Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Überprüfung nach Combo Fix Suchlauf (https://www.trojaner-board.de/99427-uberpruefung-combo-fix-suchlauf.html)

BRAUSCHDU 22.05.2011 17:24
Überprüfung nach Combo Fix Suchlauf
 
Schönen Bonjorno,

wünsche ich als Erstes mal und entschuldige mich vorab für die Fehler, die ich hier im Board noch machen werde.

Zum Thema: Mein PC hatte heute den Streik angetreten. Er teilte mir mit, dass Windows keinen Speicherplatz mehr auf der Festplatte finden würde und wollte dann auch sofort ein Programm ausführen welches die "fehlerhafte Sektoren" auf meiner Festplatte wieder "heilt". Dieser "Schaden" muss schon sehr extrem gewesen sein, denn das "Recovery" Programm wollte sich einfach nicht mehr von meinem Bildschirm verabschieden.
Nachdem ich im Board informationen gesucht habe, habe ich mich dazu entschlossen das ComboFix Programm zu nutzen.
Nun ist auf den ersten Blick der Schaden soweit behoben, gemäß den Anweisungen würde ich jedoch gerne die Log Dateien überprüfen lassen.

Die Dateien habe ich angehängt.

Für euere Bemühungen bedanke ich mich bereits im Voraus

cosinus 23.05.2011 12:51
Zitat:
habe ich mich dazu entschlossen das ComboFix Programm zu nutzen.
Sollst du erst auf Anweisung hin ausführen. Hinweis (unten) dazu überlesen? Wenn du es schon ausführst, wo ist das Log dazu?

http://www.trojaner-board.de/images/icons/icon4.gif Hinweis zu http://www.trojaner-board.de/95175-combofix.html http://www.trojaner-board.de/images/icons/icon4.gif
Zitat:

Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

BRAUSCHDU 23.05.2011 13:06
Ja, das mit dem "Erst nach Anweisung" hatte ich auch erst im Nachhinein gelesen. War mir dann auch aufgefallen.
Die Dateien hatte ich als Anhang beigefügt aber hat wohl nicht funktioniert. Aller Anfang ist halt schwer. Sorry Hab die Dateien nun hier eingefügt.OTL Logfile:
Code:
OTL logfile created on: 22.05.2011 17:08:20 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 38,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,92 Gb Total Space | 327,76 Gb Free Space | 71,89% Space Free | Partition Type: NTFS
 
Computer Name: ****** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Programme\maxdome\DCBin\DCTrayApp.exe ()
PRC - C:\Programme\maxdome\DCBin\DCService.exe (Entriq, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Prosieben) -- C:\Program Files\maxdome\DCBin\DCService.exe (Entriq, Inc.)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SE1008mdm) -- C:\Windows\System32\drivers\SE1008mdm.sys (Sony Ericsson)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (hcw47000) -- C:\Windows\System32\drivers\hcw47xxx.sys (Hauppauge Computer Works, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MTsensor) -- C:\Windows\system32\drivers\asacpi.sys ()
DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
DRV - (ElgTaDrv) -- C:\Windows\System32\drivers\ElgTaDrv.sys (elmeg Kommunikationstechnik)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://tvh-aktuell.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://************** /"
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.21 11:02:55 | 000,000,000 | ---D | M]
 
[2011.05.21 11:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.05.21 11:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2009.07.15 20:02:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.22 16:38:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.22 17:07:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.05.22 16:58:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.05.22 16:58:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.22 16:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.22 16:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.22 16:58:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.22 16:58:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.22 16:54:37 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.05.22 16:54:33 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.05.22 16:54:33 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.05.22 16:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.05.22 16:54:04 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011
[2011.05.22 16:53:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.05.22 16:41:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.22 16:41:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\temp
[2011.05.22 16:39:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.22 16:30:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.22 16:30:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.22 16:30:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.22 16:30:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.22 16:30:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.22 16:28:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.22 16:28:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.22 16:19:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Reviversoft
[2011.05.22 16:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2011.05.22 16:18:42 | 000,016,704 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011.05.22 16:18:42 | 000,000,000 | ---D | C] -- C:\Programme\Reviversoft
[2011.05.21 11:03:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Mozilla
[2011.05.21 11:03:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Mozilla
[2011.05.21 11:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.05.19 16:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011.05.19 11:10:33 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\OneNote-Notizbücher
[2011.05.16 18:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.05.16 18:52:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.05.16 18:52:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.05.16 18:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.05.14 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\2011_05_14
[2011.04.28 12:52:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.28 12:52:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.28 12:52:35 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.22 17:07:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.05.22 17:04:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\waiim.sys
[2011.05.22 16:58:42 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.22 16:54:32 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.05.22 16:54:32 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.05.22 16:38:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.22 16:11:49 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 16:11:41 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 16:11:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.22 16:08:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.22 14:10:10 | 000,000,144 | ---- | M] () -- C:\ProgramData\~39182072r
[2011.05.22 14:10:10 | 000,000,120 | ---- | M] () -- C:\ProgramData\~39182072
[2011.05.22 14:10:09 | 000,000,344 | ---- | M] () -- C:\ProgramData\39182072
[2011.05.22 12:41:32 | 000,033,379 | ---- | M] () -- C:\Users\****\Desktop\rechnung - 001163.pdf
[2011.05.17 14:51:06 | 000,016,704 | ---- | M] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011.05.16 19:04:03 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.16 19:04:02 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.16 19:04:02 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.16 19:04:02 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.05.22 17:04:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\waiim.sys
[2011.05.22 16:58:42 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.22 16:54:32 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.05.22 16:54:32 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.05.22 16:54:29 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.05.22 16:30:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.22 16:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.22 16:30:21 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.22 16:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.22 16:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.22 14:10:10 | 000,000,144 | ---- | C] () -- C:\ProgramData\~39182072r
[2011.05.22 14:10:10 | 000,000,120 | ---- | C] () -- C:\ProgramData\~39182072
[2011.05.22 14:10:09 | 000,000,344 | ---- | C] () -- C:\ProgramData\39182072
[2011.05.22 12:41:31 | 000,033,379 | ---- | C] () -- C:\Users\****\Desktop\rechnung - 001163.pdf
[2011.05.21 11:02:56 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010.03.06 10:25:26 | 000,004,096 | ---- | C] () -- C:\Users\****\AppData\Local\keyfile3.drm
[2010.02.24 17:44:43 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.24 17:38:02 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.05 16:33:26 | 000,027,503 | ---- | C] () -- C:\Users\****\AppData\Roaming\UserTile.png
[2009.11.13 14:25:55 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2009.11.13 14:25:55 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2009.11.13 14:25:54 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.11.05 14:32:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.03 12:33:59 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini
[2009.08.27 13:46:26 | 000,000,000 | ---- | C] () -- C:\Windows\distlib.ini
[2009.08.05 16:37:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.15 20:25:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.15 20:25:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.29 19:02:35 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2009.06.29 19:02:00 | 000,003,121 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.06.24 17:20:58 | 000,064,512 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.09 20:45:26 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.08 20:18:42 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2009.06.08 20:17:40 | 000,032,987 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.06.08 20:17:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009.06.08 20:16:24 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.06.08 20:16:24 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.08 19:58:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.11.07 11:18:49 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2006.11.02 17:33:31 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,127,064 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,372,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL logfile created on: 22.05.2011 17:08:20 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 38,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,92 Gb Total Space | 327,76 Gb Free Space | 71,89% Space Free | Partition Type: NTFS
 
Computer Name: ****** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Programme\maxdome\DCBin\DCTrayApp.exe ()
PRC - C:\Programme\maxdome\DCBin\DCService.exe (Entriq, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Prosieben) -- C:\Program Files\maxdome\DCBin\DCService.exe (Entriq, Inc.)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SE1008mdm) -- C:\Windows\System32\drivers\SE1008mdm.sys (Sony Ericsson)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (hcw47000) -- C:\Windows\System32\drivers\hcw47xxx.sys (Hauppauge Computer Works, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MTsensor) -- C:\Windows\system32\drivers\asacpi.sys ()
DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
DRV - (ElgTaDrv) -- C:\Windows\System32\drivers\ElgTaDrv.sys (elmeg Kommunikationstechnik)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://tvh-aktuell.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://************** /"
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.21 11:02:55 | 000,000,000 | ---D | M]
 
[2011.05.21 11:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.05.21 11:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2009.07.15 20:02:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.22 16:38:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.22 17:07:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.05.22 16:58:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.05.22 16:58:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.22 16:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.22 16:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.22 16:58:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.22 16:58:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.22 16:54:37 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.05.22 16:54:33 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.05.22 16:54:33 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.05.22 16:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.05.22 16:54:04 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011
[2011.05.22 16:53:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.05.22 16:41:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.22 16:41:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\temp
[2011.05.22 16:39:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.22 16:30:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.22 16:30:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.22 16:30:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.22 16:30:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.22 16:30:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.22 16:28:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.22 16:28:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.22 16:19:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Reviversoft
[2011.05.22 16:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2011.05.22 16:18:42 | 000,016,704 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011.05.22 16:18:42 | 000,000,000 | ---D | C] -- C:\Programme\Reviversoft
[2011.05.21 11:03:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Mozilla
[2011.05.21 11:03:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Mozilla
[2011.05.21 11:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.05.19 16:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011.05.19 11:10:33 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\OneNote-Notizbücher
[2011.05.16 18:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.05.16 18:52:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.05.16 18:52:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.05.16 18:49:33 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.05.14 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\2011_05_14
[2011.04.28 12:52:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.28 12:52:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.28 12:52:35 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.22 17:07:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.05.22 17:04:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\waiim.sys
[2011.05.22 16:58:42 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.22 16:54:32 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.05.22 16:54:32 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.05.22 16:38:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.22 16:11:49 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 16:11:41 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 16:11:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.22 16:08:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.22 14:10:10 | 000,000,144 | ---- | M] () -- C:\ProgramData\~39182072r
[2011.05.22 14:10:10 | 000,000,120 | ---- | M] () -- C:\ProgramData\~39182072
[2011.05.22 14:10:09 | 000,000,344 | ---- | M] () -- C:\ProgramData\39182072
[2011.05.22 12:41:32 | 000,033,379 | ---- | M] () -- C:\Users\****\Desktop\rechnung - 001163.pdf
[2011.05.17 14:51:06 | 000,016,704 | ---- | M] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011.05.16 19:04:03 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.16 19:04:02 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.16 19:04:02 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.16 19:04:02 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.05.22 17:04:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\waiim.sys
[2011.05.22 16:58:42 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.22 16:54:32 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.05.22 16:54:32 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.05.22 16:54:29 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.05.22 16:30:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.22 16:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.22 16:30:21 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.22 16:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.22 16:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.22 14:10:10 | 000,000,144 | ---- | C] () -- C:\ProgramData\~39182072r
[2011.05.22 14:10:10 | 000,000,120 | ---- | C] () -- C:\ProgramData\~39182072
[2011.05.22 14:10:09 | 000,000,344 | ---- | C] () -- C:\ProgramData\39182072
[2011.05.22 12:41:31 | 000,033,379 | ---- | C] () -- C:\Users\****\Desktop\rechnung - 001163.pdf
[2011.05.21 11:02:56 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010.03.06 10:25:26 | 000,004,096 | ---- | C] () -- C:\Users\****\AppData\Local\keyfile3.drm
[2010.02.24 17:44:43 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.24 17:38:02 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.05 16:33:26 | 000,027,503 | ---- | C] () -- C:\Users\****\AppData\Roaming\UserTile.png
[2009.11.13 14:25:55 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2009.11.13 14:25:55 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2009.11.13 14:25:54 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.11.05 14:32:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.03 12:33:59 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini
[2009.08.27 13:46:26 | 000,000,000 | ---- | C] () -- C:\Windows\distlib.ini
[2009.08.05 16:37:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.15 20:25:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.15 20:25:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.29 19:02:35 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2009.06.29 19:02:00 | 000,003,121 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.06.24 17:20:58 | 000,064,512 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.09 20:45:26 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.08 20:18:42 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2009.06.08 20:17:40 | 000,032,987 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.06.08 20:17:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009.06.08 20:16:24 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.06.08 20:16:24 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.08 19:58:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.11.07 11:18:49 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2006.11.02 17:33:31 | 000,632,014 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,127,064 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,372,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
--- --- ---

cosinus 23.05.2011 13:07
Die OTL-Logs hab ich gesehen, die waren auch im Anhang. Was ich meinte ist das Log von combofix!

BRAUSCHDU 23.05.2011 16:41
Hoffe dies ist die Richtige. Vielen Dank für deine Bemühungen und deine Zeit

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6640

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

22.05.2011 17:03:45
mbam-log-2011-05-22 (17-03-45).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156885
Laufzeit: 2 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\****\AppData\Roaming\abpzlw.dat (Malware.Trace) -> Quarantined and deleted successfully.

cosinus 23.05.2011 19:21
Jetzt hast du MBAM mit CF verwechselt...


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19