Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaerfund und zwei Hijackereinträge (https://www.trojaner-board.de/94027-trojaerfund-zwei-hijackereintraege.html)

schikum 22.12.2010 20:32
Trojaerfund und zwei Hijackereinträge
 
Hallo
Nachdem mein Spyware einen Trojaner entdeckte (opachki.ru), habe ich nun auch noch malware laufenlassen, welche mir die zwei Hijacker-Einträge aufdeckte. Den Trojaner hab ich gelöscht und die Einträge sind noch in Quarantäne. Ich weiss natürlich nicht, wie lange die Dinger schon wirkten, und auch nicht was. Auffallend ist nur, dass sich der WLAN öfters abhängt, jedoch unregelmässig.
Ich habe die Logfiles hier:
malware:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

22.12.2010 19:42:30
mbam-log-2010-12-22 (19-42-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 310031
Laufzeit: 1 Stunde(n), 21 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


OTL:OTL Logfile:
Code:
OTL logfile created on: 22.12.2010 19:52:37 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000807 | Country: *** | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 141.62 Gb Free Space | 47.51% Space Free | Partition Type: NTFS
 
Computer Name: PAPI-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe File not found
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ntcdrdrv) -- C:\Windows\System32\DRIVERS\ntcdrdrv.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (FXDrv32) -- D:\FXDrv32.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (bbcap) -- C:\Windows\System32\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (RTLWUSB) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.stegcomputer.ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://bazonline.ch/schweiz/"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.8
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.20 20:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 21:42:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 13:56:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.20 20:13:23 | 000,000,000 | ---D | M]
 
[2010.09.08 08:34:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.08 08:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.22 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions
[2010.04.28 06:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Papi\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.28 20:38:30 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2010.11.11 15:03:24 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.10.26 07:42:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.11 13:56:37 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.12.21 16:12:00 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009.03.15 18:59:06 | 000,000,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\ask.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\iMeshWebSearch.xml
[2010.11.11 16:45:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.13 23:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 16:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.11 16:45:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.03.03 16:31:22 | 000,162,072 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.07.25 22:00:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.25 22:00:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2010.07.25 22:00:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.25 22:00:30 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.25 22:00:30 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.25 15:26:47 | 000,414,821 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.163ns.com
O1 - Hosts: 14325 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.22 19:48:51 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.20 20:48:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010.12.20 20:48:52 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010.12.20 20:48:51 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010.12.20 20:24:12 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010.12.20 20:13:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.12.20 20:12:28 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.12.20 20:11:58 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.12.20 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.12.15 11:44:50 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 11:43:54 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 11:43:54 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 11:43:54 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 11:43:26 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 11:43:25 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 11:43:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 11:43:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 11:42:32 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 11:42:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 11:42:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 11:42:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 11:42:27 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 11:42:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 11:42:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 11:42:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 11:42:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 11:42:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 11:42:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 11:42:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 11:42:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 11:42:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 11:42:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 11:42:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 11:42:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 11:41:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.09 20:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blueberry
[2010.12.04 13:11:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\276_chanukkalieder 3-1
[2010.12.04 11:47:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\chanukka1
[2010.12.02 07:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2010.11.24 21:54:05 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.12.22 19:48:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Papi\Desktop\OTL.exe
[2010.12.22 19:47:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.12.22 19:46:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 19:46:23 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
[2010.12.22 19:45:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 19:44:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 19:44:13 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 19:01:10 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010.12.22 18:00:04 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.12.22 17:43:24 | 000,001,374 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_174319.reg
[2010.12.22 17:36:53 | 000,000,536 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173649.reg
[2010.12.22 17:36:25 | 000,019,622 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173618.reg
[2010.12.22 15:38:15 | 000,018,944 | ---- | M] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr
[2010.12.22 15:38:15 | 000,002,272 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.12.20 20:49:43 | 000,146,944 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 20:34:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.12.20 20:34:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.12.20 19:53:13 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.20 19:53:13 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.20 19:53:13 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.20 19:53:13 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 19:38:41 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.09 22:00:37 | 2375,922,974 | ---- | M] () -- C:\Users\***\Desktop\Tierfilm.fbr
[2010.12.07 11:18:21 | 000,000,821 | ---- | M] () -- C:\Users\***\Desktop\HhDez10.lnk
[2010.12.05 22:03:48 | 002,716,939 | ---- | M] () -- C:\Users\***\Desktop\traum yaschuah.wma
[2010.11.24 21:54:06 | 000,000,845 | ---- | M] () -- C:\Users\***\Desktop\PhotoFiltre.lnk
[2010.11.23 11:02:05 | 000,753,363 | ---- | M] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif
 
========== Files Created - No Company Name ==========
 
[2010.12.22 17:43:22 | 000,001,374 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_174319.reg
[2010.12.22 17:36:51 | 000,000,536 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173649.reg
[2010.12.22 17:36:22 | 000,019,622 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173618.reg
[2010.12.22 17:13:20 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.12.22 11:59:55 | 000,018,944 | ---- | C] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr
[2010.12.20 20:34:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.12.20 20:34:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.12.20 20:24:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.12.09 22:01:02 | 2375,922,974 | ---- | C] () -- C:\Users\***\Desktop\Tierfilm.fbr
[2010.12.07 11:18:21 | 000,000,821 | ---- | C] () -- C:\Users\***\Desktop\HhDez10.lnk
[2010.12.05 22:03:47 | 002,716,939 | ---- | C] () -- C:\Users\***\Desktop\traum yaschuah.wma
[2010.11.24 21:54:06 | 000,000,845 | ---- | C] () -- C:\Users\***\Desktop\PhotoFiltre.lnk
[2010.11.23 11:02:03 | 000,753,363 | ---- | C] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif
[2010.11.15 03:07:02 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.06.03 18:56:40 | 000,000,278 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2010.06.02 12:16:44 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.13 22:59:27 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2010.03.04 21:31:41 | 000,025,600 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2009.10.23 14:20:02 | 000,001,024 | ---- | C] () -- C:\ProgramData\1pdfdec.dll
[2009.10.23 14:19:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini
[2009.09.11 12:40:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.27 19:32:48 | 000,076,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Smiley.ico
[2009.06.28 10:40:13 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.06.13 20:52:15 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.08.27 19:00:09 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 12:48:43 | 000,002,272 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.08.26 18:26:27 | 000,146,944 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.04 11:44:57 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2008.07.04 11:44:57 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2008.07.04 11:44:57 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2008.07.04 11:44:57 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2008.07.04 11:44:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.05.21 15:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alpen 3D Online
[2010.12.09 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blueberry
[2010.06.06 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.12.20 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.06.02 12:48:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2009.02.04 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DreamChess
[2010.11.14 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.06.06 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalBurner AudioCD Ripper
[2010.05.29 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer
[2010.12.09 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2009.03.15 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.06.03 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2010.05.13 23:30:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LogSys
[2010.06.21 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg
[2010.01.15 17:03:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NASA
[2010.02.01 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2009.03.15 16:19:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.14 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Paltalk
[2009.12.13 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.06.21 00:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre
[2010.08.18 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2009.10.20 11:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PixelPlanet
[2008.08.27 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.09.08 08:34:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010.12.22 19:43:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 837 bytes -> C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty
@Alternate Data Stream - 777 bytes -> C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty
 
< End of report >
--- --- ---


Extras:OTL Logfile:
Code:
OTL logfile created on: 22.12.2010 19:52:37 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000807 | Country: *** | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 141.62 Gb Free Space | 47.51% Space Free | Partition Type: NTFS
 
Computer Name: PAPI-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe File not found
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ntcdrdrv) -- C:\Windows\System32\DRIVERS\ntcdrdrv.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (FXDrv32) -- D:\FXDrv32.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (bbcap) -- C:\Windows\System32\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (RTLWUSB) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.stegcomputer.ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://bazonline.ch/schweiz/"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.8
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.20 20:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 21:42:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 13:56:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.20 20:13:23 | 000,000,000 | ---D | M]
 
[2010.09.08 08:34:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.08 08:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.22 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions
[2010.04.28 06:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Papi\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.28 20:38:30 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2010.11.11 15:03:24 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.10.26 07:42:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.11 13:56:37 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.12.21 16:12:00 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009.03.15 18:59:06 | 000,000,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\ask.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\iMeshWebSearch.xml
[2010.11.11 16:45:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.13 23:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 16:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.11 16:45:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.03.03 16:31:22 | 000,162,072 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.07.25 22:00:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.25 22:00:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2010.07.25 22:00:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.25 22:00:30 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.25 22:00:30 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.25 15:26:47 | 000,414,821 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.163ns.com
O1 - Hosts: 14325 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.22 19:48:51 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.20 20:48:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010.12.20 20:48:52 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010.12.20 20:48:51 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010.12.20 20:24:12 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010.12.20 20:13:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.12.20 20:12:28 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.12.20 20:11:58 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.12.20 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.12.15 11:44:50 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 11:43:54 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 11:43:54 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 11:43:54 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 11:43:26 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 11:43:25 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 11:43:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 11:43:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 11:42:32 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 11:42:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 11:42:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 11:42:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 11:42:27 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 11:42:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 11:42:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 11:42:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 11:42:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 11:42:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 11:42:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 11:42:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 11:42:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 11:42:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 11:42:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 11:42:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 11:42:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 11:41:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.09 20:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blueberry
[2010.12.04 13:11:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\276_chanukkalieder 3-1
[2010.12.04 11:47:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\chanukka1
[2010.12.02 07:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2010.11.24 21:54:05 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.12.22 19:48:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Papi\Desktop\OTL.exe
[2010.12.22 19:47:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.12.22 19:46:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 19:46:23 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
[2010.12.22 19:45:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 19:44:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 19:44:13 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 19:01:10 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010.12.22 18:00:04 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.12.22 17:43:24 | 000,001,374 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_174319.reg
[2010.12.22 17:36:53 | 000,000,536 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173649.reg
[2010.12.22 17:36:25 | 000,019,622 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173618.reg
[2010.12.22 15:38:15 | 000,018,944 | ---- | M] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr
[2010.12.22 15:38:15 | 000,002,272 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.12.20 20:49:43 | 000,146,944 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 20:34:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.12.20 20:34:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.12.20 19:53:13 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.20 19:53:13 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.20 19:53:13 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.20 19:53:13 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 19:38:41 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.09 22:00:37 | 2375,922,974 | ---- | M] () -- C:\Users\***\Desktop\Tierfilm.fbr
[2010.12.07 11:18:21 | 000,000,821 | ---- | M] () -- C:\Users\***\Desktop\HhDez10.lnk
[2010.12.05 22:03:48 | 002,716,939 | ---- | M] () -- C:\Users\***\Desktop\traum yaschuah.wma
[2010.11.24 21:54:06 | 000,000,845 | ---- | M] () -- C:\Users\***\Desktop\PhotoFiltre.lnk
[2010.11.23 11:02:05 | 000,753,363 | ---- | M] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif
 
========== Files Created - No Company Name ==========
 
[2010.12.22 17:43:22 | 000,001,374 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_174319.reg
[2010.12.22 17:36:51 | 000,000,536 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173649.reg
[2010.12.22 17:36:22 | 000,019,622 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173618.reg
[2010.12.22 17:13:20 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.12.22 11:59:55 | 000,018,944 | ---- | C] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr
[2010.12.20 20:34:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.12.20 20:34:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.12.20 20:24:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.12.09 22:01:02 | 2375,922,974 | ---- | C] () -- C:\Users\***\Desktop\Tierfilm.fbr
[2010.12.07 11:18:21 | 000,000,821 | ---- | C] () -- C:\Users\***\Desktop\HhDez10.lnk
[2010.12.05 22:03:47 | 002,716,939 | ---- | C] () -- C:\Users\***\Desktop\traum yaschuah.wma
[2010.11.24 21:54:06 | 000,000,845 | ---- | C] () -- C:\Users\***\Desktop\PhotoFiltre.lnk
[2010.11.23 11:02:03 | 000,753,363 | ---- | C] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif
[2010.11.15 03:07:02 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.06.03 18:56:40 | 000,000,278 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2010.06.02 12:16:44 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.13 22:59:27 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2010.03.04 21:31:41 | 000,025,600 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2009.10.23 14:20:02 | 000,001,024 | ---- | C] () -- C:\ProgramData\1pdfdec.dll
[2009.10.23 14:19:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini
[2009.09.11 12:40:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.27 19:32:48 | 000,076,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Smiley.ico
[2009.06.28 10:40:13 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.06.13 20:52:15 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.08.27 19:00:09 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 12:48:43 | 000,002,272 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.08.26 18:26:27 | 000,146,944 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.04 11:44:57 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2008.07.04 11:44:57 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2008.07.04 11:44:57 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2008.07.04 11:44:57 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2008.07.04 11:44:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.05.21 15:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alpen 3D Online
[2010.12.09 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blueberry
[2010.06.06 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.12.20 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.06.02 12:48:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2009.02.04 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DreamChess
[2010.11.14 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.06.06 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalBurner AudioCD Ripper
[2010.05.29 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer
[2010.12.09 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2009.03.15 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.06.03 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2010.05.13 23:30:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LogSys
[2010.06.21 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg
[2010.01.15 17:03:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NASA
[2010.02.01 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2009.03.15 16:19:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.14 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Paltalk
[2009.12.13 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.06.21 00:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre
[2010.08.18 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2009.10.20 11:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PixelPlanet
[2008.08.27 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.09.08 08:34:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010.12.22 19:43:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 837 bytes -> C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty
@Alternate Data Stream - 777 bytes -> C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty
 
< End of report >
--- --- ---
Danke für das Reinschauen.

PS: Wann ist denn der Platz aufgebraucht, von wegen Zippen? :rolleyes:

cosinus 06.01.2011 20:12
So, kümmer mich auch nun um diesen zweiten(?) Rechner von dir. Ist doch ein anderer Rechner? :confused:

Mach bitte einen Vollscan mit MBAM und aktuellen Signaturen. Poste dieses Log dann und auch etwaige andere, also alle Logs, die unterm Reiter Logdateien sichtbar sind.

schikum 07.01.2011 11:47
Ja, das ist ein anderer Rechner.
Es gab keine funde im Scan.
Hier das neueste Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5475

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

07.01.2011 11:30:47
mbam-log-2011-01-07 (11-30-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 312800
Laufzeit: 1 Stunde(n), 21 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Und hier die Alten:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

10.02.2010 12:04:34
mbam-log-2010-02-10 (12-04-34).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 52654
Laufzeit: 9 minute(s), 24 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

10.02.2010 18:22:52
mbam-log-2010-02-10 (18-22-52).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 254497
Laufzeit: 1 hour(s), 0 minute(s), 13 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

13.02.2010 10:29:58
mbam-log-2010-02-13 (10-29-58).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 164321
Laufzeit: 50 minute(s), 47 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3732
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

13.02.2010 11:26:56
mbam-log-2010-02-13 (11-26-56).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 259338
Laufzeit: 53 minute(s), 43 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3732
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

15.02.2010 15:25:22
mbam-log-2010-02-15 (15-25-22).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 7824
Laufzeit: 16 minute(s), 0 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3732
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

15.02.2010 17:18:04
mbam-log-2010-02-15 (17-18-04).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 1
Laufzeit: 3 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

22.12.2010 19:42:30
mbam-log-2010-12-22 (19-42-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 310031
Laufzeit: 1 Stunde(n), 21 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 07.01.2011 13:31
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
DRV - (FXDrv32) -- D:\FXDrv32.sys File not found
O33 - MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found
@Alternate Data Stream - 837 bytes -> C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty
@Alternate Data Stream - 777 bytes -> C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

schikum 07.01.2011 15:02
ja, Rechner wurde neugestartet.
Log:
All processes killed
========== OTL ==========
Service FXDrv32 stopped successfully!
Service FXDrv32 deleted successfully!
File D:\FXDrv32.sys File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bd54afb-6337-11df-9be0-0018e726c5db}\ not found.
File J:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{700bc62d-6c16-11df-826d-0018e726c5db}\ not found.
File J:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{918fd52b-6400-11df-ba96-0018e726c5db}\ not found.
File J:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f180735f-df73-11df-a8c2-0018e726c5db}\ not found.
File J:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\ not found.
File I:\Launcher.exe not found.
ADS C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty deleted successfully.
ADS C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Papi
->Temp folder emptied: 10717107 bytes
->Temporary Internet Files folder emptied: 51199975 bytes
->Java cache emptied: 64868078 bytes
->FireFox cache emptied: 87211559 bytes
->Flash cache emptied: 29655 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145644 bytes
RecycleBin emptied: 96600577 bytes

Total Files Cleaned = 296.00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 01072011_144534

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Wenn ich das so durchlese, dann scheinen einige Einträge nicht wirklich zu existieren, oder verstecken sich :stirn:

cosinus 07.01.2011 15:06
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

schikum 07.01.2011 15:56
Combo-Log:
Combofix Logfile:
Code:
ComboFix 11-01-06.06 - Papi 07.01.2011  15:27:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.41.1031.18.2036.1100 [GMT 1:00]
ausgeführt von:: c:\users\Papi\Desktop\cofi.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\programdata\1pdfdec.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-12-07 bis 2011-01-07  ))))))))))))))))))))))))))))))
.

2011-01-07 13:45 . 2011-01-07 13:45        --------        d-----w-        C:\_OTL
2011-01-06 20:27 . 2011-01-06 20:27        2090248        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-20 19:48 . 2009-07-14 17:45        132224        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys
2010-12-20 19:48 . 2009-07-14 17:48        64512        ----a-w-        c:\windows\system32\WUDFSvc.dll
2010-12-20 19:48 . 2009-07-14 17:48        39936        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll
2010-12-20 19:48 . 2009-07-14 17:48        162304        ----a-w-        c:\windows\system32\WUDFPlatform.dll
2010-12-20 19:48 . 2009-07-14 17:45        92672        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys
2010-12-20 19:48 . 2009-07-14 17:45        195584        ----a-w-        c:\windows\system32\WUDFHost.exe
2010-12-20 19:48 . 2009-07-14 17:48        567808        ----a-w-        c:\windows\system32\WUDFx.dll
2010-12-20 19:24 . 2009-07-14 17:45        38480        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2010-12-20 19:24 . 2009-07-14 17:45        445008        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2010-12-20 19:12 . 2008-08-26 09:26        18816        ----a-w-        c:\windows\system32\drivers\pccsmcfd.sys
2010-12-20 19:11 . 2010-12-20 19:12        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-12-20 19:06 . 2010-12-20 19:06        --------        d-----w-        c:\programdata\NokiaInstallerCache
2010-12-15 10:44 . 2010-10-12 15:53        33280        ----a-w-        c:\program files\Windows Mail\wabfind.dll
2010-12-15 10:44 . 2010-10-12 13:41        66048        ----a-w-        c:\program files\Windows Mail\wabmig.exe
2010-12-15 10:44 . 2010-10-12 13:41        515584        ----a-w-        c:\program files\Windows Mail\wab.exe
2010-12-15 10:44 . 2010-10-18 13:31        2038272        ----a-w-        c:\windows\system32\win32k.sys
2010-12-15 10:43 . 2010-11-04 18:55        601600        ----a-w-        c:\windows\system32\schedsvc.dll
2010-12-15 10:43 . 2010-11-04 18:56        345600        ----a-w-        c:\windows\system32\wmicmiplugin.dll
2010-12-15 10:43 . 2010-11-04 18:55        352768        ----a-w-        c:\windows\system32\taskschd.dll
2010-12-15 10:43 . 2010-11-04 18:55        270336        ----a-w-        c:\windows\system32\taskcomp.dll
2010-12-15 10:43 . 2010-11-04 16:34        171520        ----a-w-        c:\windows\system32\taskeng.exe
2010-12-15 10:43 . 2010-10-18 13:37        81920        ----a-w-        c:\windows\system32\consent.exe
2010-12-15 10:43 . 2010-10-28 15:44        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-12-15 10:43 . 2010-10-28 13:27        292352        ----a-w-        c:\windows\system32\atmfd.dll
2010-12-15 10:43 . 2010-06-16 15:30        72704        ----a-w-        c:\windows\system32\fontsub.dll
2010-12-15 10:41 . 2010-10-28 13:20        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-12-15 10:41 . 2010-11-03 10:51        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2010-12-09 19:07 . 2010-12-09 19:07        --------        d-----w-        c:\programdata\Blueberry

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-02-10 10:54        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-02-10 10:54        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-11 15:45 . 2010-05-13 22:19        472808        ----a-w-        c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58        333192        ----a-w-        c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58        91568        ----a-w-        c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2010-8-7 12734216]
Philips GoGear Spark Gere-Manager.lnk - c:\program files\Philips\GoGear Spark Device Manager\main.exe [2010-5-19 7974455]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c986e543ae0809;Google Update Service (gupdate1c986e543ae0809);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
R3 RTLWUSB;802.11g USB2.0 WLAN Dongle;c:\windows\system32\DRIVERS\RTL8187.sys [2006-04-12 169472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-02 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-05-13 4096]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2011-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 14:53]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 16:25]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 16:25]

2011-01-06 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-08-27 07:42]

2011-01-06 c:\windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-08-27 07:42]

2011-01-07 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.imesh.com/
uInternet Settings,ProxyOverride = *.local
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Papi\AppData\Roaming\Mozilla\Firefox\Profiles\n2jr1rrn.default\
FF - prefs.js: browser.startup.homepage - hxxp://bazonline.ch/schweiz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: MediaBar: {28D35620-51D9-11DE-9D13-2DB156D89593} - %profile%\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-01-07 15:41
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-01-07  15:44:44
ComboFix-quarantined-files.txt  2011-01-07 14:44

Vor Suchlauf: 14 Verzeichnis(se), 150'192'947'200 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 150'087'929'856 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - DF1005E603B1C21EDC609E0BEF0B7BFC
--- --- ---

cosinus 07.01.2011 19:15
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

schikum 10.01.2011 14:16
OK, GMER läuft auch hier nicht.
OSAM-LOg:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:11:29 on 10.01.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Spybot - Search & Destroy -  Scheduled Task.job" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"Spybot - Search & Destroy Updater -  Scheduled Task.job" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"802.11g USB2.0 WLAN Dongle" (RTLWUSB) - "Realtek Semiconductor Corporation                          " - C:\Windows\System32\DRIVERS\RTL8187.sys
"apeju9d0" (apeju9d0) - "Microsoft Corporation" - C:\Windows\system32\drivers\apeju9d0.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\Papi\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"ntcdrdrv" (ntcdrdrv) - ? - C:\Windows\System32\DRIVERS\ntcdrdrv.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{A8065B9E-193F-4797-B62D-8F6321E7FCCB} "Blueberry FlashBack Client" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "CShellStitcher Object" - "Microsoft Corporation" - C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - ? -  (File not found | COM-object registry key not found)
{34F4B935-17DC-4885-8BC9-CCD1ADF42F93} "Record ISO Image to CD" - ? -  (File not found | COM-object registry key not found)
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Foxit Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"PalTalk" - "AVM Software Inc." - C:\Program Files\Paltalk Messenger\Paltalk.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Foxit Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll
{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} "MediaBar" - ? - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} "MediaBar" - ? - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll
{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} "PDF-XChange Viewer IE-Plugin" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"PalTalk.lnk" - "AVM Software Inc." - C:\Program Files\Paltalk Messenger\paltalk.exe  (Shortcut exists | File exists)
"Philips GoGear Spark Gere-Manager.lnk" - "KeenHigh Tech." - C:\Program Files\Philips\GoGear Spark Device Manager\main.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast5" - "AVAST Software" - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"IJNetworkScanUtility" - "CANON INC." - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c986e543ae0809)" (gupdate1c986e543ae0809) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


MBR-Log:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Foxconn
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: OEM
System Product Name: OEM
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 154):
0x83038000 \SystemRoot\system32\ntkrnlpa.exe
0x83005000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80671000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8067F000 \SystemRoot\System32\Drivers\sprx.sys
0x80772000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8077B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807A1000 \SystemRoot\system32\drivers\acpi.sys
0x807E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x805BB000 \SystemRoot\system32\drivers\pci.sys
0x807EF000 \SystemRoot\System32\drivers\partmgr.sys
0x805E2000 \SystemRoot\system32\drivers\volmgr.sys
0x8360F000 \SystemRoot\System32\drivers\volmgrx.sys
0x83659000 \SystemRoot\system32\drivers\intelide.sys
0x83660000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8366E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8367E000 \SystemRoot\system32\drivers\atapi.sys
0x83686000 \SystemRoot\system32\drivers\ataport.SYS
0x836A4000 \SystemRoot\system32\drivers\fltmgr.sys
0x836D6000 \SystemRoot\system32\drivers\fileinfo.sys
0x836E6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88C02000 \SystemRoot\system32\drivers\ndis.sys
0x88D0D000 \SystemRoot\system32\drivers\msrpc.sys
0x88D38000 \SystemRoot\system32\drivers\NETIO.SYS
0x88E05000 \SystemRoot\System32\drivers\tcpip.sys
0x88EEF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8900C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8911C000 \SystemRoot\system32\drivers\volsnap.sys
0x89155000 \SystemRoot\System32\Drivers\spldr.sys
0x8915D000 \SystemRoot\System32\Drivers\mup.sys
0x8916C000 \SystemRoot\System32\drivers\ecache.sys
0x89193000 \SystemRoot\system32\drivers\disk.sys
0x891A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x891C5000 \SystemRoot\system32\drivers\crcdisk.sys
0x891EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88F0A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8CA0A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D0C5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D166000 \SystemRoot\System32\drivers\watchdog.sys
0x8D172000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x89000000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x88F19000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88F57000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D20E000 \SystemRoot\system32\DRIVERS\Ph3xIB32.sys
0x8D323000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D34D000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x8D350000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8D35B000 \SystemRoot\system32\DRIVERS\serial.sys
0x8D375000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8D37F000 \SystemRoot\system32\DRIVERS\irsir.sys
0x8D38A000 \SystemRoot\system32\drivers\irenum.sys
0x8D393000 \SystemRoot\system32\DRIVERS\parport.sys
0x8D3AB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D3C3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x88F66000 \SystemRoot\System32\Drivers\apeju9d0.SYS
0x8D3C9000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8D3D1000 \SystemRoot\system32\DRIVERS\bbcap.sys
0x8D3D7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x88F9F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x88D73000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x88FCE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x88FE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x88DB4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x88FF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x88DD7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x88DEB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x83757000 \SystemRoot\system32\DRIVERS\termdd.sys
0x83767000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x83772000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D20B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8377D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8378A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x837BF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DA04000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x837D0000 \SystemRoot\system32\drivers\portcls.sys
0x8DC0E000 \SystemRoot\system32\drivers\drmk.sys
0x8DC33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8DC3C000 \SystemRoot\System32\Drivers\Null.SYS
0x8DC43000 \SystemRoot\System32\Drivers\Beep.SYS
0x8DC53000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DC5A000 \SystemRoot\System32\drivers\vga.sys
0x8DC66000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8DC6E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DC76000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DC81000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DC8F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DC98000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DCAE000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8DCB8000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DCCC000 \SystemRoot\system32\drivers\afd.sys
0x8DD14000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8DD19000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DD4B000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8DD54000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DD6A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DD78000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DD8B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DDC7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DDD1000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DE05000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8DE2C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DE39000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8DE44000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8DE4C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8DE61000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x968A0000 \SystemRoot\System32\win32k.sys
0x8DE63000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DE6D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8DE84000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8DE8D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8DE9D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8DEA6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8DEAE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96AC0000 \SystemRoot\System32\TSDDD.dll
0x96AE0000 \SystemRoot\System32\cdd.dll
0x8DEBD000 \SystemRoot\system32\drivers\luafv.sys
0x8DED8000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8DF0F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8DF12000 \SystemRoot\system32\drivers\WudfPf.sys
0x8DF2C000 \SystemRoot\system32\drivers\spsys.sys
0x8DFDC000 \SystemRoot\system32\DRIVERS\irda.sys
0x8DDE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8120B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81235000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8123F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81252000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x8125B000 \SystemRoot\system32\drivers\HTTP.sys
0x812C8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x812E5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x812FE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81313000 \SystemRoot\system32\drivers\mrxdav.sys
0x81334000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81353000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8138C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x813A4000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAA602000 \SystemRoot\System32\DRIVERS\srv.sys
0xAA650000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xAA657000 \SystemRoot\system32\drivers\peauth.sys
0xAA735000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAA73F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAA74B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAA76C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAA782000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0xAA791000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x774C0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 66):
0 System Idle Process
4 System
504 C:\Windows\System32\smss.exe
572 csrss.exe
616 C:\Windows\System32\wininit.exe
628 csrss.exe
660 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\winlogon.exe
864 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\SLsvc.exe
1308 C:\Windows\System32\svchost.exe
1528 C:\Windows\System32\svchost.exe
1656 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1888 C:\Windows\System32\spoolsv.exe
1896 C:\Windows\System32\taskeng.exe
1932 C:\Windows\System32\svchost.exe
544 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
552 C:\Program Files\Bonjour\mDNSResponder.exe
780 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1536 C:\Windows\System32\IoctlSvc.exe
1680 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\SearchIndexer.exe
2188 WUDFHost.exe
2268 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3276 C:\Windows\System32\taskeng.exe
3308 C:\Windows\System32\dwm.exe
3360 C:\Windows\explorer.exe
3480 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
3720 C:\Windows\RtHDVCpl.exe
3772 C:\Windows\System32\igfxtray.exe
3780 C:\Windows\System32\hkcmd.exe
3796 C:\Windows\System32\igfxpers.exe
3848 C:\Windows\System32\wpcumi.exe
3868 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3876 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
3948 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3976 C:\Program Files\iTunes\iTunesHelper.exe
4004 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4016 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
4044 C:\Windows\ehome\ehtray.exe
4052 C:\Program Files\DAEMON Tools Lite\DTLite.exe
4060 C:\Program Files\Windows Media Player\wmpnscfg.exe
4068 C:\Program Files\Paltalk Messenger\paltalk.exe
4076 C:\Windows\System32\wbem\unsecapp.exe
1036 WmiPrvSE.exe
2676 C:\Program Files\Mozilla Firefox\firefox.exe
2160 C:\Windows\System32\igfxsrvc.exe
2384 C:\Windows\ehome\ehmsas.exe
3184 C:\Program Files\Mozilla Firefox\plugin-container.exe
1028 C:\Program Files\Windows Media Player\wmpnetwk.exe
156 C:\Program Files\iPod\bin\iPodService.exe
4228 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4380 C:\Windows\System32\SearchProtocolHost.exe
4472 C:\Windows\System32\SearchFilterHost.exe
4728 C:\Users\Papi\Desktop\MBRCheck.exe
2928 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 10.01.2011 14:17
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

schikum 10.01.2011 18:50
ok, keine malware-funde, wieder bloss Cookies und Reste.
Komisch ist ja, dass, obwohl der Browser die cookies nach der Sitzung löscht, ich doch noch welche habe.:pfui:

MBAM-Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5495

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

10.01.2011 15:50:20
mbam-log-2011-01-10 (15-50-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 312165
Laufzeit: 1 Stunde(n), 11 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


SUPER-Log:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/10/2011 at 06:28 PM

Application Version : 4.47.1000

Core Rules Database Version : 6165
Trace Rules Database Version: 3977

Scan type : Complete Scan
Total Scan Time : 01:55:12

Memory items scanned : 675
Memory threats detected : 0
Registry items scanned : 9137
Registry threats detected : 1
File items scanned : 170427
File threats detected : 20

Adware.Tracking Cookie
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@webmasterplan[2].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ad2.adfarm1.adition[1].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@edgeadx[1].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@stats2.clicktracks[2].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@bs.serving-sys[1].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@content.yieldmanager[3].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@adtech[2].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@adfarm1.adition[1].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ad.zanox[1].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ad.adc-serv[2].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@zanox[1].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@media6degrees[2].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@serving-sys[1].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ads.ad4game[2].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@tracking.mindshare[1].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@ad.yieldmanager[2].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@eas.apm.emediate[1].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@tracking.quisma[2].txt
C:\Users\Papi\AppData\Roaming\Microsoft\Windows\Cookies\papi@content.yieldmanager[2].txt

Rogue.Pallidium
HKU\S-1-5-21-4113668579-2867794635-1885708499-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS#WARNONPOSTREDIRECT

cosinus 10.01.2011 20:22
Zitat:
obwohl der Browser die cookies nach der Sitzung löscht, ich doch noch welche habe
1.) Cookies sind keine "echte" Bedrohung
2.) Surfst du echt mit dem IE und der ist so eingestellt, dass er cookies beim Beenden löscht?

schikum 10.01.2011 20:31
nein, ich surfe mit firefox, habe aber den IE auch noch, weil einige programme nach ihm verlangen.
sieht es sonst ok. aus?

cosinus 10.01.2011 20:36
Ja. Die gefundenen Cookies stammen vom IE.
Rechner wieder paletti?

schikum 10.01.2011 20:51
Ich bemerkte auch hier nicht wirklich "Störungen". Der Fund wurde durch die Malware einfach angezeigt. Aber ich werd einiges umbauen :taenzer:. Zuerst hab ich mal ein Standardkonto gemacht und den Admin als "Gebrauchskonto" aufgehoben. :killpc:
Und dann werd ich mir die Prog-Updates anschauen. :crazy:
Und dann möchte ich auch ein Bisschen verstehen lernen, was nun genau wo reinkam :uglyhammer:
Danke für den guten einsatz :daumenhoc
Dieses forum empfiehlt man gerne weiter :applaus:


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:27 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131