Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Infektion mit diverser Malware

Infektion mit diverser Malware


Log-Analyse und Auswertung: Infektion mit diverser Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.05.2011, 04:28   #1
Vivo
 
Infektion mit diverser Malware - Standard

Infektion mit diverser Malware


Guten Morgen,

vor ein paar Tagen hat mir Avira eine Vireninfektion angezeigt (Logfiles siehe unten). Das System wurde auch merklich langsamer, insbesondere Firefox hat auf Eingaben nur sehr verzögert reagiert, ebenso beim Seitenaufbau.

Hatte Firefox neu installiert und diverse nicht mehr benötigte Software deinstalliert.

Ein Lauf von Malwarebytes hat dann weitere Infektionen ergeben. Nachdem die betroffenen Dateien in Quarantäne verschoben wurden, wird beim Systemstart die Meldung angezeigt:
Code:
ATTFilter
Fehler beim Laden von C:\users\***\tloadF4.dll
Das angegebene Modul wurde nicht gefunden.
Das System läuft aber; scheinbar jetzt nach dem letzten Malwarebytes-Lauf auch wieder schneller.

Jetzt wüsste ich gerne, wie ich da weiter vorgehen soll.

OTL:
Code:
ATTFilter
OTL logfile created on: 28.05.2011 04:50:48 - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,04% Memory free
4,24 Gb Paging File | 3,37 Gb Available in Paging File | 79,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 34,88 Gb Free Space | 46,81% Space Free | Partition Type: NTFS
Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.03 15:31:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.10 18:15:46 | 001,265,664 | ---- | M] (www.bid-o-matic.org) -- C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.09 18:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.25 04:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.03.17 08:17:31 | 005,320,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.12 06:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Unknown | Stopped] --  -- (WPFFontCache_v0400)
SRV - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 16:47:13 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 21:23:06 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.06.03 23:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2008.05.01 03:09:59 | 007,448,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.03.21 21:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.11.16 06:09:03 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.03 21:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.15 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.27 20:42:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.27 21:14:42 | 000,000,000 | ---D | M]
 
[2011.05.27 20:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.05.27 21:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.05.15 20:13:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- 
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.19 19:47:11 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.05 23:13:00 | 000,307,170 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 10575 more lines...
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NvCplDaemonTool]  File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk = C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.28 04:23:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbam logdateien
[2011.05.28 04:19:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\avira ereignisse
[2011.05.28 04:14:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD
[2011.05.27 22:44:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.05.27 20:22:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DriverCure
[2011.05.27 20:22:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ParetoLogic
[2011.05.27 20:22:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011.05.27 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011.05.27 19:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2011.05.27 19:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.05.27 19:51:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011.05.27 19:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011.05.27 19:49:44 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2011.05.27 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware
[2011.05.26 15:57:37 | 005,249,448 | ---- | C] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe
[2011.05.16 17:05:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\rechtssoziologie
[2011.05.04 22:56:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SnapDragon Games
[2011.05.04 22:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\SnapDragon Games
[2011.04.29 17:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011.04.29 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.04.29 14:58:30 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011.04.29 14:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.04.29 14:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2008.06.03 23:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.28 04:23:49 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.28 04:16:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.28 04:16:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.28 04:15:10 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.28 04:13:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.28 00:31:16 | 000,000,272 | ---- | M] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf
[2011.05.27 22:45:55 | 000,302,080 | ---- | M] () -- C:\Users\***\Desktop\ksdu5jyf.exe
[2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.05.27 22:18:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.05.27 22:13:44 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2011.05.27 22:05:07 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.27 22:05:07 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.27 22:05:07 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.27 22:05:07 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.27 20:42:21 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.05.27 20:22:20 | 000,000,909 | ---- | M] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk
[2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.05.27 19:52:19 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.05.27 19:31:57 | 000,323,216 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json
[2011.05.26 20:39:33 | 000,047,584 | ---- | M] () -- C:\Users\***\Desktop\werbung.jpg
[2011.05.26 15:58:24 | 005,249,448 | ---- | M] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe
[2011.05.15 17:27:03 | 000,057,800 | ---- | M] () -- C:\Users\***\Desktop\alle affen gaffen.jpg
[2011.05.14 14:46:09 | 000,388,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.14 03:20:35 | 000,105,656 | ---- | M] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg
[2011.05.13 00:49:56 | 003,575,463 | ---- | M] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3
[2011.05.12 14:16:00 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe
[2011.05.11 19:14:42 | 004,267,781 | ---- | M] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3
[2011.05.10 13:31:25 | 000,008,120 | ---- | M] () -- C:\Users\***\Desktop\denglisch.rtf
[2011.05.09 20:40:14 | 000,000,548 | ---- | M] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk
[2011.05.09 15:41:36 | 001,887,144 | ---- | M] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf
[2011.05.05 15:57:52 | 000,107,077 | ---- | M] () -- C:\Users\***\Desktop\claudia roth preis.pdf
[2011.05.02 22:11:27 | 005,068,826 | ---- | M] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3
[2011.05.02 21:54:13 | 000,050,061 | ---- | M] () -- C:\Users\***\Desktop\zimmer.jpg
[2011.04.29 17:43:13 | 000,148,340 | ---- | M] () -- C:\Windows\hphins33.dat
[2011.04.29 15:29:03 | 001,316,262 | ---- | M] () -- C:\Users\***\Desktop\dj169en.exe
[2011.04.29 15:16:27 | 000,175,504 | ---- | M] () -- C:\Windows\hphins26.dat
[2011.04.29 15:01:47 | 000,175,517 | ---- | M] () -- C:\Windows\hphins26.dat.temp
 
========== Files Created - No Company Name ==========
 
[2011.05.28 00:31:16 | 000,000,272 | ---- | C] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf
[2011.05.27 22:45:24 | 000,302,080 | ---- | C] () -- C:\Users\***\Desktop\ksdu5jyf.exe
[2011.05.27 22:13:44 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2011.05.27 21:25:49 | 000,006,739 | ---- | C] () -- C:\Users\***\Documents\wavepurity.ini.bak
[2011.05.27 20:42:21 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.27 20:42:21 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.27 20:23:18 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.05.27 20:22:20 | 000,000,909 | ---- | C] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk
[2011.05.27 20:22:20 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011.05.27 20:22:20 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011.05.27 20:22:20 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011.05.27 19:52:36 | 000,000,220 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.05.27 19:52:19 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.05.27 19:31:56 | 000,323,216 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json
[2011.05.26 20:39:32 | 000,047,584 | ---- | C] () -- C:\Users\***\Desktop\werbung.jpg
[2011.05.15 17:25:38 | 000,057,800 | ---- | C] () -- C:\Users\***\Desktop\alle affen gaffen.jpg
[2011.05.14 03:20:35 | 000,105,656 | ---- | C] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg
[2011.05.13 00:49:54 | 003,575,463 | ---- | C] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3
[2011.05.11 19:14:37 | 004,267,781 | ---- | C] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3
[2011.05.09 20:40:14 | 000,000,548 | ---- | C] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk
[2011.05.09 15:41:29 | 001,887,144 | ---- | C] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf
[2011.05.05 15:57:50 | 000,107,077 | ---- | C] () -- C:\Users\***\Desktop\claudia roth preis.pdf
[2011.05.02 22:10:44 | 005,068,826 | ---- | C] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3
[2011.05.02 21:54:13 | 000,050,061 | ---- | C] () -- C:\Users\***\Desktop\zimmer.jpg
[2011.04.29 17:38:11 | 000,148,340 | ---- | C] () -- C:\Windows\hphins33.dat
[2011.04.29 17:38:11 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2011.04.29 15:28:55 | 001,316,262 | ---- | C] () -- C:\Users\***\Desktop\dj169en.exe
[2011.04.29 15:13:52 | 000,175,517 | ---- | C] () -- C:\Windows\hphins26.dat.temp
[2011.04.29 15:13:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat.temp
[2011.04.29 14:57:48 | 000,175,504 | ---- | C] () -- C:\Windows\hphins26.dat
[2011.04.29 14:57:48 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2010.08.03 20:43:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.03 20:42:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.05.20 12:36:28 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\qvjsge.dat
[2010.04.07 22:46:32 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
[2010.04.07 22:42:44 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.04.30 14:34:46 | 000,000,167 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.02.10 20:55:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.12.06 19:36:56 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2008.10.18 18:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.18 15:08:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.09.24 04:46:36 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.24 04:46:34 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.24 04:40:32 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008.09.24 04:40:21 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.04.16 11:30:52 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 11:30:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 11:30:52 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 11:30:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 11:01:43 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,388,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2009.09.22 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.config
[2011.05.27 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.05.28 04:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.05.27 21:20:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON
[2011.05.27 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure
[2011.03.11 00:27:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.24 18:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.03.30 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.05.27 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze
[2010.05.02 17:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.05.01 15:29:31 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2008.10.18 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.05.27 20:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ParetoLogic
[2009.09.07 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qualcomm
[2011.01.08 04:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER
[2011.05.27 19:52:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2009.02.05 18:04:07 | 000,021,986 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.10.18 15:15:02 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.09.24 04:49:22 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2010.08.03 21:17:07 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.05.28 03:09:18 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.03.11 16:57:36 | 000,000,000 | ---D | M] -- C:\ct
[2009.04.13 00:45:19 | 000,000,000 | ---D | M] -- C:\cwplayer
[2008.10.18 15:01:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.05 00:40:23 | 000,000,000 | ---D | M] -- C:\dos
[2008.10.30 16:21:34 | 000,000,000 | ---D | M] -- C:\logs
[2011.05.09 20:40:20 | 000,000,000 | ---D | M] -- C:\minimoog
[2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2009.06.15 17:51:29 | 000,000,000 | ---D | M] -- C:\postda
[2011.05.27 22:17:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.05.27 21:40:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.12.06 19:12:12 | 000,000,000 | ---D | M] -- C:\qb
[2010.04.07 22:46:14 | 000,000,000 | ---D | M] -- C:\SIERRA
[2011.05.28 04:52:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.10.18 15:08:26 | 000,000,000 | R--D | M] -- C:\Users
[2011.01.25 22:10:35 | 000,000,000 | ---D | M] -- C:\vst
[2011.05.27 22:13:44 | 000,000,000 | ---D | M] -- C:\Windows
[2009.09.22 18:03:02 | 000,000,000 | ---D | M] -- C:\xtender
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-28 01:09:47
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:C10F9B26

< End of report >
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 28.05.2011 00:31:21 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,37% Memory free
4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 34,36 Gb Free Space | 46,11% Space Free | Partition Type: NTFS
Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C44C9B8-6FA2-4E57-96A1-F1A613941342}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3912536B-2707-456D-B4A9-2E0BFBD13EB7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{43D4CF31-CC80-4003-B456-01462B3E2027}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{65400965-145C-4B37-B8BA-CB160F537165}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CFA048CA-6731-4CE0-80BC-D81F5DEA2B0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EED069AF-F199-4E20-9267-EAEDDF1439CD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F51C7C49-D339-4A1B-8135-E733D223F48D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD47045D-17EB-473A-B22C-298DFEEBB612}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B82674-B505-418A-B1C7-5A943354E1E5}" = protocol=6 | dir=in | app=c:\program files\ftp explorer\ftpx.exe | 
"{7ED725E5-9CB9-43CF-A0DC-29A6160CA23B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{95024D4A-F3B6-40DA-A908-5A53B05EDFB3}" = protocol=17 | dir=in | app=c:\program files\ftp explorer\ftpx.exe | 
"{B280AB1F-4344-43A8-8E2E-44F59A1F5B57}" = dir=in | app=c:\program files\asustek\asusdvd\powerdvd.exe | 
"{EB73C2B2-0F81-4953-AF29-0DF69B4B66BB}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{F7B4AB7F-75DB-454A-B183-A901836CC404}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"TCP Query User{149C703E-0CD0-42C2-A9CD-EBC7B9B6B1BB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{37E0E16A-5102-4D19-94F2-F35F52D8F047}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{B723F0A3-2454-4230-B1B4-F3D8BADF0C00}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D642D53B-3EA7-4D11-A8E2-59C21CCFB754}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F7DB53C0-EC2F-4B0E-AADE-196AF5290D80}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1FFBB0E6-A643-4B21-94D0-AE23BF915D21}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{99A4B196-54E2-4581-B7A6-863E97366FFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{CE1D5C9B-B9B0-4BCE-A409-77C7F304637E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{D353F28E-A797-43FD-9FFB-71A9B614F9BA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{ED3BB049-97F1-44BC-B548-C355A98E645B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F4EF69-CFE4-49D7-9459-3873D0FB2BDA}" = SmartFTP Client German (Germany) MUI
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0BC990FA-89D8-4F70-AFA9-0C01557FB7B3}" = SmartFTP Client
"{167F938F-5AD3-40e2-B05D-2B7C6F0FDE48}" = HP Deskjet D1500 Printer Driver 10.0 Rel .3
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo WinOptimizer 4 FREE_is1" = Ashampoo WinOptimizer 4 FREE
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"Biet-O-Matic v2.8.3" = Biet-O-Matic v2.8.3
"Caesar 3" = Caesar 3
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Native Instruments Pro-53 Demo" = Native Instruments Pro-53 Demo
"NVIDIA Drivers" = NVIDIA Drivers
"Security Task Manager" = Security Task Manager 1.7h
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tone Stack Calculator" = Tone Stack Calculator
"Uniblue RegistryBooster" = Uniblue RegistryBooster
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2011 06:32:54 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.05.2011 19:04:26 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3909 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 39c  Anfangszeit: 01cc187c6c279488  Zeitpunkt der Beendigung:
 60
 
[ System Events ]
Error - 27.05.2011 15:42:40 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.05.2011 15:45:37 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.05.2011 15:45:39 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.05.2011 15:46:04 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.05.2011 15:46:05 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.05.2011 15:51:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.05.2011 16:12:33 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.05.2011 16:22:22 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
gmer:
Code:
ATTFilter
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-28 04:10:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: ksdu5jyf.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys


---- Kernel code sections - GMER 1.0.15 ----

?               System32\drivers\fvxllon.sys                                             Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                 section is writeable [0x8BC04340, 0x3DC4A7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2644] ntdll.dll!LdrLoadDll  77AE93A8 5 Bytes  JMP 011F1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                 fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                 AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                       0 bytes
File            C:\ADSM_PData_0150\DB                                                    0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                              624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                              16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                              16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                               512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                          253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                  512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86              0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys    29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt         512 bytes

---- EOF - GMER 1.0.15 ----
Neuestes mbam-Log:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6694

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

28.05.2011 00:22:42
mbam-log-2011-05-28 (00-22-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 265425
Laufzeit: 1 Stunde(n), 34 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskd60.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\***\tloadF4.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\E45NVVOV\about[1].exe (Heuristics.Shuriken) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
Ältere mbam-Logs und Avira-Ereignisse sind im Anhang.

 

Themen zu Infektion mit diverser Malware
32 bit, alternate, antivir, audacity, autorun, avira, bho, c:\windows\system32\rundll32.exe, calculator, error, fehler, firefox, flash player, google, google earth, heuristics.shuriken, hijack, hijackthis, home, iexplore.exe, installation, malwar, malware, mozilla, ntdll.dll, nvlddmkm.sys, oldtimer, plug-in, realtek, registry, safer networking, scan, searchplugins, security, software, start menu, studio, svchost.exe, system, usb, usb 2.0, vista, {dfefcdee-cf1a-4fc8-88ad-48514e463b27}


« Avira hat gemeldet TR/Kazey.melkml.1 wurde gefunden | Google leitet immer auf verschiedene Seiten um. Sicherheitscenterdienst deaktiviert sich immer... »


Ähnliche Themen: Infektion mit diverser Malware


  1. Infektion mit spyware.passwords.ed (Scan mit malware bytes)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (15)
  2. Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite)
    Log-Analyse und Auswertung - 26.09.2014 (7)
  3. Fehlermeldungen im Browser bleiben auch nach Bereinigung und Entfernung diverser Malware
    Plagegeister aller Art und deren Bekämpfung - 30.03.2014 (16)
  4. Windows XP: Malware Infektion TR.TRASH.gen
    Log-Analyse und Auswertung - 21.01.2014 (11)
  5. Diverser Befall
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (11)
  6. Nach JDownloader Malware/Adware Infektion?
    Log-Analyse und Auswertung - 03.11.2013 (7)
  7. Infektion mit Ransomware und Java-Malware
    Log-Analyse und Auswertung - 25.08.2013 (10)
  8. Infektion durch Trojan.Agent.ED, EXP/2012-1723.GE, TR/PSW.Fareit.1142 und weitere Malware
    Plagegeister aller Art und deren Bekämpfung - 19.03.2013 (35)
  9. diverse Trojaner und Malware gefunden, infektion evtl. durch 22kB dateianhang
    Log-Analyse und Auswertung - 31.01.2013 (3)
  10. Rootkit gefunden, Malware Infektion?
    Log-Analyse und Auswertung - 15.06.2011 (27)
  11. Infektion mit Malware u.A. Win32/Zwangi
    Plagegeister aller Art und deren Bekämpfung - 19.01.2011 (24)
  12. Anti-malware Bericht ok, Spyware Doctor meldet noch Infektion
    Log-Analyse und Auswertung - 08.12.2010 (18)
  13. Befall mit diverser Malware u.a. : C:\WINDOWS\btrd32.dll (Trojan.Hiloti); -TR/Crypt.XPACK.Gen3'
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (14)
  14. Infektion mit Anti Malware Doctor
    Log-Analyse und Auswertung - 05.08.2010 (1)
  15. AntiVir meldet TR/Dropper-Infektion; Anti-malware kann nicht zuende scannen...
    Plagegeister aller Art und deren Bekämpfung - 18.02.2010 (5)
  16. Malware-Infektion
    Plagegeister aller Art und deren Bekämpfung - 21.11.2009 (1)
  17. Pop ups diverser art!
    Log-Analyse und Auswertung - 05.06.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Infektion mit diverser Malware - Guten Morgen, vor ein paar Tagen hat mir Avira eine Vireninfektion angezeigt (Logfiles siehe unten). Das System wurde auch merklich langsamer, insbesondere Firefox hat auf Eingaben nur sehr verzögert reagiert, - Infektion mit diverser Malware...
Archiv
Du betrachtest: Infektion mit diverser Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131