|
Log-Analyse und Auswertung: Trojaerfund und zwei HijackereinträgeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.12.2010, 20:32 | #1 |
| Trojaerfund und zwei Hijackereinträge Hallo Nachdem mein Spyware einen Trojaner entdeckte (opachki.ru), habe ich nun auch noch malware laufenlassen, welche mir die zwei Hijacker-Einträge aufdeckte. Den Trojaner hab ich gelöscht und die Einträge sind noch in Quarantäne. Ich weiss natürlich nicht, wie lange die Dinger schon wirkten, und auch nicht was. Auffallend ist nur, dass sich der WLAN öfters abhängt, jedoch unregelmässig. Ich habe die Logfiles hier: malware: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5363 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 22.12.2010 19:42:30 mbam-log-2010-12-22 (19-42-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 310031 Laufzeit: 1 Stunde(n), 21 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.12.2010 19:52:37 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000807 | Country: *** | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 141.62 Gb Free Space | 47.51% Space Free | Partition Type: NTFS Computer Name: PAPI-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe File not found PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (ntcdrdrv) -- C:\Windows\System32\DRIVERS\ntcdrdrv.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (FXDrv32) -- D:\FXDrv32.sys File not found DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (bbcap) -- C:\Windows\System32\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology Corp.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (RTLWUSB) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.stegcomputer.ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://bazonline.ch/schweiz/" FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.8 FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.20 20:13:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 21:42:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 13:56:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.20 20:13:23 | 000,000,000 | ---D | M] [2010.09.08 08:34:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.08 08:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.22 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions [2010.04.28 06:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Papi\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.08.28 20:38:30 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} [2010.11.11 15:03:24 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.10.26 07:42:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.11.11 13:56:37 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010.12.21 16:12:00 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2009.03.15 18:59:06 | 000,000,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\ask.xml [2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\iMeshWebSearch.xml [2010.11.11 16:45:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.13 23:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.11 16:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.11 16:45:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.03.03 16:31:22 | 000,162,072 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2010.07.25 22:00:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.25 22:00:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml [2010.07.25 22:00:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.25 22:00:30 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.25 22:00:30 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.25 15:26:47 | 000,414,821 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 14325 more lines... O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.22 19:48:51 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.12.20 20:48:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2010.12.20 20:48:52 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2010.12.20 20:48:51 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2010.12.20 20:24:12 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2010.12.20 20:13:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.12.20 20:12:28 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2010.12.20 20:11:58 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2010.12.20 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2010.12.15 11:44:50 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.15 11:43:54 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.15 11:43:54 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.15 11:43:54 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.15 11:43:26 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.15 11:43:25 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.15 11:43:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.15 11:43:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.15 11:42:32 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.15 11:42:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.12.15 11:42:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.12.15 11:42:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.15 11:42:27 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.15 11:42:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.15 11:42:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.15 11:42:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.15 11:42:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.15 11:42:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.12.15 11:42:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.12.15 11:42:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.12.15 11:42:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.12.15 11:42:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.15 11:42:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.15 11:42:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.15 11:42:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.15 11:41:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.09 20:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blueberry [2010.12.04 13:11:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\276_chanukkalieder 3-1 [2010.12.04 11:47:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\chanukka1 [2010.12.02 07:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2010.11.24 21:54:05 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre ========== Files - Modified Within 30 Days ========== [2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2010.12.22 19:48:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Papi\Desktop\OTL.exe [2010.12.22 19:47:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.12.22 19:46:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.22 19:46:23 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err [2010.12.22 19:45:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.22 19:44:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.22 19:44:13 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys [2010.12.22 19:01:10 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2010.12.22 18:00:04 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job [2010.12.22 17:43:24 | 000,001,374 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_174319.reg [2010.12.22 17:36:53 | 000,000,536 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173649.reg [2010.12.22 17:36:25 | 000,019,622 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173618.reg [2010.12.22 15:38:15 | 000,018,944 | ---- | M] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr [2010.12.22 15:38:15 | 000,002,272 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.12.20 20:49:43 | 000,146,944 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.20 20:34:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.12.20 20:34:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.12.20 19:53:13 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.20 19:53:13 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.20 19:53:13 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.20 19:53:13 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.16 19:38:41 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.09 22:00:37 | 2375,922,974 | ---- | M] () -- C:\Users\***\Desktop\Tierfilm.fbr [2010.12.07 11:18:21 | 000,000,821 | ---- | M] () -- C:\Users\***\Desktop\HhDez10.lnk [2010.12.05 22:03:48 | 002,716,939 | ---- | M] () -- C:\Users\***\Desktop\traum yaschuah.wma [2010.11.24 21:54:06 | 000,000,845 | ---- | M] () -- C:\Users\***\Desktop\PhotoFiltre.lnk [2010.11.23 11:02:05 | 000,753,363 | ---- | M] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif ========== Files Created - No Company Name ========== [2010.12.22 17:43:22 | 000,001,374 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_174319.reg [2010.12.22 17:36:51 | 000,000,536 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173649.reg [2010.12.22 17:36:22 | 000,019,622 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173618.reg [2010.12.22 17:13:20 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job [2010.12.22 11:59:55 | 000,018,944 | ---- | C] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr [2010.12.20 20:34:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.12.20 20:34:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.12.20 20:24:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2010.12.09 22:01:02 | 2375,922,974 | ---- | C] () -- C:\Users\***\Desktop\Tierfilm.fbr [2010.12.07 11:18:21 | 000,000,821 | ---- | C] () -- C:\Users\***\Desktop\HhDez10.lnk [2010.12.05 22:03:47 | 002,716,939 | ---- | C] () -- C:\Users\***\Desktop\traum yaschuah.wma [2010.11.24 21:54:06 | 000,000,845 | ---- | C] () -- C:\Users\***\Desktop\PhotoFiltre.lnk [2010.11.23 11:02:03 | 000,753,363 | ---- | C] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif [2010.11.15 03:07:02 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.06.03 18:56:40 | 000,000,278 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2010.06.02 12:16:44 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.05.13 22:59:27 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini [2010.03.04 21:31:41 | 000,025,600 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2009.10.23 14:20:02 | 000,001,024 | ---- | C] () -- C:\ProgramData\1pdfdec.dll [2009.10.23 14:19:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini [2009.09.11 12:40:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.27 19:32:48 | 000,076,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Smiley.ico [2009.06.28 10:40:13 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.06.13 20:52:15 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.08.27 19:00:09 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.08.27 12:48:43 | 000,002,272 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.08.26 18:26:27 | 000,146,944 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.04 11:44:57 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2008.07.04 11:44:57 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2008.07.04 11:44:57 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2008.07.04 11:44:57 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2008.07.04 11:44:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.05.21 15:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alpen 3D Online [2010.12.09 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blueberry [2010.06.06 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2010.12.20 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.06.02 12:48:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2009.02.04 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DreamChess [2010.11.14 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2010.06.06 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalBurner AudioCD Ripper [2010.05.29 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer [2010.12.09 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2009.03.15 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit [2010.06.03 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder [2010.05.13 23:30:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LogSys [2010.06.21 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg [2010.01.15 17:03:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NASA [2010.02.01 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2009.03.15 16:19:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.09.14 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Paltalk [2009.12.13 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.06.21 00:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre [2010.08.18 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2009.10.20 11:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PixelPlanet [2008.08.27 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.09.08 08:34:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job [2010.12.22 19:43:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 837 bytes -> C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty @Alternate Data Stream - 777 bytes -> C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.12.2010 19:52:37 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000807 | Country: *** | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 141.62 Gb Free Space | 47.51% Space Free | Partition Type: NTFS Computer Name: PAPI-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe File not found PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (ntcdrdrv) -- C:\Windows\System32\DRIVERS\ntcdrdrv.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (FXDrv32) -- D:\FXDrv32.sys File not found DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (bbcap) -- C:\Windows\System32\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology Corp.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (RTLWUSB) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.stegcomputer.ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://bazonline.ch/schweiz/" FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.8 FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.20 20:13:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 21:42:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 13:56:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.20 20:13:23 | 000,000,000 | ---D | M] [2010.09.08 08:34:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.08 08:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.22 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions [2010.04.28 06:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Papi\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.08.28 20:38:30 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} [2010.11.11 15:03:24 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.10.26 07:42:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.11.11 13:56:37 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010.12.21 16:12:00 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2009.03.15 18:59:06 | 000,000,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\ask.xml [2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\iMeshWebSearch.xml [2010.11.11 16:45:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.13 23:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.11 16:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.11 16:45:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.03.03 16:31:22 | 000,162,072 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2010.07.25 22:00:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.25 22:00:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml [2010.07.25 22:00:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.25 22:00:30 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.25 22:00:30 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.25 15:26:47 | 000,414,821 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 14325 more lines... O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.22 19:48:51 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.12.20 20:48:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2010.12.20 20:48:52 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2010.12.20 20:48:51 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2010.12.20 20:24:12 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2010.12.20 20:13:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.12.20 20:12:28 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2010.12.20 20:11:58 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2010.12.20 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2010.12.15 11:44:50 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.15 11:43:54 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.15 11:43:54 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.15 11:43:54 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.15 11:43:26 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.15 11:43:25 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.15 11:43:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.15 11:43:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.15 11:42:32 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.15 11:42:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.12.15 11:42:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.12.15 11:42:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.15 11:42:27 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.15 11:42:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.15 11:42:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.15 11:42:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.15 11:42:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.15 11:42:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.12.15 11:42:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.12.15 11:42:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.12.15 11:42:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.12.15 11:42:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.15 11:42:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.15 11:42:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.15 11:42:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.15 11:41:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.09 20:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blueberry [2010.12.04 13:11:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\276_chanukkalieder 3-1 [2010.12.04 11:47:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\chanukka1 [2010.12.02 07:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2010.11.24 21:54:05 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre ========== Files - Modified Within 30 Days ========== [2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2010.12.22 19:48:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Papi\Desktop\OTL.exe [2010.12.22 19:47:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.12.22 19:46:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.22 19:46:23 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err [2010.12.22 19:45:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.22 19:44:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.22 19:44:13 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys [2010.12.22 19:01:10 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2010.12.22 18:00:04 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job [2010.12.22 17:43:24 | 000,001,374 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_174319.reg [2010.12.22 17:36:53 | 000,000,536 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173649.reg [2010.12.22 17:36:25 | 000,019,622 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173618.reg [2010.12.22 15:38:15 | 000,018,944 | ---- | M] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr [2010.12.22 15:38:15 | 000,002,272 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.12.20 20:49:43 | 000,146,944 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.20 20:34:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.12.20 20:34:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.12.20 19:53:13 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.20 19:53:13 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.20 19:53:13 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.20 19:53:13 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.16 19:38:41 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.09 22:00:37 | 2375,922,974 | ---- | M] () -- C:\Users\***\Desktop\Tierfilm.fbr [2010.12.07 11:18:21 | 000,000,821 | ---- | M] () -- C:\Users\***\Desktop\HhDez10.lnk [2010.12.05 22:03:48 | 002,716,939 | ---- | M] () -- C:\Users\***\Desktop\traum yaschuah.wma [2010.11.24 21:54:06 | 000,000,845 | ---- | M] () -- C:\Users\***\Desktop\PhotoFiltre.lnk [2010.11.23 11:02:05 | 000,753,363 | ---- | M] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif ========== Files Created - No Company Name ========== [2010.12.22 17:43:22 | 000,001,374 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_174319.reg [2010.12.22 17:36:51 | 000,000,536 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173649.reg [2010.12.22 17:36:22 | 000,019,622 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173618.reg [2010.12.22 17:13:20 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job [2010.12.22 11:59:55 | 000,018,944 | ---- | C] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr [2010.12.20 20:34:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.12.20 20:34:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.12.20 20:24:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2010.12.09 22:01:02 | 2375,922,974 | ---- | C] () -- C:\Users\***\Desktop\Tierfilm.fbr [2010.12.07 11:18:21 | 000,000,821 | ---- | C] () -- C:\Users\***\Desktop\HhDez10.lnk [2010.12.05 22:03:47 | 002,716,939 | ---- | C] () -- C:\Users\***\Desktop\traum yaschuah.wma [2010.11.24 21:54:06 | 000,000,845 | ---- | C] () -- C:\Users\***\Desktop\PhotoFiltre.lnk [2010.11.23 11:02:03 | 000,753,363 | ---- | C] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif [2010.11.15 03:07:02 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.06.03 18:56:40 | 000,000,278 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2010.06.02 12:16:44 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.05.13 22:59:27 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini [2010.03.04 21:31:41 | 000,025,600 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2009.10.23 14:20:02 | 000,001,024 | ---- | C] () -- C:\ProgramData\1pdfdec.dll [2009.10.23 14:19:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini [2009.09.11 12:40:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.27 19:32:48 | 000,076,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Smiley.ico [2009.06.28 10:40:13 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.06.13 20:52:15 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.08.27 19:00:09 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.08.27 12:48:43 | 000,002,272 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.08.26 18:26:27 | 000,146,944 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.04 11:44:57 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2008.07.04 11:44:57 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2008.07.04 11:44:57 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2008.07.04 11:44:57 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2008.07.04 11:44:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.05.21 15:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alpen 3D Online [2010.12.09 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blueberry [2010.06.06 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2010.12.20 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.06.02 12:48:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2009.02.04 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DreamChess [2010.11.14 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2010.06.06 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalBurner AudioCD Ripper [2010.05.29 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer [2010.12.09 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2009.03.15 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit [2010.06.03 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder [2010.05.13 23:30:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LogSys [2010.06.21 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg [2010.01.15 17:03:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NASA [2010.02.01 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2009.03.15 16:19:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.09.14 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Paltalk [2009.12.13 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.06.21 00:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre [2010.08.18 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2009.10.20 11:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PixelPlanet [2008.08.27 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.09.08 08:34:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job [2010.12.22 19:43:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 837 bytes -> C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty @Alternate Data Stream - 777 bytes -> C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty < End of report > Danke für das Reinschauen. PS: Wann ist denn der Platz aufgebraucht, von wegen Zippen? |
06.01.2011, 20:12 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaerfund und zwei Hijackereinträge So, kümmer mich auch nun um diesen zweiten(?) Rechner von dir. Ist doch ein anderer Rechner?
__________________Mach bitte einen Vollscan mit MBAM und aktuellen Signaturen. Poste dieses Log dann und auch etwaige andere, also alle Logs, die unterm Reiter Logdateien sichtbar sind.
__________________ |
07.01.2011, 11:47 | #3 |
| Trojaerfund und zwei Hijackereinträge Ja, das ist ein anderer Rechner.
__________________Es gab keine funde im Scan. Hier das neueste Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5475 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 07.01.2011 11:30:47 mbam-log-2011-01-07 (11-30-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 312800 Laufzeit: 1 Stunde(n), 21 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Und hier die Alten: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3510 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 10.02.2010 12:04:34 mbam-log-2010-02-10 (12-04-34).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 52654 Laufzeit: 9 minute(s), 24 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3510 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 10.02.2010 18:22:52 mbam-log-2010-02-10 (18-22-52).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 254497 Laufzeit: 1 hour(s), 0 minute(s), 13 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3510 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 13.02.2010 10:29:58 mbam-log-2010-02-13 (10-29-58).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 164321 Laufzeit: 50 minute(s), 47 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3732 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 13.02.2010 11:26:56 mbam-log-2010-02-13 (11-26-56).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|) Durchsuchte Objekte: 259338 Laufzeit: 53 minute(s), 43 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3732 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 15.02.2010 15:25:22 mbam-log-2010-02-15 (15-25-22).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 7824 Laufzeit: 16 minute(s), 0 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3732 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 15.02.2010 17:18:04 mbam-log-2010-02-15 (17-18-04).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 1 Laufzeit: 3 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5363 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 22.12.2010 19:42:30 mbam-log-2010-12-22 (19-42-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 310031 Laufzeit: 1 Stunde(n), 21 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
07.01.2011, 13:31 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaerfund und zwei Hijackereinträge Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL DRV - (FXDrv32) -- D:\FXDrv32.sys File not found O33 - MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found O33 - MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found @Alternate Data Stream - 837 bytes -> C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty @Alternate Data Stream - 777 bytes -> C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.01.2011, 15:02 | #5 |
| Trojaerfund und zwei Hijackereinträge ja, Rechner wurde neugestartet. Log: All processes killed ========== OTL ========== Service FXDrv32 stopped successfully! Service FXDrv32 deleted successfully! File D:\FXDrv32.sys File not found not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bd54afb-6337-11df-9be0-0018e726c5db}\ not found. File J:\installer.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{700bc62d-6c16-11df-826d-0018e726c5db}\ not found. File J:\installer.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{918fd52b-6400-11df-ba96-0018e726c5db}\ not found. File J:\installer.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f180735f-df73-11df-a8c2-0018e726c5db}\ not found. File J:\installer.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\ not found. File I:\Launcher.exe not found. ADS C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty deleted successfully. ADS C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Papi ->Temp folder emptied: 10717107 bytes ->Temporary Internet Files folder emptied: 51199975 bytes ->Java cache emptied: 64868078 bytes ->FireFox cache emptied: 87211559 bytes ->Flash cache emptied: 29655 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 145644 bytes RecycleBin emptied: 96600577 bytes Total Files Cleaned = 296.00 mb OTL by OldTimer - Version 3.2.18.0 log created on 01072011_144534 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... Wenn ich das so durchlese, dann scheinen einige Einträge nicht wirklich zu existieren, oder verstecken sich |
07.01.2011, 15:06 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaerfund und zwei Hijackereinträge Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Trojaerfund und zwei Hijackereinträge |
07.01.2011, 15:56 | #7 |
| Trojaerfund und zwei Hijackereinträge Combo-Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-01-06.06 - Papi 07.01.2011 15:27:10.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.41.1031.18.2036.1100 [GMT 1:00] ausgeführt von:: c:\users\Papi\Desktop\cofi.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Install.exe c:\programdata\1pdfdec.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-12-07 bis 2011-01-07 )))))))))))))))))))))))))))))) . 2011-01-07 13:45 . 2011-01-07 13:45 -------- d-----w- C:\_OTL 2011-01-06 20:27 . 2011-01-06 20:27 2090248 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-12-20 19:48 . 2009-07-14 17:45 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2010-12-20 19:48 . 2009-07-14 17:48 64512 ----a-w- c:\windows\system32\WUDFSvc.dll 2010-12-20 19:48 . 2009-07-14 17:48 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2010-12-20 19:48 . 2009-07-14 17:48 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll 2010-12-20 19:48 . 2009-07-14 17:45 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2010-12-20 19:48 . 2009-07-14 17:45 195584 ----a-w- c:\windows\system32\WUDFHost.exe 2010-12-20 19:48 . 2009-07-14 17:48 567808 ----a-w- c:\windows\system32\WUDFx.dll 2010-12-20 19:24 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2010-12-20 19:24 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2010-12-20 19:12 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2010-12-20 19:11 . 2010-12-20 19:12 -------- d-----w- c:\program files\PC Connectivity Solution 2010-12-20 19:06 . 2010-12-20 19:06 -------- d-----w- c:\programdata\NokiaInstallerCache 2010-12-15 10:44 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll 2010-12-15 10:44 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe 2010-12-15 10:44 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe 2010-12-15 10:44 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys 2010-12-15 10:43 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll 2010-12-15 10:43 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-12-15 10:43 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll 2010-12-15 10:43 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll 2010-12-15 10:43 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe 2010-12-15 10:43 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe 2010-12-15 10:43 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-12-15 10:43 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll 2010-12-15 10:43 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-12-15 10:41 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll 2010-12-15 10:41 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2010-12-09 19:07 . 2010-12-09 19:07 -------- d-----w- c:\programdata\Blueberry . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 17:09 . 2010-02-10 10:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-02-10 10:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-11 15:45 . 2010-05-13 22:19 472808 ----a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}] 2009-07-31 11:58 91568 ----a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208] "Skytel"="Skytel.exe" [2007-08-03 1826816] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2010-8-7 12734216] Philips GoGear Spark Gere-Manager.lnk - c:\program files\Philips\GoGear Spark Device Manager\main.exe [2010-5-19 7974455] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c986e543ae0809;Google Update Service (gupdate1c986e543ae0809);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104] R3 RTLWUSB;802.11g USB2.0 WLAN Dongle;c:\windows\system32\DRIVERS\RTL8187.sys [2006-04-12 169472] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-02 691696] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296] S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-05-13 4096] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners 2011-01-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 14:53] 2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 16:25] 2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 16:25] 2011-01-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-08-27 07:42] 2011-01-06 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-08-27 07:42] 2011-01-07 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job - c:\windows\system32\msfeedssync.exe [2010-12-15 04:25] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.imesh.com/ uInternet Settings,ProxyOverride = *.local IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\Papi\AppData\Roaming\Mozilla\Firefox\Profiles\n2jr1rrn.default\ FF - prefs.js: browser.startup.homepage - hxxp://bazonline.ch/schweiz/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: MediaBar: {28D35620-51D9-11DE-9D13-2DB156D89593} - %profile%\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-01-07 15:41 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2011-01-07 15:44:44 ComboFix-quarantined-files.txt 2011-01-07 14:44 Vor Suchlauf: 14 Verzeichnis(se), 150'192'947'200 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 150'087'929'856 Bytes frei Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - DF1005E603B1C21EDC609E0BEF0B7BFC |
07.01.2011, 19:15 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaerfund und zwei Hijackereinträge Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
10.01.2011, 14:16 | #9 |
| Trojaerfund und zwei Hijackereinträge OK, GMER läuft auch hier nicht. OSAM-LOg: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:11:29 on 10.01.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Spybot - Search & Destroy - Scheduled Task.job" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe "Spybot - Search & Destroy Updater - Scheduled Task.job" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "802.11g USB2.0 WLAN Dongle" (RTLWUSB) - "Realtek Semiconductor Corporation " - C:\Windows\System32\DRIVERS\RTL8187.sys "apeju9d0" (apeju9d0) - "Microsoft Corporation" - C:\Windows\system32\drivers\apeju9d0.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\Users\Papi\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "ntcdrdrv" (ntcdrdrv) - ? - C:\Windows\System32\DRIVERS\ntcdrdrv.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {A8065B9E-193F-4797-B62D-8F6321E7FCCB} "Blueberry FlashBack Client" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "CShellStitcher Object" - "Microsoft Corporation" - C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - ? - (File not found | COM-object registry key not found) {34F4B935-17DC-4885-8BC9-CCD1ADF42F93} "Record ISO Image to CD" - ? - (File not found | COM-object registry key not found) {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Foxit Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "PalTalk" - "AVM Software Inc." - C:\Program Files\Paltalk Messenger\Paltalk.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Foxit Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} "MediaBar" - ? - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} "MediaBar" - ? - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} "PDF-XChange Viewer IE-Plugin" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "PalTalk.lnk" - "AVM Software Inc." - C:\Program Files\Paltalk Messenger\paltalk.exe (Shortcut exists | File exists) "Philips GoGear Spark Gere-Manager.lnk" - "KeenHigh Tech." - C:\Program Files\Philips\GoGear Spark Device Manager\main.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast5" - "AVAST Software" - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "IJNetworkScanUtility" - "CANON INC." - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c986e543ae0809)" (gupdate1c986e543ae0809) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBR-Log: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Foxconn BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: OEM System Product Name: OEM Logical Drives Mask: 0x000001fc Kernel Drivers (total 154): 0x83038000 \SystemRoot\system32\ntkrnlpa.exe 0x83005000 \SystemRoot\system32\hal.dll 0x8040A000 \SystemRoot\system32\kdcom.dll 0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80481000 \SystemRoot\system32\PSHED.dll 0x80492000 \SystemRoot\system32\BOOTVID.dll 0x8049A000 \SystemRoot\system32\CLFS.SYS 0x804DB000 \SystemRoot\system32\CI.dll 0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80671000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8067F000 \SystemRoot\System32\Drivers\sprx.sys 0x80772000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8077B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x807A1000 \SystemRoot\system32\drivers\acpi.sys 0x807E7000 \SystemRoot\system32\drivers\msisadrv.sys 0x805BB000 \SystemRoot\system32\drivers\pci.sys 0x807EF000 \SystemRoot\System32\drivers\partmgr.sys 0x805E2000 \SystemRoot\system32\drivers\volmgr.sys 0x8360F000 \SystemRoot\System32\drivers\volmgrx.sys 0x83659000 \SystemRoot\system32\drivers\intelide.sys 0x83660000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8366E000 \SystemRoot\System32\drivers\mountmgr.sys 0x8367E000 \SystemRoot\system32\drivers\atapi.sys 0x83686000 \SystemRoot\system32\drivers\ataport.SYS 0x836A4000 \SystemRoot\system32\drivers\fltmgr.sys 0x836D6000 \SystemRoot\system32\drivers\fileinfo.sys 0x836E6000 \SystemRoot\System32\Drivers\ksecdd.sys 0x88C02000 \SystemRoot\system32\drivers\ndis.sys 0x88D0D000 \SystemRoot\system32\drivers\msrpc.sys 0x88D38000 \SystemRoot\system32\drivers\NETIO.SYS 0x88E05000 \SystemRoot\System32\drivers\tcpip.sys 0x88EEF000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8900C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8911C000 \SystemRoot\system32\drivers\volsnap.sys 0x89155000 \SystemRoot\System32\Drivers\spldr.sys 0x8915D000 \SystemRoot\System32\Drivers\mup.sys 0x8916C000 \SystemRoot\System32\drivers\ecache.sys 0x89193000 \SystemRoot\system32\drivers\disk.sys 0x891A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x891C5000 \SystemRoot\system32\drivers\crcdisk.sys 0x891EE000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x88F0A000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8CA0A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8D0C5000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8D166000 \SystemRoot\System32\drivers\watchdog.sys 0x8D172000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x89000000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x88F19000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x88F57000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8D20E000 \SystemRoot\system32\DRIVERS\Ph3xIB32.sys 0x8D323000 \SystemRoot\system32\DRIVERS\ks.sys 0x8D34D000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x8D350000 \SystemRoot\system32\DRIVERS\fdc.sys 0x8D35B000 \SystemRoot\system32\DRIVERS\serial.sys 0x8D375000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8D37F000 \SystemRoot\system32\DRIVERS\irsir.sys 0x8D38A000 \SystemRoot\system32\drivers\irenum.sys 0x8D393000 \SystemRoot\system32\DRIVERS\parport.sys 0x8D3AB000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8D3C3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x88F66000 \SystemRoot\System32\Drivers\apeju9d0.SYS 0x8D3C9000 \SystemRoot\system32\DRIVERS\serscan.sys 0x8D3D1000 \SystemRoot\system32\DRIVERS\bbcap.sys 0x8D3D7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0x88F9F000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x88D73000 \SystemRoot\system32\DRIVERS\storport.sys 0x8D200000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x88FCE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x88FE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x88DB4000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x88FF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x88DD7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x88DEB000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x83757000 \SystemRoot\system32\DRIVERS\termdd.sys 0x83767000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x83772000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8D20B000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8CA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8377D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8378A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x837BF000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8DA04000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x837D0000 \SystemRoot\system32\drivers\portcls.sys 0x8DC0E000 \SystemRoot\system32\drivers\drmk.sys 0x8DC33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8DC3C000 \SystemRoot\System32\Drivers\Null.SYS 0x8DC43000 \SystemRoot\System32\Drivers\Beep.SYS 0x8DC53000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8DC5A000 \SystemRoot\System32\drivers\vga.sys 0x8DC66000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8DC6E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8DC76000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8DC81000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8DC8F000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8DC98000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8DCAE000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x8DCB8000 \SystemRoot\system32\DRIVERS\smb.sys 0x8DCCC000 \SystemRoot\system32\drivers\afd.sys 0x8DD14000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x8DD19000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8DD4B000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x8DD54000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8DD6A000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8DD78000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8DD8B000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8DDC7000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8DDD1000 \SystemRoot\System32\Drivers\dfsc.sys 0x8DE05000 \SystemRoot\System32\Drivers\aswSP.SYS 0x8DE2C000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8DE39000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8DE44000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x8DE4C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x8DE61000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x968A0000 \SystemRoot\System32\win32k.sys 0x8DE63000 \SystemRoot\System32\drivers\Dxapi.sys 0x8DE6D000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8DE84000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8DE8D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8DE9D000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8DEA6000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8DEAE000 \SystemRoot\system32\DRIVERS\monitor.sys 0x96AC0000 \SystemRoot\System32\TSDDD.dll 0x96AE0000 \SystemRoot\System32\cdd.dll 0x8DEBD000 \SystemRoot\system32\drivers\luafv.sys 0x8DED8000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x8DF0F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x8DF12000 \SystemRoot\system32\drivers\WudfPf.sys 0x8DF2C000 \SystemRoot\system32\drivers\spsys.sys 0x8DFDC000 \SystemRoot\system32\DRIVERS\irda.sys 0x8DDE8000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8120B000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x81235000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8123F000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x81252000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x8125B000 \SystemRoot\system32\drivers\HTTP.sys 0x812C8000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x812E5000 \SystemRoot\system32\DRIVERS\bowser.sys 0x812FE000 \SystemRoot\System32\drivers\mpsdrv.sys 0x81313000 \SystemRoot\system32\drivers\mrxdav.sys 0x81334000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x81353000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x8138C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x813A4000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAA602000 \SystemRoot\System32\DRIVERS\srv.sys 0xAA650000 \SystemRoot\system32\DRIVERS\parvdm.sys 0xAA657000 \SystemRoot\system32\drivers\peauth.sys 0xAA735000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAA73F000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAA74B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xAA76C000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xAA782000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0xAA791000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x774C0000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll Processes (total 66): 0 System Idle Process 4 System 504 C:\Windows\System32\smss.exe 572 csrss.exe 616 C:\Windows\System32\wininit.exe 628 csrss.exe 660 C:\Windows\System32\services.exe 676 C:\Windows\System32\lsass.exe 684 C:\Windows\System32\lsm.exe 720 C:\Windows\System32\winlogon.exe 864 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\svchost.exe 1076 C:\Windows\System32\svchost.exe 1108 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1236 C:\Windows\System32\audiodg.exe 1260 C:\Windows\System32\svchost.exe 1284 C:\Windows\System32\SLsvc.exe 1308 C:\Windows\System32\svchost.exe 1528 C:\Windows\System32\svchost.exe 1656 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1888 C:\Windows\System32\spoolsv.exe 1896 C:\Windows\System32\taskeng.exe 1932 C:\Windows\System32\svchost.exe 544 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 552 C:\Program Files\Bonjour\mDNSResponder.exe 780 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1536 C:\Windows\System32\IoctlSvc.exe 1680 C:\Windows\System32\svchost.exe 1476 C:\Windows\System32\svchost.exe 768 C:\Windows\System32\svchost.exe 928 C:\Windows\System32\SearchIndexer.exe 2188 WUDFHost.exe 2268 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3276 C:\Windows\System32\taskeng.exe 3308 C:\Windows\System32\dwm.exe 3360 C:\Windows\explorer.exe 3480 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe 3720 C:\Windows\RtHDVCpl.exe 3772 C:\Windows\System32\igfxtray.exe 3780 C:\Windows\System32\hkcmd.exe 3796 C:\Windows\System32\igfxpers.exe 3848 C:\Windows\System32\wpcumi.exe 3868 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 3876 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE 3948 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 3976 C:\Program Files\iTunes\iTunesHelper.exe 4004 C:\Program Files\Common Files\Java\Java Update\jusched.exe 4016 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 4044 C:\Windows\ehome\ehtray.exe 4052 C:\Program Files\DAEMON Tools Lite\DTLite.exe 4060 C:\Program Files\Windows Media Player\wmpnscfg.exe 4068 C:\Program Files\Paltalk Messenger\paltalk.exe 4076 C:\Windows\System32\wbem\unsecapp.exe 1036 WmiPrvSE.exe 2676 C:\Program Files\Mozilla Firefox\firefox.exe 2160 C:\Windows\System32\igfxsrvc.exe 2384 C:\Windows\ehome\ehmsas.exe 3184 C:\Program Files\Mozilla Firefox\plugin-container.exe 1028 C:\Program Files\Windows Media Player\wmpnetwk.exe 156 C:\Program Files\iPod\bin\iPodService.exe 4228 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 4380 C:\Windows\System32\SearchProtocolHost.exe 4472 C:\Windows\System32\SearchFilterHost.exe 4728 C:\Users\Papi\Desktop\MBRCheck.exe 2928 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAD Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
10.01.2011, 14:17 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaerfund und zwei Hijackereinträge Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.01.2011, 18:50 | #11 |
| Trojaerfund und zwei Hijackereinträge ok, keine malware-funde, wieder bloss Cookies und Reste. Komisch ist ja, dass, obwohl der Browser die cookies nach der Sitzung löscht, ich doch noch welche habe. MBAM-Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5495 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 10.01.2011 15:50:20 mbam-log-2011-01-10 (15-50-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 312165 Laufzeit: 1 Stunde(n), 11 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPER-Log: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 01/10/2011 at 06:28 PM Application Version : 4.47.1000 Core Rules Database Version : 6165 Trace Rules Database Version: 3977 Scan type : Complete Scan Total Scan Time : 01:55:12 Memory items scanned : 675 Memory threats detected : 0 Registry items scanned : 9137 Registry threats detected : 1 File items scanned : 170427 File threats detected : 20 Adware.Tracking Cookie C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@webmasterplan[2].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ad2.adfarm1.adition[1].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@edgeadx[1].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@stats2.clicktracks[2].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@bs.serving-sys[1].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@content.yieldmanager[3].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@adtech[2].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@adfarm1.adition[1].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ad.zanox[1].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ad.adc-serv[2].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@zanox[1].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@media6degrees[2].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@serving-sys[1].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ads.ad4game[2].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@tracking.mindshare[1].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ad.yieldmanager[2].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@fidelity.rotator.hadj7.adjuggler[2].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@eas.apm.emediate[1].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@tracking.quisma[2].txt C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@content.yieldmanager[2].txt Rogue.Pallidium HKU\S-1-5-21-4113668579-2867794635-1885708499-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS#WARNONPOSTREDIRECT |
10.01.2011, 20:22 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaerfund und zwei HijackereinträgeZitat:
2.) Surfst du echt mit dem IE und der ist so eingestellt, dass er cookies beim Beenden löscht?
__________________ Logfiles bitte immer in CODE-Tags posten |
10.01.2011, 20:31 | #13 |
| Trojaerfund und zwei Hijackereinträge nein, ich surfe mit firefox, habe aber den IE auch noch, weil einige programme nach ihm verlangen. sieht es sonst ok. aus? |
10.01.2011, 20:36 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaerfund und zwei Hijackereinträge Ja. Die gefundenen Cookies stammen vom IE. Rechner wieder paletti?
__________________ Logfiles bitte immer in CODE-Tags posten |
10.01.2011, 20:51 | #15 |
| Trojaerfund und zwei Hijackereinträge Ich bemerkte auch hier nicht wirklich "Störungen". Der Fund wurde durch die Malware einfach angezeigt. Aber ich werd einiges umbauen . Zuerst hab ich mal ein Standardkonto gemacht und den Admin als "Gebrauchskonto" aufgehoben. Und dann werd ich mir die Prog-Updates anschauen. Und dann möchte ich auch ein Bisschen verstehen lernen, was nun genau wo reinkam Danke für den guten einsatz Dieses forum empfiehlt man gerne weiter |
Themen zu Trojaerfund und zwei Hijackereinträge |
.dll, adobe, alternate, antivirus, askbar, avast, avast!, bho, bonjour, canon, corp./icp, defender, desktop, error, explorer, firefox, firefox.exe, format, google, hijacker.application, home, home premium, hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?ext=%s, location, malware, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, programdata, realtek, registry, safer networking, scan, searchplugins, software, sptd.sys, spyware, tracker, trojaner, vista, wlan |