System32\IconCodecService.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (winss) -- C:\Programme\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation) SRV - (OcHealthMon) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation) SRV - (OneCareMP) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (msfwsvc) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (MSFWDrv) -- C:\Windows\System32\drivers\msfwdrv.sys (Microsoft Corporation) DRV - (MSFWHLPR) -- C:\Windows\System32\drivers\msfwhlpr.sys (Microsoft Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.17 21:19:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.17 21:19:25 | 000,000,000 | ---D | M] [2008.12.15 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.18 19:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions [2010.07.31 11:51:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.11 19:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.12 10:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmwu8uhw.default\extensions\moveplayer@movenetworks.com [2010.10.17 17:24:33 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-1.xml [2008.10.22 10:01:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-2.xml [2008.11.16 21:52:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-3.xml [2009.04.20 08:17:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-4.xml [2009.04.21 20:19:11 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin-5.xml [2008.07.08 09:51:56 | 000,000,951 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hmwu8uhw.default\searchplugins\icqplugin.xml [2010.10.17 21:19:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.06.24 10:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.07 10:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.07 11:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.18 09:02:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd} - No CLSID value found. O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.10.18 21:59:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.10.18 21:18:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.10.18 21:17:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.18 21:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.18 21:17:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.18 21:17:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.18 09:00:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010.10.17 20:27:19 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.08.11 13:30:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Rammstein Referat [2009.07.09 17:26:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys [2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll ========== Files - Modified Within 90 Days ========== [2010.10.18 21:47:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.18 21:47:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.18 21:46:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.18 21:46:46 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys [2010.10.18 09:02:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010.10.17 21:19:29 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.17 21:04:17 | 000,014,224 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json [2010.10.17 20:44:32 | 000,002,525 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk [2010.10.17 17:07:26 | 000,237,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.13 21:36:24 | 000,066,048 | ---- | M] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc [2010.10.12 20:19:36 | 000,080,896 | ---- | M] () -- C:\Users\***\Desktop\J.doc [2010.10.12 18:37:56 | 000,167,833 | ---- | M] () -- C:\Users\***\Desktop\styletipps.rar [2010.10.12 15:53:26 | 011,497,791 | ---- | M] () -- C:\Users\***\Desktop\styletipp.rar [2010.10.09 02:13:39 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.09 02:13:39 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.09 02:13:38 | 000,664,270 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.09 02:13:38 | 000,142,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.23 22:14:04 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.08 01:12:15 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.09.07 11:21:53 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.07.31 01:15:26 | 000,000,165 | -HS- | M] () -- C:\ProgramData\.zreglib [2010.07.30 22:04:41 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk ========== Files Created - No Company Name ========== [2010.10.18 20:56:42 | 1063,444,480 | -HS- | C] () -- C:\hiberfil.sys [2010.10.17 21:19:29 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.17 21:04:17 | 000,014,224 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2010-10-17.json [2010.10.17 20:27:24 | 000,002,525 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk [2010.10.13 21:36:21 | 000,066,048 | ---- | C] () -- C:\Users\***\Desktop\Jenseits von Sinn und Sinnlosigkeit.doc [2010.10.12 20:19:34 | 000,080,896 | ---- | C] () -- C:\Users\***\Desktop\J.doc [2010.10.12 18:37:56 | 000,167,833 | ---- | C] () -- C:\Users\***\Desktop\styletipps.rar [2010.10.12 15:51:31 | 011,497,791 | ---- | C] () -- C:\Users\***\Desktop\styletipp.rar [2010.04.26 10:05:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.09 17:29:17 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll [2009.07.09 17:29:11 | 000,000,033 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log [2009.07.09 17:26:40 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2009.07.09 17:26:40 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2009.07.09 17:26:40 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll [2009.01.31 16:15:46 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.08.22 19:51:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2007.08.14 19:20:25 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2007.06.23 08:00:30 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2008.12.17 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2010.06.15 22:09:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelper [2010.10.18 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2007.06.26 08:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQLite [2007.08.21 19:50:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft [2009.02.01 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2009.07.13 17:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso [2010.10.18 21:45:33 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008.01.19 09:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2007.06.22 23:58:44 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.10.18 21:46:46 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys [2007.01.13 04:02:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.06.01 23:21:42 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini [2007.01.13 04:02:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.10.18 21:46:44 | 1377,247,232 | -HS- | M] () -- C:\pagefile.sys [2010.10.17 22:15:48 | 000,055,662 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_17.10.2010_22.15.13_log.txt [2010.10.17 22:17:36 | 000,055,662 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_17.10.2010_22.17.06_log.txt [2009.02.07 00:08:23 | 000,000,160 | ---- | M] () -- C:\TO_InstallLog.txt < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.12.09 12:40:43 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old\Windows\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows.old\Windows\System32\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\System32\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 13:51:18 < End of report > Geändert von Helen (18.10.2010 um 21:32 Uhr) |
19.10.2010, 06:55 | #15 |
| HijackThis Logs zur Fehlersuche Hi, das sieht nach einem teilzerschossenen Systeme aus (zumindest was ActiveX angeht)... Win7/Vista 1.Die Befehlszeile aufrufen über Start -> Im Suchfeld „cmd“ eingeben Nun nicht Enter drücken sondern folgende Tastenkombination: [Strg]+[Umschalten/Shift]+[Return/Eingabe] Damit wird die Console als Administrator gestartet, was unerlässlich für die Reperatur ist. Alternativ über Rechtsklick auf den Desktop, Neu-Verknüpfung erstellen, Ziel: C:\Windows\System32\cmd.exe Name eingeben, Fertig. Dann Rechtsklick auf die neu erstellte Verknüpfung und "Ausführen als Administrator" auswählen. 2.Nun in der Befehlszeile/Console folgenden Befehl eingeben: sfc /scannow 3.Nun wird die Systemsuche gestartet und die defekten Dateien werken lokalisiert. Nun nur noch die Win7/Vista DVD einlegen und die defekten Dateien werden durch die von der DVD ersetzt. 4.Unbedingt ein Windows Update ausführen um die reparierten Systemdateien auf dem neuesten Stand zu haben. Wenn es danach immer noch nicht funktioniert: Verbessern Sie die Leistung und Sicherheit von Internet Explorer Dann rechts den Button "Jetzt ausführen"... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
Themen zu HijackThis Logs zur Fehlersuche |
adobe, antivir, antivir guard, avg, avira, bho, browser, defender, desktop, ebay, explorer, firefox, hijack, hijackthis, internet, internet explorer, mozilla, nicht starten, plug-in, router, seiten, software, starten, system, vista, windows, wmp |