Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Runtime Error 226 at 005A54597 und eine Auswertung! (https://www.trojaner-board.de/99116-runtime-error-226-at-005a54597-auswertung.html)

Carbonas 15.05.2011 19:32
Runtime Error 226 at 005A54597 und eine Auswertung!
 
Hallo,
und zwar habe ich folgendes Problem.
Wenn ich immer eine neue Internetseite öffne taucht der Error Fehler auf.
Zudem nach jedem Rechtsklick.
Also habe ich mal ein bisschen gegoogelt aber nichts der gleichen gefunden was auf einen Virus oder ähnliches spricht.
Komischerweise taucht auch dieser Fehler auf als ich heute (15.05.11) "Windoof" geuptatet habe. Und ja ich habe eine Originale Windows 7 CD mit Originalen Code.
Denn Screenshot vom Fehler habe ich im Anhang.
Nun zu der Auswertung:

Hier erstmal die Malwarebytes:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6585

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

15.05.2011 20:22:00
mbam-log-2011-05-15 (20-22-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 308190
Laufzeit: 35 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 18

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\program files\mozilla firefox\rasadhlp.dll (Spyware.Passwords.XGen) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\mozilla firefox\rasadhlp.dll (Spyware.Passwords.XGen) -> Delete on reboot.
c:\program files\dvd maker\rasadhlp.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\windows mail\rasadhlp.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\windows photo viewer\rasadhlp.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\WinRAR\rasadhlp.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\filezilla ftp client\hnetcfg.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\internet explorer\rasadhlp.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\bckczne.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\cojmeaa.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\kvydfa8.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\16gzic5.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\2e7tav0.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Roaming\Adobe\plugs\mmc578857.txt (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\0.34013360521728175.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\0.5987385533672321.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\0.400087096094477.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Roaming\Adobe\plugs\mmc179.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Die Viren habe ich wie gewohnt gelöscht und die in der Quarantäne auch.

OTL:
OTL Logfile:
Code:
OTL logfile created on: 15.05.2011 20:28:54 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\*****\Downloads
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 395,11 Gb Free Space | 84,83% Space Free | Partition Type: NTFS
Drive D: | 7,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.15 20:25:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Downloads\OTL.exe
PRC - [2011.05.05 14:15:53 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011.05.03 12:00:46 | 002,846,320 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2011.04.30 21:26:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.30 01:55:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.16 23:14:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.24 12:59:08 | 002,000,712 | ---- | M] (Comfort Software Group) -- C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 05:17:02 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.15 20:25:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Downloads\OTL.exe
MOD - [2010.11.20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.30 01:55:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.16 23:14:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.10 07:36:00 | 003,648,584 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2009.07.16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 23:14:05 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.13 09:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 70 EF D1 68 DB CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}: C:\Users\*****\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.21 16:20:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.21 16:20:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\*****\AppData\Roaming\5015
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.01 02:06:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 14:38:01 | 000,000,000 | ---D | M]
 
[2010.12.30 20:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2011.05.15 19:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.01 21:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\battlefieldplay4free@ea.com
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\eafo3fflauncher@ea.com
[2011.01.01 21:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\engine@conduit.com
[2011.02.19 16:29:57 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\firefox@tvunetworks.com
[2011.05.11 14:07:15 | 000,001,056 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\searchplugins\icqplugin.xml
[2011.04.14 05:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.21 16:20:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.21 16:20:39 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.12.30 21:03:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.05 16:50:02 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.05 16:50:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.05 16:50:02 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.05 16:50:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.05 16:50:02 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.30 20:38:27 | 000,433,294 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14910 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [FreeCT] C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: infospyware.net ([www] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.27 22:11:56 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 22:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 22:11:56 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2010.09.27 22:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.13 22:21:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.13 22:02:44 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.13 16:38:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\FUSSBALL MANAGER 11
[2011.05.13 15:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.05.12 19:45:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.05.12 16:24:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2011.05.12 16:23:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sony
[2011.05.12 16:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011.05.12 16:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011.05.12 16:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011.05.12 16:17:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Sony
[2011.05.12 15:17:47 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner (4)
[2011.05.12 11:18:41 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Hitman Blood Money Demo
[2011.05.08 22:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011.05.08 17:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Countdown Timer
[2011.05.08 17:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCountdownTimer
[2011.05.08 00:27:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.07 20:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2011.05.06 03:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.06 02:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
[2011.05.02 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Artzhelferin Marsula
[2011.05.01 20:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANSTOSS 3
[2011.05.01 07:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.05.01 07:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011.05.01 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.04.30 20:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.30 20:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.04.30 18:20:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.04.30 07:01:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.30 07:01:38 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.30 07:01:38 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.30 07:01:38 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.30 07:01:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.30 07:01:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.30 07:01:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.30 07:01:38 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.30 07:01:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.30 07:01:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.30 07:01:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.30 07:01:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.30 07:01:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.30 07:01:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.30 07:01:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.30 07:01:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.30 07:01:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.30 07:01:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.30 07:01:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.30 07:01:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.30 07:01:37 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.30 07:01:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.30 07:01:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.30 07:01:37 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.30 07:01:37 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.30 07:01:37 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.30 07:01:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.30 07:01:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.30 07:01:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.30 07:01:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.30 07:01:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.30 07:01:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.30 07:01:37 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.30 07:01:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.30 07:01:37 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.30 07:01:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.30 07:01:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.30 07:01:37 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.30 07:01:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.29 17:12:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\assembly
[2011.04.29 15:45:00 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\*****\AppData\Roaming\AcroIEHelpe.dll
[2011.04.27 16:25:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011.04.27 16:25:49 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011.04.27 16:25:49 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011.04.27 16:25:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011.04.27 16:25:45 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.27 16:25:43 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.25 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ElevatedDiagnostics
[2011.04.24 04:07:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\DDMSettings
[2011.04.23 00:07:51 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Savegame
[2011.04.22 03:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.04.21 16:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.21 16:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.04.21 16:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.04.20 05:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\FEDORA2
[2011.04.20 03:50:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\vlc
[2011.04.18 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TileRacer
[2011.04.18 18:42:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2011.04.18 18:42:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tile Racer 0.7
[2011.04.18 18:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tile Racer 0.7
[2011.04.18 18:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\TileRacer
[2011.04.18 05:13:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\capcom
[2011.04.18 00:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.04.17 17:09:05 | 000,000,000 | ---D | C] -- C:\Users\*****\DoctorWeb
[2011.04.16 18:36:58 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011.04.16 04:00:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
[2011.04.16 04:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy
[1 C:\Users\*****\AppData\Roaming\*.tmp files -> C:\Users\*****\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.15 20:23:34 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\xpsq.sys
[2011.05.15 20:19:36 | 000,011,249 | ---- | M] () -- C:\Users\*****\Desktop\Unbenannt.png
[2011.05.15 19:23:01 | 000,013,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 19:23:01 | 000,013,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 19:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.15 19:15:31 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.15 12:58:47 | 000,000,012 | ---- | M] () -- C:\ProgramData\io.ini
[2011.05.15 12:58:47 | 000,000,000 | ---- | M] () -- C:\ProgramData\m9afv2nmhmk5.ini
[2011.05.15 12:58:42 | 000,000,000 | ---- | M] () -- C:\Users\*****\2gweorjqjutp92vjy9gake
[2011.05.14 21:04:56 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011.05.14 12:37:25 | 000,000,646 | ---- | M] () -- C:\Users\*****\Desktop\FUSSBALL MANAGER 11 - Verknüpfung.lnk
[2011.05.13 22:21:31 | 000,668,302 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.13 22:21:31 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.13 22:21:31 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.13 22:21:31 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.13 22:02:44 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.12 22:07:23 | 000,001,697 | ---- | M] () -- C:\WarRock.ini
[2011.05.12 20:55:37 | 000,394,626 | ---- | M] () -- C:\temp.raw
[2011.05.12 16:22:59 | 000,001,022 | ---- | M] () -- C:\Users\*****\Desktop\Vegas Pro 10.0.lnk
[2011.05.08 17:16:26 | 000,000,973 | ---- | M] () -- C:\Users\*****\Desktop\Free Countdown Timer.lnk
[2011.05.08 12:32:28 | 663,812,376 | ---- | M] () -- C:\Users\*****\Documents\clip0042.avi
[2011.05.06 02:23:09 | 000,137,544 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.06 02:23:00 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.05.06 02:21:13 | 000,138,056 | ---- | M] () -- C:\Users\*****\AppData\Roaming\PnkBstrK.sys
[2011.05.06 02:19:02 | 000,001,078 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011.05.06 02:19:02 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011.05.05 20:32:47 | 003,360,624 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2011.05.01 20:08:40 | 000,000,950 | ---- | M] () -- C:\Users\*****\Desktop\ANSTOSS 3 starten.lnk
[2011.05.01 07:57:45 | 001,275,314 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.04.30 22:23:54 | 000,032,812 | ---- | M] () -- C:\Users\*****\Desktop\Pokemon - Kristall-Edition (D).sav
[2011.04.30 22:23:54 | 000,002,641 | ---- | M] () -- C:\Users\*****\Desktop\vba.ini
[2011.04.30 21:26:48 | 000,131,072 | ---- | M] () -- C:\Users\*****\Desktop\Pokemon Feuerrot (D).sav
[2011.04.30 20:58:41 | 000,000,096 | ---- | M] () -- C:\Windows\wininit.ini
[2011.04.30 20:38:27 | 000,433,294 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.30 07:01:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.30 07:01:38 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.30 07:01:38 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.30 07:01:38 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.30 07:01:38 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.30 07:01:38 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.30 07:01:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.30 07:01:38 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.30 07:01:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.30 07:01:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.30 07:01:38 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.30 07:01:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.30 07:01:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.30 07:01:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.30 07:01:38 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.30 07:01:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.30 07:01:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.30 07:01:38 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.30 07:01:38 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.30 07:01:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.30 07:01:37 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.30 07:01:37 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.30 07:01:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.30 07:01:37 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.30 07:01:37 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.30 07:01:37 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.30 07:01:37 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.30 07:01:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.30 07:01:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.30 07:01:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.30 07:01:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.30 07:01:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.30 07:01:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.30 07:01:37 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.30 07:01:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.30 07:01:37 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.30 07:01:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.30 07:01:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.30 07:01:37 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.30 07:01:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.29 15:45:00 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\*****\AppData\Roaming\AcroIEHelpe.dll
[2011.04.28 05:15:11 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.28 01:09:15 | 000,032,768 | ---- | M] () -- C:\Users\*****\Desktop\Pokemon Rot (D).sav
[2011.04.18 00:51:42 | 000,001,316 | ---- | M] () -- C:\Users\*****\Desktop\Free YouTube to MP3 Converter.lnk
[1 C:\Users\*****\AppData\Roaming\*.tmp files -> C:\Users\*****\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.15 20:23:34 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xpsq.sys
[2011.05.15 20:19:35 | 000,011,249 | ---- | C] () -- C:\Users\*****\Desktop\Unbenannt.png
[2011.05.15 12:58:47 | 000,000,012 | ---- | C] () -- C:\ProgramData\io.ini
[2011.05.15 12:58:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\m9afv2nmhmk5.ini
[2011.05.15 12:58:42 | 000,000,000 | ---- | C] () -- C:\Users\*****\2gweorjqjutp92vjy9gake
[2011.05.14 21:04:56 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011.05.14 12:37:25 | 000,000,646 | ---- | C] () -- C:\Users\*****\Desktop\FUSSBALL MANAGER 11 - Verknüpfung.lnk
[2011.05.12 16:22:59 | 000,001,022 | ---- | C] () -- C:\Users\*****\Desktop\Vegas Pro 10.0.lnk
[2011.05.08 17:16:26 | 000,000,973 | ---- | C] () -- C:\Users\*****\Desktop\Free Countdown Timer.lnk
[2011.05.08 12:26:28 | 663,812,376 | ---- | C] () -- C:\Users\*****\Documents\clip0042.avi
[2011.05.06 02:16:57 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011.05.06 02:16:57 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011.05.01 20:08:40 | 000,000,950 | ---- | C] () -- C:\Users\*****\Desktop\ANSTOSS 3 starten.lnk
[2011.05.01 07:57:01 | 001,275,314 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.04.30 20:58:41 | 000,000,096 | ---- | C] () -- C:\Windows\wininit.ini
[2011.04.30 07:26:19 | 000,001,369 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.04.30 07:01:38 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.24 09:10:17 | 000,131,072 | ---- | C] () -- C:\Users\*****\Desktop\Pokemon Feuerrot (D).sav
[2011.04.24 07:54:16 | 016,777,216 | ---- | C] () -- C:\Users\*****\Desktop\Pokemon Feuerrot (D).gba
[2011.04.18 00:51:42 | 000,001,316 | ---- | C] () -- C:\Users\*****\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.16 09:46:56 | 002,396,160 | ---- | C] () -- C:\Users\*****\Desktop\FlatOut2.exe
[2011.04.16 09:46:44 | 559,116,397 | ---- | C] () -- C:\Users\*****\Desktop\demo.bfs
[2011.04.16 00:51:59 | 000,032,812 | ---- | C] () -- C:\Users\*****\Desktop\Pokemon - Kristall-Edition (D).sav
[2011.04.12 20:41:31 | 000,007,680 | -HS- | C] () -- C:\ProgramData\tiff208img.obj
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.31 00:27:56 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2011.03.19 23:24:26 | 000,000,080 | ---- | C] () -- C:\Users\*****\AppData\Local\X-Plane Installer.prf
[2011.02.24 18:21:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.17 15:48:15 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.02.09 13:03:04 | 000,000,239 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.02.07 02:34:41 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2011.01.31 18:20:21 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.22 02:35:05 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.22 02:35:04 | 000,138,056 | ---- | C] () -- C:\Users\*****\AppData\Roaming\PnkBstrK.sys
[2011.01.22 02:34:44 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.22 02:34:26 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.01.22 02:34:26 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.08 09:13:48 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.01.04 21:41:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 10:47:43 | 000,668,302 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,134,150 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,619,894 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,110,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.09 17:23:13 | 000,047,840 | RHS- | C] () -- C:\Users\*****\AppData\Roaming\appconf32.exe
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2011.04.08 17:19:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2011.01.08 09:13:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Atari
[2011.02.02 19:38:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Command and Conquer 4
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Digitanks
[2011.01.03 06:12:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.01 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2011.02.05 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FOG Downloader
[2011.05.07 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo
[2011.04.14 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2011.04.12 14:49:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2011.04.12 14:17:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2011.04.06 05:36:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Petroglyph
[2011.05.09 18:25:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProtectDisc
[2011.05.12 16:24:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2011.05.13 22:20:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2011.05.12 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2011.04.14 07:00:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\temp
[2011.02.07 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thies Gerken
[2011.04.18 18:46:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TileRacer
[2011.02.15 08:18:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP
[2011.05.11 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2011.01.15 03:31:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2011.04.14 05:56:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Uniblue
[2011.04.14 21:41:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Edit: Aus dem error grund konnte ich auch leider kein Bild reinstellen

cosinus 16.05.2011 12:20
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Carbonas 16.05.2011 12:38
Nein aber das mit dem Error hat sich erledigt und brauch daher nicht mehr beachtet werden :)

cosinus 16.05.2011 14:36
So? Und was hast du gemacht? :pfeiff:

Carbonas 16.05.2011 14:45
Als mir das zu viel wurde, habe ich denn PC neugestartet seitdem kam es nicht mehr... bräuchte aber trotzdem eine auswertung weil mein pc vor viren wimmelt :)

cosinus 16.05.2011 14:58
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.27 22:11:56 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 22:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 22:11:56 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2010.09.27 22:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.)
[2011.05.12 19:45:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.05.15 20:23:34 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\xpsq.sys
[2011.05.15 12:58:47 | 000,000,000 | ---- | M] () -- C:\ProgramData\m9afv2nmhmk5.ini
[2011.05.15 12:58:42 | 000,000,000 | ---- | M] () -- C:\Users\*****\2gweorjqjutp92vjy9gake
[2011.04.12 20:41:31 | 000,007,680 | -HS- | C] () -- C:\ProgramData\tiff208img.obj
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19