Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe (https://www.trojaner-board.de/123428-trojan-agent-c-users-win-m-1-74-6482-7942-8945-winsvc-exe.html)

Volliv 03.09.2012 21:26
Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe
 
Hallo zusammen!

Gestern abend habe ich von Avast eine Virus-Warnung bekommen, danach einen Scan mit Avast und Malwarebyte's Anti-Malware durchgeführt. (Bisher sind mir keine ungewöhnlichen Störungen aufgefallen.) Avast hat etwas gefunden (Java:Agent BOT), das habe ich in den Container verschoben. Leider hatte ich kurz danach einen Bluescreen und danach war die Datei arus Avast gelöscht. Aus dem Malware-Scan ist folgendes herausgekommen:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.02.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19298
Win :: WIN-PC [Administrator]

03.09.2012 14:07:14
mbam-log-2012-09-03 (15-29-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346820
Laufzeit: 1 Stunde(n), 9 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows Update (Trojan.Agent) -> Daten: C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 1
C:\Users\Win\M-1-74-6482-7942-8945 (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Hier ist das Ergebnis aus OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 03.09.2012 15:52:30 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 65,50% Memory free
5,72 Gb Paging File | 4,81 Gb Available in Paging File | 84,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 50,25 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 179,48 Gb Free Space | 89,55% Space Free | Partition Type: NTFS
 
Computer Name: WIN-PC | User Name: Win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.03 15:51:48 | 000,598,528 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.03 21:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe
PRC - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe
PRC - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.19 17:52:48 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.29 18:11:16 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.15 17:42:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.03 21:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.07.19 16:41:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.08.03 21:38:55 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012.08.03 21:38:05 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012.08.03 21:38:05 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)
DRV - [2012.07.03 18:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.09.02 09:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010.09.02 09:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.06.09 17:29:22 | 001,177,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.01.20 14:49:26 | 000,142,848 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.04.29 01:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19946&mntrId=94d3057100000000000000224353e977e977
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - prefs.js..network.proxy.http: "www-cache.uni-mannheim.de"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.19 20:41:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 14:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 20:41:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:41:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 20:41:18 | 000,000,000 | ---D | M]
 
[2011.06.29 18:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win\AppData\Roaming\mozilla\Extensions
[2012.07.25 11:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win\AppData\Roaming\mozilla\Firefox\Profiles\1mgg5wko.default\extensions
[2011.10.07 10:12:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Win\AppData\Roaming\mozilla\Firefox\Profiles\1mgg5wko.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.17 20:08:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Win\AppData\Roaming\mozilla\Firefox\Profiles\1mgg5wko.default\extensions\ffxtlbr@babylon.com
[2012.08.21 01:21:26 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-1.xml
[2011.08.25 09:28:52 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-2.xml
[2011.09.01 16:13:26 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-3.xml
[2011.09.08 15:13:52 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-4.xml
[2011.10.06 18:45:55 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-5.xml
[2011.10.11 18:37:50 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-6.xml
[2011.11.21 23:32:37 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-7.xml
[2011.08.10 23:36:37 | 000,001,056 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin.xml
[2012.09.02 20:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.08 16:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.02 20:22:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.08.26 14:27:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.08.08 16:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.19 16:41:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.08 11:45:29 | 000,002,291 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.08 18:10:54 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Microsoft® Windows Update] C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Free YouTube Download - C:\Users\Win\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Win\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.155.96.52 134.155.96.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{553941C3-C839-4B2D-9386-B45AF02055B4}: DhcpNameServer = 134.155.96.52 134.155.96.53
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.28 16:51:49 | 000,000,000 | ---D | C] -- C:\Users\Win\Desktop\Kosten Studium
[2012.08.26 14:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.08.26 14:12:24 | 000,000,000 | ---D | C] -- C:\Users\Win\AppData\Local\Cisco
[2012.08.26 14:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2012.08.26 14:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012.08.26 03:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShrewSoft VPN Client
[2012.08.26 03:54:31 | 000,000,000 | ---D | C] -- C:\Users\Win\Documents\Shrew Soft VPN
[2012.08.26 03:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\ShrewSoft
[2012.08.23 17:59:11 | 000,000,000 | ---D | C] -- C:\Users\Win\Desktop\Uni
[2012.08.21 21:15:45 | 000,000,000 | ---D | C] -- C:\Users\Win\AppData\Local\Passbild_Generator
[2012.08.21 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
[2012.08.21 21:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Passbild-Generator
[2012.08.08 16:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.08.08 16:17:13 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.08 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.08.08 16:17:12 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.08 16:16:40 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.08 16:16:40 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.08 16:16:40 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.08 16:16:40 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.08 16:15:55 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.08 16:15:55 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.03 15:53:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.03 15:45:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.03 15:45:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.03 15:45:20 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.03 15:45:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.03 15:39:57 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 15:39:57 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 15:39:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.03 15:39:50 | 2951,958,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.03 15:38:47 | 000,000,352 | ---- | M] () -- C:\Users\Win\defogger_reenable
[2012.09.03 14:47:40 | 000,002,633 | ---- | M] () -- C:\Users\Win\Desktop\Microsoft Office Excel 2007.lnk
[2012.09.03 14:06:50 | 000,000,906 | ---- | M] () -- C:\Users\Win\Desktop\mbam - Verknüpfung.lnk
[2012.09.02 22:17:15 | 288,685,133 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.30 21:24:36 | 000,002,631 | ---- | M] () -- C:\Users\Win\Desktop\Microsoft Office Word 2007.lnk
[2012.08.27 18:04:55 | 000,233,472 | ---- | M] () -- C:\Users\Win\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.27 03:58:36 | 000,399,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.26 14:27:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.08.26 12:43:11 | 000,000,680 | ---- | M] () -- C:\Users\Win\AppData\Local\d3d9caps.dat
[2012.08.21 21:15:41 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Passbild-Generator.lnk
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.15 18:26:05 | 000,001,025 | ---- | M] () -- C:\Users\Win\Desktop\GildeGold_TL - Verknüpfung.lnk
[2012.08.08 17:24:14 | 000,000,680 | ---- | M] () -- C:\Users\Win\Desktop\JDownloader - Verknüpfung.lnk
[2012.08.08 16:17:13 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.03 15:37:33 | 000,000,352 | ---- | C] () -- C:\Users\Win\defogger_reenable
[2012.09.03 14:06:50 | 000,000,906 | ---- | C] () -- C:\Users\Win\Desktop\mbam - Verknüpfung.lnk
[2012.09.02 20:58:07 | 2951,958,528 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.21 21:15:41 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Passbild-Generator.lnk
[2012.08.08 17:24:21 | 000,000,680 | ---- | C] () -- C:\Users\Win\Desktop\JDownloader - Verknüpfung.lnk
[2012.08.08 16:17:13 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.16 22:36:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2011.08.28 17:45:45 | 000,000,000 | ---- | C] () -- C:\Users\Win\AppData\Roaming\chrtmp
[2011.07.08 11:45:54 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.07.07 22:14:04 | 000,233,472 | ---- | C] () -- C:\Users\Win\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.30 16:52:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.06.30 16:52:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.30 14:17:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.06.29 16:56:42 | 001,703,936 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011.06.29 16:56:42 | 001,630,208 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011.06.29 16:56:42 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011.06.29 16:56:41 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2011.06.29 16:56:40 | 001,486,848 | ---- | C] () -- C:\Windows\System32\nview.dll
[2011.06.29 16:56:40 | 001,339,392 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe
[2011.06.29 16:56:38 | 000,442,368 | ---- | C] () -- C:\Windows\System32\nvappbar.exe
[2011.06.29 16:56:38 | 000,425,984 | ---- | C] () -- C:\Windows\System32\keystone.exe
[2011.06.29 16:24:03 | 000,000,680 | ---- | C] () -- C:\Users\Win\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.07.08 11:45:29 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Babylon
[2011.10.08 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\calibre
[2011.08.20 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\DAEMON Tools Lite
[2011.10.30 12:40:45 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\DVDVideoSoft
[2011.10.07 12:32:15 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.01 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\GameRanger
[2011.07.26 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Lingo4u
[2011.06.29 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\OpenOffice.org
[2012.06.27 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Opera
[2012.09.03 15:39:07 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Hier dsa Ergebnis aus Extras.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 03.09.2012 15:52:30 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 65,50% Memory free
5,72 Gb Paging File | 4,81 Gb Available in Paging File | 84,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 50,25 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 179,48 Gb Free Space | 89,55% Space Free | Partition Type: NTFS
 
Computer Name: WIN-PC | User Name: Win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{94A17928-F3FA-48F7-A0B7-77D33B821ADB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3DBC94-AC47-45D0-A028-16D2E2A93944}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{26FC9EF1-7DE7-4571-905A-058327E95FE4}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{47C89149-A9F6-4D5D-BA31-657E23912B48}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{6A3AAF19-C933-4F14-B84C-79092BE3969D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6CB8CA60-683C-4B72-AF6A-0D4269B54B8B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6E6D1E23-D852-4F21-B20F-73131C69BB2A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{869A0A6C-CFB7-4BB2-83A6-6330C38CABCB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87E6ABB9-662E-4854-9D1E-0FDB413B1831}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A9742667-E732-4F53-A1FD-886B8669BD7E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B7953952-9CF3-485D-ACCE-7CF63CA34FEC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{0501D2F1-02CC-4852-8DDF-0ACD1A8D92B7}C:\program files\ballerburg\ballerburg.exe" = protocol=6 | dir=in | app=c:\program files\ballerburg\ballerburg.exe |
"TCP Query User{3560434F-5289-4A8C-B43D-629681AB25EE}D:\cod_2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\cod_2\cod2mp_s.exe |
"TCP Query User{66D8A4B4-1C78-4F9E-9908-542B1D003D00}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{83E7F80F-A804-4915-AC90-DB824EC9205D}G:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=g:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{874D77D1-0BE4-4066-8A19-9FF3C58AE407}C:\users\win\desktop\candisoft_load!_0.7.1\load.exe" = protocol=6 | dir=in | app=c:\users\win\desktop\candisoft_load!_0.7.1\load.exe |
"TCP Query User{9F2BDF40-0FF6-48A7-964E-2D690BF364F1}D:\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\vlc\vlc.exe |
"TCP Query User{AA06AE43-F78A-459A-9AE4-E79B5B4E39E0}D:\die gilde gold-edition v2.06 windows vista&7 ready\die gilde gold-edition\gildegold_tl.exe" = protocol=6 | dir=in | app=d:\die gilde gold-edition v2.06 windows vista&7 ready\die gilde gold-edition\gildegold_tl.exe |
"TCP Query User{B0B10DD3-C3CE-4C65-93A2-7039A6E10F8C}H:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=h:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{D5F67FA0-F8FD-4092-B3F4-B60524949119}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2AA2BCCE-D243-4C09-A2D8-EFE89E9BFD4E}C:\users\win\desktop\candisoft_load!_0.7.1\load.exe" = protocol=17 | dir=in | app=c:\users\win\desktop\candisoft_load!_0.7.1\load.exe |
"UDP Query User{3B46FF6A-F317-412E-BAF0-BCF72321A2C8}D:\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\vlc\vlc.exe |
"UDP Query User{4E4DCDD5-0F60-4C01-9AD5-A74C57F97D9C}C:\program files\ballerburg\ballerburg.exe" = protocol=17 | dir=in | app=c:\program files\ballerburg\ballerburg.exe |
"UDP Query User{51009CB4-269D-4036-85B3-ADDE916AA6AA}D:\die gilde gold-edition v2.06 windows vista&7 ready\die gilde gold-edition\gildegold_tl.exe" = protocol=17 | dir=in | app=d:\die gilde gold-edition v2.06 windows vista&7 ready\die gilde gold-edition\gildegold_tl.exe |
"UDP Query User{6FFF3D72-DFC7-49F1-AAF9-20B221AED3EC}D:\cod_2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\cod_2\cod2mp_s.exe |
"UDP Query User{80D90D1F-3662-4BE6-9476-F3DF7CE515E4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9FEF524D-40CA-4A50-93E3-D3802050BA4F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D11712E4-C7D9-4326-B626-DE8D5DEA962A}H:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=h:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{F205C4AC-E5E3-4C88-BDF8-557126387E2B}G:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=g:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{628ED0F8-590B-49CF-A525-A1696BD79304}" = Cisco AnyConnect Secure Mobility Client
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C18E004E-8C44-4F63-91DD-7ABF7DECD712}" = calibre
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1489-3350-5074-6281" = JDownloader 0.9
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Comical_is1" = Comical 0.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Gilde" = Die Gilde
"Divine Wind_is1" = Divine Wind Version 5.1
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.2.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Guitar Pro 5_is1" = Guitar Pro 5.2
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Navigium" = Navigium
"NVIDIA Drivers" = NVIDIA Drivers
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5b
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"Shutdown4U" = Shutdown4U
"SpeedFan" = SpeedFan (remove only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.08.2012 08:12:29 | Computer Name = Win-PC | Source = acvpninstall | ID = 67108866
Description =
 
Error - 26.08.2012 08:12:29 | Computer Name = Win-PC | Source = acvpninstall | ID = 67108866
Description =
 
Error - 26.08.2012 08:12:29 | Computer Name = Win-PC | Source = acvpninstall | ID = 67108866
Description =
 
Error - 26.08.2012 17:13:00 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.08.2012 21:59:23 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.09.2012 08:44:36 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.09.2012 14:55:50 | Computer Name = Win-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 02.09.2012 14:56:52 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.09.2012 14:59:52 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.09.2012 15:39:41 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description =
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 30.08.2012 16:27:17 | Computer Name = Win-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionWinInet::HandleError File: .\Utility\HttpSession_wininet.cpp
Line:
 1050 Invoked Function: CHttpSessionWinInet::HandleError Return Code: 12007 (0x00002EE7)
Description:
 Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 30.08.2012 16:27:17 | Computer Name = Win-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
 407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
 HTTP_SESSION_ERROR_DNS_RESOLUTION
 
Error - 30.08.2012 16:27:17 | Computer Name = Win-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
 1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
 experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
 
Error - 30.08.2012 17:41:35 | Computer Name = Win-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
 Hibernate, etc).
 
Error - 30.08.2012 18:02:25 | Computer Name = Win-PC | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
 Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
 wurde wegen Zeitüberschreitung zurückgegeben. 
 
Error - 30.08.2012 18:02:25 | Computer Name = Win-PC | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
 Function: CTrayIcon::OnTimer Return Code: 0 (0x00000000) Description: unknown
 
Error - 30.08.2012 18:03:23 | Computer Name = Win-PC | Source = acvpnui | ID = 67108866
Description = Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 450
Invoked
 Function: FormatMessage Return Code: 3 (0x00000003) Description: Das System kann
den angegebenen Pfad nicht finden. 
 
Error - 30.08.2012 18:03:23 | Computer Name = Win-PC | Source = acvpndownloader | ID = 67108865
Description = Function: PreferenceMgr::invokePreferenceUpdateCBs File: ..\Api\PreferenceMgr.cpp
Line:
 1357 Callback interface address is NULL.
 
Error - 30.08.2012 18:03:23 | Computer Name = Win-PC | Source = acvpndownloader | ID = 67108865
Description = Function: PreferenceMgr::invokePreferenceUpdateCBs File: ..\Api\PreferenceMgr.cpp
Line:
 1357 Callback interface address is NULL.
 
Error - 30.08.2012 18:03:32 | Computer Name = Win-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteTableVista::addRouteV4 File: .\Routing\RouteTableVista.cpp
Line:
 192 Invoked Function: ::CreateIpForwardEntry2 Return Code: 5010 (0x00001392) Description:
 Das Objekt ist bereits vorhanden. 
 
[ OSession Events ]
Error - 03.10.2011 17:16:42 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:44:39 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:47:16 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:47:30 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:49:27 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 112
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:49:36 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.02.2012 07:34:19 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 164263
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.09.2012 14:56:52 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.09.2012 14:56:52 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.09.2012 14:56:52 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 02.09.2012 15:38:06 | Computer Name = Win-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.09.2012 um 21:36:20 unerwartet heruntergefahren.
 
Error - 02.09.2012 15:39:41 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 02.09.2012 16:17:19 | Computer Name = Win-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.09.2012 um 22:15:41 unerwartet heruntergefahren.
 
Error - 02.09.2012 16:18:54 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 02.09.2012 17:33:58 | Computer Name = Win-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.09.2012 um 23:32:24 unerwartet heruntergefahren.
 
Error - 02.09.2012 17:35:41 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 03.09.2012 09:41:35 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7011
Description =
 
 
< End of report >
--- --- ---

Und hier das Ergebnis aus GMER.txt:
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-03 21:28:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000062 Hitachi_ rev.PB3O
Running: zs4mqwgu.exe; Driver: C:\Users\Win\AppData\Local\Temp\uwldqpow.sys


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                  C:\Program Files\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xAE 0x45 0xCA 0x45 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                      0x7E 0x53 0x77 0xA6 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                     
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x66 0xDC 0xCA 0xFA ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                  C:\Users\Win\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                0x21 0xA0 0x05 0x73 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                          0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                      0x84 0x48 0xE1 0x24 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                       
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                  0xAD 0x52 0x01 0x56 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Program Files\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xAE 0x45 0xCA 0x45 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x7E 0x53 0x77 0xA6 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x66 0xDC 0xCA 0xFA ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      C:\Users\Win\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      1
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0x21 0xA0 0x05 0x73 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0x84 0x48 0xE1 0x24 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)   
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                      0xAD 0x52 0x01 0x56 ...

---- EOF - GMER 1.0.15 ----
--- --- ---



Schonmal vielen Dank im Voraus,
Volliv

schrauber 04.09.2012 06:43
Hi,

  • Lade dir das Tool hier herunter auf den Desktop -> KLICK

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)

Volliv 04.09.2012 08:43
Das Tool ist auf meinem Desktop, ich kann aber für die Ausführung empfohlene Deaktivierung von Avast nicht durchführen - bei Rechtsklick auf das Symbol gibt es keine Option, in der irgendetwas von Schild oder ähnlichem steht...? Und bei Malwarebytes finde ich auch nichts zum deaktivieren.

schrauber 04.09.2012 08:47
Steht da nicht deaktivieren/aktivieren bei avast wenn du einen rechtsklick machst?

Volliv 04.09.2012 09:06
Nein, nur das, was bei allen anderen Programmen auch steht - also von Avast nur die Virensuche. SOll ich das dann während die Internetverbindung gekappt ist deinstallieren und dann wieder neu installieren? So hab ich das bei GMER behelfsweise auch gemacht.

schrauber 04.09.2012 09:48
Öffne Avast mal und schau ob Du im Programm die Option deaktivieren hast.

Volliv 04.09.2012 10:45
Liste der Anhänge anzeigen (Anzahl: 1)
Alles, was ich finden kann sind die zu überwachenden Module in der Statusanzeige (s. Anhang). Reicht es, da alles abzuhaken?

Volliv 04.09.2012 10:59
Liste der Anhänge anzeigen (Anzahl: 1)
Jetzt hab ichs, glaube ich, gefunden: Unter Echtzeitschutz kann ich die einzelnen Module für eine bestimmte Zeit abschalten bzw. den Echtzeitschutz anhalten.

Mir fällt gerade ein weiteres Problem mit dem ComboFix auf: Ich habe für Windows Vista keine Wiederherstellungs-CD bzw. habe ich überhaupt keine CD, auf die ich etwas brennen könnte. Gibt es da noch andere Möglichkeiten, z.B. mit einem Stick oder kann ich irgendwie feststellen, ob schon etwas zur Sicherung installiert ist? Oder müsste ich mir eben eine CD-ROM besorgen?

schrauber 04.09.2012 11:17
Brauch man nur bei XP, falls was schief gehen sollte können wir bei Vista ne iso brennen :)

Volliv 04.09.2012 12:28
So, ich habe ComboFix durchlaufen lassen und das mochte mein Laptop wohl nicht. Wenn ich ein Programm oder z.B. auch Systemsteuerung öffnen möchte, kommt immer die Meldung "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen freigegeben wurde."
Ich kann die Programme nur noch als Administrator ausführen, was dann z.B. bei Systemsteuerung garnicht mehr funktioniert.


Hier ist jedenfalls der Logfile:

Combofix Logfile:
Code:
ComboFix 12-09-03.07 - Win 04.09.2012  12:56:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2814.2047 [GMT 2:00]
ausgeführt von:: c:\users\Win\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\to_r0tsef.pad
c:\users\Win\AppData\Roaming\chrtmp
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-04 bis 2012-09-04  ))))))))))))))))))))))))))))))
.
.
2012-09-04 11:02 . 2012-09-04 11:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-04 09:16 . 2012-08-23 07:15        7022536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9D3761F-DAE0-4D5A-A27F-B576F16BB9E8}\mpengine.dll
2012-08-27 01:22 . 2012-02-29 15:11        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-08-27 01:22 . 2012-02-29 15:11        172032        ----a-w-        c:\windows\system32\wintrust.dll
2012-08-27 01:22 . 2012-02-29 15:09        157696        ----a-w-        c:\windows\system32\imagehlp.dll
2012-08-27 01:22 . 2012-02-29 13:32        12800        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-08-27 01:14 . 2012-07-04 14:02        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-08-26 12:38 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll
2012-08-26 12:38 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-08-26 12:38 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-08-26 12:38 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2012-08-26 12:38 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2012-08-26 12:38 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll
2012-08-26 12:38 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe
2012-08-26 12:38 . 2012-04-23 16:00        984064        ----a-w-        c:\windows\system32\crypt32.dll
2012-08-26 12:38 . 2012-04-23 16:00        98304        ----a-w-        c:\windows\system32\cryptnet.dll
2012-08-26 12:38 . 2012-04-23 16:00        133120        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-08-26 12:38 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll
2012-08-26 12:38 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll
2012-08-26 12:37 . 2012-05-11 15:57        623616        ----a-w-        c:\windows\system32\localspl.dll
2012-08-26 12:37 . 2011-11-18 20:23        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2012-08-26 12:37 . 2011-10-14 16:02        429056        ----a-w-        c:\windows\system32\EncDec.dll
2012-08-26 12:37 . 2012-03-20 23:28        53120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-08-26 12:37 . 2012-03-30 12:39        905600        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-26 12:35 . 2012-03-01 11:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-08-26 12:35 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-08-26 12:35 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-08-26 12:35 . 2012-05-01 14:03        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-08-26 12:35 . 2012-04-03 08:16        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-08-26 12:35 . 2012-04-03 08:16        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-08-26 12:27 . 2012-01-09 15:54        613376        ----a-w-        c:\windows\system32\rdpencom.dll
2012-08-26 12:12 . 2012-08-26 12:12        --------        d-----w-        c:\program files\Cisco
2012-08-26 12:12 . 2012-08-26 12:12        --------        d-----w-        c:\users\Win\AppData\Local\Cisco
2012-08-26 12:12 . 2012-08-26 12:12        --------        d-----w-        c:\programdata\Cisco
2012-08-26 01:54 . 2012-08-26 01:54        --------        d-----w-        c:\program files\ShrewSoft
2012-08-21 19:15 . 2012-08-21 19:15        --------        d-----w-        c:\users\Win\AppData\Local\Passbild_Generator
2012-08-21 19:15 . 2012-08-21 19:15        --------        d-----w-        c:\program files\Passbild-Generator
2012-08-08 14:32 . 2012-08-28 18:24        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-08-08 14:31 . 2012-09-02 18:21        --------        d-----w-        c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2011-06-29 16:09        473072        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-15 15:42 . 2012-04-06 09:07        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-15 15:42 . 2011-06-29 16:02        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 19:52 . 2012-08-03 19:52        10744        ----a-w-        c:\windows\system32\vpncategories.dll
2012-08-03 19:52 . 2012-08-03 19:52        33784        ----a-w-        c:\windows\system32\vpnevents.dll
2012-08-03 19:38 . 2012-08-03 19:38        23976        ----a-w-        c:\windows\system32\drivers\vpnva.sys
2012-08-03 19:38 . 2012-08-03 19:38        57256        ----a-r-        c:\windows\system32\drivers\acsmux.sys
2012-08-03 19:38 . 2012-08-03 19:38        38440        ----a-r-        c:\windows\system32\drivers\acsint.sys
2012-07-03 16:21 . 2012-07-29 13:49        18544        ----a-w-        c:\windows\system32\drivers\aswKbd.sys
2012-07-19 14:41 . 2012-07-18 18:11        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-19 6244896]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]
.
c:\users\Win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Win^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk]
path=c:\users\Win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
backup=c:\windows\pss\ctfmon.lnk.Startup
backupExtension=.Startup
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [x]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
IE: Free YouTube Download - c:\users\Win\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Win\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 134.155.96.52 134.155.96.53
FF - ProfilePath - c:\users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
FF - prefs.js: network.proxy.http - www-cache.uni-mannheim.de
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Microsoft® Windows Update - c:\users\Win\M-1-74-6482-7942-8945\winsvc.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
AddRemove-Comical_is1 - d:\comical\unins000.exe
AddRemove-Navigium - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-04 13:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-09-04  13:04:22
ComboFix-quarantined-files.txt  2012-09-04 11:04
.
Vor Suchlauf: 6 Verzeichnis(se), 55.580.049.408 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 58.327.879.680 Bytes frei
.
- - End Of File - - 4F893E414909E8A176DE4343106DC807
--- --- ---

schrauber 04.09.2012 12:39
Hatte ich gestern auch, starte den Rechne rmal neu.

schrauber 04.09.2012 12:40
Und lass bitte Malwarebytes updaten, scannen, Funde löschen, log posten sowie ein frisches OTL logfile.

Volliv 04.09.2012 13:50
So, hier der Malwarebytes-Scan:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.04.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19298
Win :: WIN-PC [Administrator]

04.09.2012 13:37:12
mbam-log-2012-09-04 (13-37-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293783
Laufzeit: 51 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Win\M-1-74-6482-7942-8945 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Und hier der OTL-Logfile:OTL Logfile:
Code:
OTL logfile created on: 04.09.2012 14:39:15 - Run 2
OTL by OldTimer - Version 3.2.59.1    Folder = D:\Virus entfernen
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 60,87% Memory free
5,71 Gb Paging File | 4,70 Gb Available in Paging File | 82,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 52,99 Gb Free Space | 54,26% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 179,39 Gb Free Space | 89,50% Space Free | Partition Type: NTFS
 
Computer Name: WIN-PC | User Name: Win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.03 15:51:48 | 000,598,528 | ---- | M] (OldTimer Tools) -- D:\Virus entfernen\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.03 21:52:33 | 000,685,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012.08.03 21:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe
PRC - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe
PRC - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.19 17:52:48 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.03 21:53:25 | 000,062,968 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.29 18:11:16 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.15 17:42:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.03 21:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.07.19 16:41:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Win\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.08.03 21:38:55 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012.08.03 21:38:05 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012.08.03 21:38:05 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)
DRV - [2012.07.03 18:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.09.02 09:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010.09.02 09:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.06.09 17:29:22 | 001,177,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.01.20 14:49:26 | 000,142,848 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.04.29 01:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19946&mntrId=94d3057100000000000000224353e977e977
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - prefs.js..network.proxy.http: "www-cache.uni-mannheim.de"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.19 20:41:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.04 13:10:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 20:41:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:41:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 20:41:18 | 000,000,000 | ---D | M]
 
[2011.06.29 18:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win\AppData\Roaming\mozilla\Extensions
[2012.07.25 11:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win\AppData\Roaming\mozilla\Firefox\Profiles\1mgg5wko.default\extensions
[2011.10.07 10:12:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Win\AppData\Roaming\mozilla\Firefox\Profiles\1mgg5wko.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.17 20:08:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Win\AppData\Roaming\mozilla\Firefox\Profiles\1mgg5wko.default\extensions\ffxtlbr@babylon.com
[2012.09.04 09:23:34 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-1.xml
[2011.08.25 09:28:52 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-2.xml
[2011.09.01 16:13:26 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-3.xml
[2011.09.08 15:13:52 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-4.xml
[2011.10.06 18:45:55 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-5.xml
[2011.10.11 18:37:50 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-6.xml
[2011.11.21 23:32:37 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-7.xml
[2011.08.10 23:36:37 | 000,001,056 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin.xml
[2012.09.02 20:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.08 16:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.02 20:22:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.04 13:10:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.08.08 16:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.19 16:41:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.08 11:45:29 | 000,002,291 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.08 18:10:54 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2012.09.04 13:02:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Win\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Win\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.155.96.52 134.155.96.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2390E065-FD27-4E16-ADD0-6054CCCC3035}: Domain = uni-mannheim.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2390E065-FD27-4E16-ADD0-6054CCCC3035}: NameServer = 134.155.96.51,134.155.96.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{553941C3-C839-4B2D-9386-B45AF02055B4}: DhcpNameServer = 134.155.96.52 134.155.96.53
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.04 13:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.04 13:18:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.04 13:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.04 13:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.04 13:11:15 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.09.04 13:11:15 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.09.04 13:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.04 13:11:11 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.09.04 13:11:11 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.09.04 13:11:04 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.09.04 13:11:04 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.09.04 13:10:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.04 13:10:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.09.04 13:04:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.04 13:03:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.04 12:54:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.04 12:54:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.04 12:54:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.04 12:54:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.09.04 12:46:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.04 12:46:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.04 09:25:36 | 004,742,575 | R--- | C] (Swearware) -- C:\Users\Win\Desktop\ComboFix.exe
[2012.09.04 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\Win\Desktop\Desktop
[2012.08.28 16:51:49 | 000,000,000 | ---D | C] -- C:\Users\Win\Desktop\Kosten Studium
[2012.08.26 14:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.08.26 14:12:24 | 000,000,000 | ---D | C] -- C:\Users\Win\AppData\Local\Cisco
[2012.08.26 14:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2012.08.26 14:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012.08.26 03:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShrewSoft VPN Client
[2012.08.26 03:54:31 | 000,000,000 | ---D | C] -- C:\Users\Win\Documents\Shrew Soft VPN
[2012.08.26 03:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\ShrewSoft
[2012.08.23 17:59:11 | 000,000,000 | ---D | C] -- C:\Users\Win\Desktop\Uni
[2012.08.21 21:15:45 | 000,000,000 | ---D | C] -- C:\Users\Win\AppData\Local\Passbild_Generator
[2012.08.21 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
[2012.08.21 21:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Passbild-Generator
[2012.08.08 16:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.04 14:42:58 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.04 14:42:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.04 14:42:58 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.04 14:42:58 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.04 14:34:48 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.04 14:34:37 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 14:34:36 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 14:34:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 14:34:27 | 2951,979,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.04 14:21:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.04 13:53:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 13:18:16 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.04 13:12:56 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.04 13:11:15 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.04 13:11:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.04 13:02:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.04 12:03:07 | 000,002,633 | ---- | M] () -- C:\Users\Win\Desktop\Microsoft Office Excel 2007.lnk
[2012.09.04 11:11:50 | 301,251,613 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.04 09:25:59 | 004,742,575 | R--- | M] (Swearware) -- C:\Users\Win\Desktop\ComboFix.exe
[2012.09.03 22:24:07 | 000,002,631 | ---- | M] () -- C:\Users\Win\Desktop\Microsoft Office Word 2007.lnk
[2012.08.27 18:04:55 | 000,233,472 | ---- | M] () -- C:\Users\Win\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.27 03:58:36 | 000,399,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.26 12:43:11 | 000,000,680 | ---- | M] () -- C:\Users\Win\AppData\Local\d3d9caps.dat
[2012.08.21 21:15:41 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Passbild-Generator.lnk
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.15 18:26:05 | 000,001,025 | ---- | M] () -- C:\Users\Win\Desktop\GildeGold_TL - Verknüpfung.lnk
[2012.08.08 17:24:14 | 000,000,680 | ---- | M] () -- C:\Users\Win\Desktop\JDownloader - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.04 13:18:16 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.04 13:12:56 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.04 13:11:26 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.04 13:11:25 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.04 13:11:15 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.04 12:54:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.04 12:54:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.04 12:54:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.04 12:54:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.04 12:54:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.02 20:58:07 | 2951,979,008 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.21 21:15:41 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Passbild-Generator.lnk
[2012.08.08 17:24:21 | 000,000,680 | ---- | C] () -- C:\Users\Win\Desktop\JDownloader - Verknüpfung.lnk
[2011.07.08 11:45:54 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.07.07 22:14:04 | 000,233,472 | ---- | C] () -- C:\Users\Win\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.30 16:52:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.06.30 16:52:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.30 14:17:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.06.29 16:56:42 | 001,703,936 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011.06.29 16:56:42 | 001,630,208 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011.06.29 16:56:42 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011.06.29 16:56:41 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2011.06.29 16:56:40 | 001,486,848 | ---- | C] () -- C:\Windows\System32\nview.dll
[2011.06.29 16:56:40 | 001,339,392 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe
[2011.06.29 16:56:38 | 000,442,368 | ---- | C] () -- C:\Windows\System32\nvappbar.exe
[2011.06.29 16:56:38 | 000,425,984 | ---- | C] () -- C:\Windows\System32\keystone.exe
[2011.06.29 16:24:03 | 000,000,680 | ---- | C] () -- C:\Users\Win\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.07.08 11:45:29 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Babylon
[2011.10.08 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\calibre
[2011.08.20 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\DAEMON Tools Lite
[2011.10.30 12:40:45 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\DVDVideoSoft
[2011.10.07 12:32:15 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.01 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\GameRanger
[2011.07.26 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Lingo4u
[2011.06.29 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\OpenOffice.org
[2012.06.27 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Opera
[2012.09.04 14:33:30 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

schrauber 04.09.2012 14:08
Hi,

Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Win\AppData\Local\Temp\catchme.sys -- (catchme)
:Commands
[emptytemp]





Kaspersky - Onlinescanner

Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware.

---> hier herunterladen => Kaspersky Lab: Anti-Virus, Internet Security, Mobile Security & Antiviren-Software und Services für Unternehmen
=> Hinweise zu älteren Versionen beachten!
=> Voraussetzung: Internet Explorer 6.0 oder höher
=> die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter
=> Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken
=> Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als
=> Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten
=> Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen


Öffne OTl, setze bei Extra Registry Scan den Haken bei Standard und drück den Scan Button, poste beide Logfiles. Wie läuft der Rechner?

Volliv 04.09.2012 16:37
Bei Kaspersky steht nichts von ActiveX-Steuerelementen, Update-Signaturen etc.. Nach der Installation steht da nur etwas von einem Schnellscan und einem ausführlichen. Einen Schnellscan habe ich durchgeführt, der hat nichts weiter gefunden, (es gibt auch kein richtiges Protokoll, wie bei den anderen Scan-Programmen, sondern nur Endergebnisse) sondern meckert nur wegen einiger Internet-Explorer-Einstellungen rum. Ich lasse jetzt mal die ausführiche Version durchlaufen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:06 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131