Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ist System Tool vom PC entfernt? (https://www.trojaner-board.de/96000-system-tool-pc-entfernt.html)

Nik1 24.02.2011 19:31
Ist System Tool vom PC entfernt?
 
Hallo

Ich bin ein Computerlaie, deshalb weiß ich nicht weiter.

Also, gestern erschien bei mir ein Pop-Up, dass der PC infiziert ist. Aus "Verstandsverlust" hab ich den Stecker gezogen, habe den PC nach einigen Minuten eingeschaltet: Da war dann der blaue Hintergrund mit der Warnung, mit der "Anti"-Viren-Programm System-Tool, der mir angebliche 38 Trojaner, Viren, etc. fand. Löschen konnte ich diese 38 Plagegeister natürlich nicht, ohne die Vollversion zu zahlen. Bin zwar nicht reingefallen, außerdem habe ich keine Kreditkarte. Aus Verstandsverlust, würde ich mal sagen, wechselte ich den Benutzer, zum Benutzer mit den Administrator-Rechten. Hab den CCleaner (!) benutzt. Habe dann Norton installiert, einen Scan gemacht, der mir aber nichts fand. Trotzdem, war der Hintergrund, die Pop-Ups und die Fake-Software waren weg. Ich ging dann nach dieser Anleitung vor: http://www.trojaner-board.de/92246-s...entfernen.html
Habe HiJackThis installiert, konnte aber keinen Log bekommen, weil beim Rechtsklick kein Punkt "als Administrator ausführen" da war. In den Eigenschaften war der Punkt dafür gesperrt. Malwarebytes fand mir nach einigen Scans, den Registrierungsschlüssel, welcher dann entfernt wurde. Weitere Scans mit Malwarebytes, (Norton) und OTL fanden dann nichts, auch wenn Norton und das Internet ausgeschaltet wurde.

Weiß jemand wie ich weiter vorgehen soll, oder bleibt mir nur eine Neuinstallation von Vista übrig. Ist System Toll noch am PC?

Lg.

cosinus 24.02.2011 21:22
http://www.trojaner-board.de/images/icons/icon4.gif Bitte beachten http://www.trojaner-board.de/images/icons/icon4.gif => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

Nik1 24.02.2011 21:30

1: Ich habe keine HiJackThis Logfiles gepostet?

Nun ja, ich verstehe nicht ganz. :wtf:

lg.

cosinus 25.02.2011 09:17
Zitat:
Nun ja, ich verstehe nicht ganz.
Ist schon klar, wenn man nichts komplett liest, versteht man auch nichts... :balla:
Mal als Hinweis, da war auch noch ein zweiter Link neben dem, dass man keine HJT-Logs posten soll. :pfeiff:

Nik1 25.02.2011 11:02
Wo habe ich bitte ein HJT-Log gepostet?

Kann mir es jemand beantworten, was ich falsch gemacht habe, ohne auf die Regeln zu verweisen.

cosinus 25.02.2011 11:48
Dass du keine HJT-Logs posten sollst ist ein erster Hinweis, auch wenn du es nicht tatsächlich getan hast. Den zweiten Link bitte vollständig lesen. Es ist absoluter dummfug dir noch mal alles hier zu erklären wenn alles wichtige im verlinkten Artikel steht.

Nik1 25.02.2011 16:32
Regel 1: Trifft möglicherweise zu
Regel 2: /
Regel 3: Kann ich nicht mehr ändern
Regel 4: Ich kann Hochdeutsch, nur die Grammatik.
Regel 5: Sind etwas mehr als ein paar Sätze, außerdem habe ich keine Funde zu vermelden
Regel 6: Außer bei den Regeln, bin ich leider nicht schlauer.
Regel 7: /

Danke für die Regeln.

Kann mir jetzt bitte vll. mit dem Problem helfen, oder mir sagen ob ich irgendwas erreicht habe. Ich weiß zwar, dass immer ein Restrisiko bleibt, aber trotzdem ...

Wie gesagt, ich könnte nicht mal HJT Logs reinstellen, weil die Admin-Rechte nicht verfügbar sind.

lg.

cosinus 26.02.2011 00:18
Sry wenn du zu doof zum Runterscrollen bistm ja dann :balla: :stirn:

Edit: Das Posting KÖNNTE als Provokation aufgefasst werden, also halt mal den Ball flach, ich möchte nur wissen, ob es zuviel verlangt ist, wenn man sich ein paar Sachen durchlesen muss, bevor man kostenlose Hilfe bekommt :pfeiff:

Das ist der Abschnitt => http://saved.im/mtyzmjm5bnvw/2.png

Sollte einem zu denken geben denn Abschnitt http://saved.im/mtyzmjm4btzn/1.png wäre allein zur Kennzeichnung völlig überflüssig wenn es der einzige wäre :stirn: :lach:

Nik1 26.02.2011 09:38
Der Beitrag war keine Provokation, obwohl ich bis zu dem Beitrag über mir gedacht, ihr nehmt mich auf die Schippe.

Also, Abschnitt 2:
Da auch Malewarebytes vorhanden ist, habe ich es auch genommen.
Ich habe aber kein 7Zip mehr, es bereitete mehr Schwierigkeiten als Nutzen.
Deshalb stelle ich es in den Beitrag.

PHP-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5857

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

26.02.2011 09:33:05
mbam-log-2011-02-26 (09-33-05).txt

Scan type: Quick scan
Objects scanned: 130299
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected) 
Sollte ich einen Vollscan machen?

cosinus 26.02.2011 19:57
Wieso postest du das jetzt in PHP-Tags? Steht das so in der Anleitung? :lach:
Ja mach bitte einen Vollscan und poste das Log. Falls du mehrere Logs hast, poste alle auch die ohne Funde.

Nik1 26.02.2011 23:07
Nein, die PHP-Tags standen nicht wirklich in der Anleitung. :lach:

Der Vollscan von MWB:
HTML-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5857

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

26.02.2011 22:40:06
mbam-log-2011-02-26 (22-40-06).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 307176
Time elapsed: 59 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cosinus 27.02.2011 19:12
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

Nik1 27.02.2011 22:10
Also, hier sind alle weiteren von Malewarebyte gespeicherte Logs:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5857

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

24.02.2011 16:08:11
mbam-log-2011-02-24 (16-08-11).txt

Scan type: Quick scan
Objects scanned: 129864
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5857

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

24.02.2011 16:29:14
mbam-log-2011-02-24 (16-29-14).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 87297
Time elapsed: 20 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5857

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

24.02.2011 16:34:10
mbam-log-2011-02-24 (16-34-10).txt

Scan type: Quick scan
Objects scanned: 129944
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5857

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

24.02.2011 16:39:45
mbam-log-2011-02-24 (16-39-45).txt

Scan type: Quick scan
Objects scanned: 129979
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5857

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

24.02.2011 19:54:20
mbam-log-2011-02-24 (19-54-20).txt

Scan type: Quick scan
Objects scanned: 130206
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cosinus 27.02.2011 22:20
Ok. Ganz aktuell waren die Signaturen zwar nicht nicht, aber ok...
Was ist mit den anderen Logs?

Nik1 28.02.2011 16:28
Das sind alle Logs die ich von MWB habe. Von HJT konnte ich keine Logs machen, außerdem darf ich sie nicht posten wie du schon mehrmals erwähnt hast.

cosinus 28.02.2011 20:11
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Nik1 28.02.2011 21:39
Hier sind die beiden Logs:
Code:
OTL logfile created on: 28.02.2011 21:34:55 - Run 1
OTL by OldTimer - Version 3.2.22.2    Folder = C:\Users\NIKITA\Desktop\Pictures
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,74 Gb Total Space | 0,16 Gb Free Space | 0,27% Space Free | Partition Type: NTFS
Drive E: | 401,12 Gb Total Space | 329,39 Gb Free Space | 82,12% Space Free | Partition Type: NTFS
 
Computer Name: BELARUS-PC | User Name: Belarus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\NIKITA\Desktop\Pictures\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\NIKITA\Desktop\Pictures\OTL.exe (OldTimer Tools)
MOD - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation)
MOD - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (NIS) -- E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110225.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101201.025\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101201.025\naveng.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                          )
DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (ViPrt) -- C:\Windows\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- C:\Windows\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.02.23 19:48:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.02.23 19:47:34 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl]  File not found
O4 - HKLM..\Run: [Skytel]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Belarus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Deployer hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Belarus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Belarus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.23 23:11:33 | 000,000,000 | ---D | C] -- C:\Users\Belarus\AppData\Roaming\Malwarebytes
[2011.02.23 23:11:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.23 23:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.23 23:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.23 23:11:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.23 23:11:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.23 22:11:34 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011.02.23 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.02.23 20:27:56 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.02.23 20:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.02.23 19:49:16 | 000,000,000 | ---D | C] -- C:\Users\Belarus\Documents\Symantec
[2011.02.23 19:48:19 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.02.23 19:48:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2011.02.23 19:48:19 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2011.02.23 19:48:16 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symefa.sys
[2011.02.23 19:48:16 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symds.sys
[2011.02.23 19:48:16 | 000,330,360 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symtdiv.sys
[2011.02.23 19:48:16 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\symnets.sys
[2011.02.23 19:48:16 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011.02.23 19:48:15 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011.02.23 19:48:15 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1205000.07D\ironx86.sys
[2011.02.23 19:47:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1205000.07D
[2011.02.23 19:47:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011.02.23 19:47:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011.02.23 19:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.02.23 19:39:49 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2011.02.23 19:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.02.23 19:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\bJjOeJb05606
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.28 21:12:40 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.02.28 21:10:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.28 21:10:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.28 21:10:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.23 23:11:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.23 20:28:15 | 000,001,057 | ---- | M] () -- C:\Users\Belarus\Desktop\Spybot - Search & Destroy.lnk
[2011.02.23 19:48:50 | 001,979,708 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011.02.23 19:48:19 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.02.23 19:48:19 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.02.23 19:48:19 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.02.23 19:48:18 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.01.30 19:55:13 | 000,115,224 | ---- | M] () -- C:\img2-001.raw
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.23 23:11:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.23 20:28:15 | 000,001,057 | ---- | C] () -- C:\Users\Belarus\Desktop\Spybot - Search & Destroy.lnk
[2011.02.23 19:48:20 | 001,979,708 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011.02.23 19:48:19 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.02.23 19:48:19 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.02.23 19:48:18 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.02.23 19:48:16 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symnetv.cat
[2011.02.23 19:48:16 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symnet.cat
[2011.02.23 19:48:16 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symefa.cat
[2011.02.23 19:48:16 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011.02.23 19:48:16 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symds.cat
[2011.02.23 19:48:16 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symefa.inf
[2011.02.23 19:48:16 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symds.inf
[2011.02.23 19:48:16 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symnetv.inf
[2011.02.23 19:48:16 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\symnet.inf
[2011.02.23 19:48:16 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011.02.23 19:48:15 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\iron.cat
[2011.02.23 19:48:15 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011.02.23 19:48:15 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011.02.23 19:48:15 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\iron.inf
[2011.02.23 19:48:15 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1205000.07D\isolate.ini
[2011.02.21 20:01:09 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010.05.24 16:58:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\Grand Piano
[2009.05.29 13:14:37 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009.05.29 13:14:37 | 000,000,000 | ---- | C] () -- C:\Users\Belarus\AppData\Roaming\Helper Scripts
[2009.05.29 13:12:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Home
[2009.05.29 13:12:49 | 000,000,268 | RH-- | C] () -- C:\Users\Belarus\AppData\Roaming\Halftone
[2009.05.29 13:12:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009.05.29 13:12:49 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Morph
[2008.08.21 14:15:15 | 000,000,680 | ---- | C] () -- C:\Users\Belarus\AppData\Local\d3d9caps.dat
[2008.03.11 19:40:55 | 000,000,095 | ---- | C] () -- C:\Users\Belarus\AppData\Local\fusioncache.dat
[2008.03.08 21:11:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.12.06 21:32:49 | 000,015,872 | ---- | C] () -- C:\Users\Belarus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.07 22:43:12 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.08.07 22:42:54 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2006.11.02 16:33:31 | 000,651,436 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,121,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,419,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,618,578 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,722 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2005.12.22 20:05:46 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
 
========== LOP Check ==========
 
[2010.07.08 19:42:56 | 000,000,000 | ---D | M] -- C:\Users\Belarus\AppData\Roaming\Canon
[2010.08.31 17:45:38 | 000,000,000 | ---D | M] -- C:\Users\Belarus\AppData\Roaming\gtk-2.0
[2010.11.12 21:14:55 | 000,000,000 | ---D | M] -- C:\Users\Belarus\AppData\Roaming\Samsung
[2010.12.15 19:16:08 | 000,000,000 | ---D | M] -- C:\Users\Belarus\AppData\Roaming\TeamViewer
[2009.12.25 18:18:23 | 000,000,000 | ---D | M] -- C:\Users\Belarus\AppData\Roaming\XnView
[2011.02.28 17:57:35 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8C35AEA7

< End of report >
Code:
OTL Extras logfile created on: 28.02.2011 21:34:55 - Run 1
OTL by OldTimer - Version 3.2.22.2    Folder = C:\Users\NIKITA\Desktop\Pictures
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,74 Gb Total Space | 0,16 Gb Free Space | 0,27% Space Free | Partition Type: NTFS
Drive E: | 401,12 Gb Total Space | 329,39 Gb Free Space | 82,12% Space Free | Partition Type: NTFS
 
Computer Name: BELARUS-PC | User Name: Belarus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DB5183-EFCA-4FDE-A3D0-608ABE137B59}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{23F1B579-D6DE-4537-A313-CC86CEF6429F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E6B332B-6657-41A7-BA33-FE5D35D59D4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{47047835-BB1B-4C35-94C4-5789B4B39E71}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C40D868-5289-485E-87D6-879C06B3DF79}" = rport=138 | protocol=17 | dir=out | app=system |
"{A78EA60B-9F8F-4611-8DF1-1ED54130C93C}" = lport=137 | protocol=17 | dir=in | app=system |
"{BDC64747-C341-4346-903D-0CDB66A533F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{CC482D6F-19D9-4EAD-BFAD-C82997CF5065}" = rport=137 | protocol=17 | dir=out | app=system |
"{D22CE520-88F6-4E7D-B4F1-C3DA6BE76829}" = rport=445 | protocol=6 | dir=out | app=system |
"{F08E05C1-C90C-42B6-A992-20E6331A1B29}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD3CAB81-0892-410C-844B-287763860E4E}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1907AE7E-48AE-4953-A38D-3D91A7D9AE63}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{3BF08B42-B98E-4D03-8F44-9AAB5A25089A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3E3CED88-6FF4-47C2-9F51-0785B0A4F024}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{59D955F3-6937-4D4E-BB33-BEA0D790C344}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5DD493A5-649D-4630-BBAF-52CD44D7E2DF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F4C8CC4-A24C-422C-822F-BDAA85F1EE5E}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{68A800C6-6314-4A10-969A-14310A351DB8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7960ACB7-10B2-4154-A42D-5F02B45D9384}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{9885FE6B-14BF-4D83-AD90-385161777DB3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9EB7B52F-3615-4473-AD01-17D732419777}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{A111A749-A47C-4E48-96A0-09F21BBB4E51}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{BFBFB4ED-4034-4063-B526-F3F29C189E8F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{DC9590BB-483C-4FDC-B9F4-3D61463A8118}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"TCP Query User{0CE0CEF1-CA6A-4E67-A917-C1C9A491B410}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{0E590F91-F097-4AD9-8BB3-40BA325CE684}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{13072A95-A468-40CF-B8A5-955590D6F409}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2B0FE134-2CC6-455C-AE9E-90212B814784}C:\program files\microsoft lifecam\lifecam.exe" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"TCP Query User{2DB49884-7030-4BF5-9B31-9E7FAD57E188}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5B95D0D0-1894-4AAE-8B19-DE61E8F79077}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{675062BE-0362-4D3B-8241-55A69F30BA61}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{67AE6F54-EEB9-42E7-BE25-C532DFCCE840}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"TCP Query User{7C010ECF-BCE6-47DC-BB00-383356333B21}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{9D4EEDFD-C2C4-446E-9528-57FE4BF12FD6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{B21C67DF-3FC7-4040-8611-9D40D8D5F2BA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F56E927A-21F9-482F-B2F7-7EDCC7DE9DAB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{137108DB-C90B-4F36-891F-08652749B692}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"UDP Query User{15E6DBFA-7E6E-4474-A65F-7B9D42B02C74}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{32ECA7F8-0FD8-4EA0-B89D-C75B16D6BE17}C:\program files\microsoft lifecam\lifecam.exe" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"UDP Query User{3897D80C-9B6E-45B3-8AB0-6F0857A024A6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4556EE65-4A11-4992-98A9-42E0BFDE7840}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4F17714B-BA3C-4B94-BCF4-F2E1AEDA12F5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{614C1977-5BF2-4693-8307-F6ED367D8A41}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{85F22598-E261-4F1D-B2DE-3F93E6691E31}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{9C877DE8-7AE5-44C6-BBDB-C9F2C09F1F5E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{D10755A4-46A5-4150-B8C7-1003BD1429A9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{DF346C27-63F6-4493-B322-752306142882}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{F4393B10-71AB-4863-AD14-B74830AEA70D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{43B0D334-9A1B-4257-9E51-D3813BD8B9D0}" = GoGear ARIA Device Manager
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Foto 2006 Standard Edition Editor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{78DB08B0-F440-4BA6-9372-F2C6CC9721B7}" = Microsoft LifeCam
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Google Updater" = Google Updater
"InterActual Player" = InterActual Player
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MyCameraDC" = Canon Utilities MyCamera DC
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PictureItPrem_v12" = Microsoft Foto 2006 Standard Edition
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TeamViewer 6" = TeamViewer 6
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"XnView_is1" = XnView 1.96
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.02.2011 12:18:41 | Computer Name = Belarus-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 27.02.2011 12:18:41 | Computer Name = Belarus-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 27.02.2011 12:18:42 | Computer Name = Belarus-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 27.02.2011 12:18:42 | Computer Name = Belarus-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 27.02.2011 12:18:42 | Computer Name = Belarus-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 27.02.2011 15:33:37 | Computer Name = Belarus-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16771 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 790  Anfangszeit: 01cbd6b529d15ac3  Zeitpunkt
 der Beendigung: 33
 
Error - 28.02.2011 11:23:48 | Computer Name = Belarus-PC | Source = profsvc | ID = 1502
Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche
Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigter lokales
 Profil.      Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem
 anderen Prozess verwendet wird.
 
Error - 28.02.2011 11:23:49 | Computer Name = Belarus-PC | Source = profsvc | ID = 1502
Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche
Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigter lokales
 Profil.      Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem
 anderen Prozess verwendet wird.
 
Error - 28.02.2011 12:13:22 | Computer Name = Belarus-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 28.02.2011 16:33:58 | Computer Name = Belarus-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.22.2 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1460  Anfangszeit: 01cbd786877dfed0  Zeitpunkt der Beendigung:
 0
 
[ OSession Events ]
Error - 20.08.2009 18:15:39 | Computer Name = Belarus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.08.2009 07:21:55 | Computer Name = Belarus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.09.2009 14:06:49 | Computer Name = Belarus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.02.2011 16:59:01 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 12, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 28.02.2011 02:06:05 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 28.02.2011 02:06:05 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 28.02.2011 02:06:05 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 12, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 28.02.2011 11:12:55 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 28.02.2011 11:12:55 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 28.02.2011 11:12:55 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 12, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 28.02.2011 16:09:31 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 28.02.2011 16:09:31 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 28.02.2011 16:09:31 | Computer Name = Belarus-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 12, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >

cosinus 01.03.2011 10:56
Zitat:
E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
Wozu Norton IS und warum ist das in E:\Bilder Belarus installiert? :balla:
Am besten dieses Gedöns komplett deinstallieren und zu einem reinen Virenscanner wechseln. Verwende die Windows-Firewall.

Beende danach alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.02.23 19:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\bJjOeJb05606
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8C35AEA7
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Nik1 01.03.2011 14:23
Das mit dem E:/Bilder Belarus hat andere Gründe ...

Ich hab es gemacht und hier ist der Log.

Code:
All processes killed
========== OTL ==========
Folder C:\ProgramData\bJjOeJb05606\ not found.
ADS C:\ProgramData\TEMP:8C35AEA7 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Belarus
->Temp folder emptied: 21218847 bytes
->Temporary Internet Files folder emptied: 404175 bytes
->Java cache emptied: 63250815 bytes
->Flash cache emptied: 129927 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NIKITA
->Temp folder emptied: 5611608 bytes
->Temporary Internet Files folder emptied: 25954720 bytes
->Java cache emptied: 147439222 bytes
->Flash cache emptied: 328895 bytes
 
User: Public
 
User: TEMP
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1304462 bytes
RecycleBin emptied: 161938 bytes
 
Total Files Cleaned = 254,00 mb
 
 
OTL by OldTimer - Version 3.2.22.2 log created on 03012011_141635

Files\Folders moved on Reboot...
C:\Users\NIKITA\AppData\Local\Temp\AD6E.tmp moved successfully.

Registry entries deleted on Reboot...

cosinus 01.03.2011 15:26
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Nik1 01.03.2011 18:56
Hier ist der Log:
Code:
ComboFix 11-02-28.07 - Belarus 01.03.2011  18:42:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.43.1031.18.2047.1069 [GMT 1:00]
ausgeführt von:: c:\users\NIKITA\Desktop\Pictures\Cofi.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\arp.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-01 bis 2011-03-01  ))))))))))))))))))))))))))))))
.

2011-03-01 17:49 . 2011-03-01 17:49        --------        d-----w-        c:\users\Belarus\AppData\Local\temp
2011-03-01 13:16 . 2011-03-01 13:16        --------        d-----w-        C:\_OTL
2011-02-25 15:21 . 2011-02-11 06:54        5943120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{85762C4E-3373-4BAC-A8D8-68F5AC6A6D6E}\mpengine.dll
2011-02-24 15:01 . 2011-02-24 15:01        --------        d-----w-        c:\users\NIKITA\AppData\Roaming\Malwarebytes
2011-02-23 22:11 . 2011-02-23 22:11        --------        d-----w-        c:\users\Belarus\AppData\Roaming\Malwarebytes
2011-02-23 22:11 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-23 22:11 . 2011-02-23 22:11        --------        d-----w-        c:\programdata\Malwarebytes
2011-02-23 22:11 . 2011-02-23 22:11        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-02-23 22:11 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-02-23 21:11 . 2011-02-23 21:11        388096        ----a-r-        c:\users\NIKITA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-23 21:11 . 2011-02-23 21:11        --------        d-----w-        c:\program files\Trend Micro
2011-02-23 19:27 . 2011-02-27 15:19        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-02-23 19:27 . 2011-02-23 19:28        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-02-23 18:48 . 2011-02-23 18:50        --------        d-----w-        c:\program files\Common Files\Symantec Shared
2011-02-23 18:48 . 2011-02-23 18:48        126512        ----a-w-        c:\windows\system32\drivers\SYMEVENT.SYS
2011-02-23 18:48 . 2011-02-23 18:48        --------        d-----w-        c:\program files\Symantec
2011-02-23 18:47 . 2011-02-23 18:48        --------        d-----w-        c:\windows\system32\drivers\NIS
2011-02-23 18:40 . 2011-02-23 18:47        --------        d-----w-        c:\programdata\Norton
2011-02-23 18:39 . 2011-02-23 22:02        --------        d-----w-        c:\program files\NortonInstaller
2011-02-23 18:04 . 2011-02-23 18:52        --------        d-----w-        c:\programdata\bJjOeJb05606

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-02 16:51        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-12-02 03:35 . 2010-12-02 03:35        4280320        ----a-w-        c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-08 1232896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]

c:\users\Belarus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Philips GoGear ARIA Device Manager.lnk - c:\philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe [2010-1-1 1611152]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2006-11-02 22016]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-04-20 221696]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx86.sys [2011-02-25 800376]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110228.002\IDSvix86.sys [2011-02-21 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
S2 NIS;Norton Internet Security;e:\bilder belarus\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-13 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2011-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-08 11:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mail.ru/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-RtHDVCpl - RtHDVCpl.exe
HKLM-Run-Skytel - Skytel.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-01 18:49
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"e:\bilder belarus\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"e:\bilder belarus\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
Zeit der Fertigstellung: 2011-03-01  18:51:22
ComboFix-quarantined-files.txt  2011-03-01 17:51

Vor Suchlauf: 183.066.624 Bytes frei
Nach Suchlauf: 503.459.840 Bytes frei

- - End Of File - - 9DE49995D5D4951BC7196C074E0EB2FC

cosinus 01.03.2011 21:54
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Nik1 02.03.2011 19:29
Hier ist der Log von GMER.
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-02 19:20:29
Windows 6.0.6000  Harddisk0\DR0 -> \Device\00000092 SAMSUNG_ rev.CR10
Running: utzrfn4r.exe; Driver: C:\Users\Belarus\AppData\Local\Temp\ufdiyfow.sys


---- System - GMER 1.0.15 ----

SSDT            877A0A38                                                                                                                      ZwAlertResumeThread
SSDT            877A0B18                                                                                                                      ZwAlertThread
SSDT            877B1B28                                                                                                                      ZwAllocateVirtualMemory
SSDT            876BFFB0                                                                                                                      ZwAlpcConnectPort
SSDT            877B2CE8                                                                                                                      ZwAssignProcessToJobObject
SSDT            877A0788                                                                                                                      ZwCreateMutant
SSDT            877B2A08                                                                                                                      ZwCreateSymbolicLinkObject
SSDT            877B1F70                                                                                                                      ZwCreateThread
SSDT            877B2DC8                                                                                                                      ZwDebugActiveProcess
SSDT            877B1CB8                                                                                                                      ZwDuplicateObject
SSDT            877B1988                                                                                                                      ZwFreeVirtualMemory
SSDT            877A0878                                                                                                                      ZwImpersonateAnonymousToken
SSDT            877A0958                                                                                                                      ZwImpersonateThread
SSDT            876DB150                                                                                                                      ZwLoadDriver
SSDT            877B18A8                                                                                                                      ZwMapViewOfSection
SSDT            877A06A8                                                                                                                      ZwOpenEvent
SSDT            877B1E58                                                                                                                      ZwOpenProcess
SSDT            877B1BF8                                                                                                                      ZwOpenProcessToken
SSDT            877B2FD0                                                                                                                      ZwOpenSection
SSDT            877B1D88                                                                                                                      ZwOpenThread
SSDT            877B2BF8                                                                                                                      ZwProtectVirtualMemory
SSDT            877A0BF8                                                                                                                      ZwResumeThread
SSDT            877A0E78                                                                                                                      ZwSetContextThread
SSDT            877A0F38                                                                                                                      ZwSetInformationProcess
SSDT            877B2EA8                                                                                                                      ZwSetSystemInformation
SSDT            877A05C8                                                                                                                      ZwSuspendProcess
SSDT            877A0CD8                                                                                                                      ZwSuspendThread
SSDT            877B10E0                                                                                                                      ZwTerminateProcess
SSDT            877A0DB8                                                                                                                      ZwTerminateThread
SSDT            877B17E8                                                                                                                      ZwUnmapViewOfSection
SSDT            877B1A58                                                                                                                      ZwWriteVirtualMemory
SSDT            877B2AF8                                                                                                                      ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwCallbackReturn + 350                                                                                            8208085C 4 Bytes  CALL 8E8F838D
.text          ntkrnlpa.exe!ZwCallbackReturn + 828                                                                                            82080D34 4 Bytes  CALL 968F8850
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                      section is writeable [0x914C8340, 0x3500C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1832] ADVAPI32.dll!RegOpenKeyExA                                        777D0DDF 7 Bytes  JMP 0070F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                        SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                        SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                      SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D2AB871-92DE-4332-96E2-528993125FE7}             
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D2AB871-92DE-4332-96E2-528993125FE7}             
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D2AB871-92DE-4332-96E2-528993125FE7}@Path        \Microsoft\Windows Defender\MP Scheduled Scan
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D2AB871-92DE-4332-96E2-528993125FE7}@Triggers    0x15 0x00 0x00 0x00 ...
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D2AB871-92DE-4332-96E2-528993125FE7}@DynamicInfo  0x03 0x00 0x00 0x00 ...
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id      {1D2AB871-92DE-4332-96E2-528993125FE7}
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName                                                      C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy43.gthr
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber                                                    43
Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointSignature                                          c82ad9f9-ee8b-4613-851f-3d7333fd4eb1

---- EOF - GMER 1.0.15 ----
OSAM kann nicht entpacken, weil ich Winrar nicht habe. Es hatte nicht funktioniert.

MBR-Check:
Es ist keine .txt-Datei aufgetaucht?!

cosinus 02.03.2011 19:55
Zitat:
weil ich Winrar nicht habe. Es hatte nicht funktioniert.
Dann lad es runter oder nimm 7zip.

Nik1 02.03.2011 20:24
Hier ist der Log vom MBR-Check:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                (build 6000), 32-bit
Base Board Manufacturer:        ASUSTeK Computer INC.
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                System manufacturer
System Product Name:                System Product Name
Logical Drives Mask:                0x000003f5

Kernel Drivers (total 157):
  0x82000000 \SystemRoot\system32\ntkrnlpa.exe
  0x823A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x802BD000 \SystemRoot\system32\PSHED.dll
  0x802B5000 \SystemRoot\system32\BOOTVID.dll
  0x8027A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8022A000 \SystemRoot\system32\drivers\acpi.sys
  0x80221000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80219000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8047F000 \SystemRoot\system32\drivers\pci.sys
  0x8020A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80207000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80475000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80465000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8045C000 \SystemRoot\system32\DRIVERS\ViBus.sys
  0x80200000 \SystemRoot\system32\drivers\pciide.sys
  0x8044E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x80404000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807F8000 \SystemRoot\system32\drivers\atapi.sys
  0x807DA000 \SystemRoot\system32\drivers\ataport.SYS
  0x807CA000 \SystemRoot\system32\DRIVERS\ViPrt.sys
  0x807AD000 \SystemRoot\system32\DRIVERS\nvstor32.sys
  0x8076D000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8073C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x806E5000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMDS.SYS
  0x806D5000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80631000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
  0x80628000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x81EFC000 \SystemRoot\system32\drivers\ndis.sys
  0x81ED1000 \SystemRoot\system32\drivers\msrpc.sys
  0x81E98000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87EF8000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x81E2E000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x87EC2000 \SystemRoot\system32\drivers\volsnap.sys
  0x80617000 \SystemRoot\system32\DRIVERS\uagp35.sys
  0x8060F000 \SystemRoot\System32\Drivers\spldr.sys
  0x80600000 \SystemRoot\System32\drivers\partmgr.sys
  0x81E1F000 \SystemRoot\System32\Drivers\mup.sys
  0x87E9D000 \SystemRoot\System32\drivers\ecache.sys
  0x81E0E000 \SystemRoot\system32\drivers\disk.sys
  0x87E7C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x81E05000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8BE12000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8BF70000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8BEDA000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x8BE07000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x8BFE8000 \SystemRoot\system32\DRIVERS\parport.sys
  0x8C250000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x8BFD5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F2F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F2EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F2D0000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8C294000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8C29E000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8F293000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8C33C000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8F281000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F269000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x90EFD000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
  0x914C8000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x90E60000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F22C000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F201000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x90E55000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x90E3E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x90E33000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x90E10000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BEE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x914B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8BEF8000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x88C46000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x9147E000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8C2A8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x914A8000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8C2B2000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x9144A000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x88CD0000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x91DAE000 \SystemRoot\system32\drivers\ADIHdAud.sys
  0x9141D000 \SystemRoot\system32\drivers\portcls.sys
  0x91D89000 \SystemRoot\system32\drivers\drmk.sys
  0x8BF9D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8A0A8000 \SystemRoot\System32\Drivers\Null.SYS
  0x8A0AF000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8A0B6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8F34C000 \SystemRoot\System32\drivers\vga.sys
  0x91D68000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C270000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C278000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x90E05000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8C34A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8BFAF000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x91C73000 \SystemRoot\System32\drivers\tcpip.sys
  0x91404000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x91C5E000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x91C06000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS
  0x921DA000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
  0x921C6000 \SystemRoot\system32\DRIVERS\smb.sys
  0x9217F000 \SystemRoot\system32\drivers\afd.sys
  0x9214D000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x92137000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8C358000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92124000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92100000 \SystemRoot\system32\drivers\NIS\1205000.07D\Ironx86.SYS
  0x920E8000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
  0x920AD000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8C2BC000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92040000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x8A194000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x92BA2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
  0x92B85000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  0x92B6E000 \SystemRoot\System32\Drivers\dfsc.sys
  0x92AA7000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx86.sys
  0x92A90000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x888DF000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x88D10000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8BF79000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9333D000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C2DA000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x8A01B000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
  0x99600000 \SystemRoot\System32\win32k.sys
  0x8C302000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8BF16000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9EC00000 \SystemRoot\System32\TSDDD.dll
  0x9EA69000 \SystemRoot\system32\drivers\luafv.sys
  0xA1272000 \SystemRoot\system32\drivers\spsys.sys
  0x8F370000 \SystemRoot\system32\DRIVERS\fssfltr.sys
  0x88CB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA1355000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8C2C6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA15AD000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA1452000 \SystemRoot\system32\drivers\HTTP.sys
  0xA27E5000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA278C000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA2778000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA2758000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA273A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA2701000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA1401000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA26DD000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA268C000 \SystemRoot\System32\DRIVERS\srv.sys
  0x8A09A000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA2A22000 \SystemRoot\system32\drivers\peauth.sys
  0x8C2F8000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x99966000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA2677000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA2A10000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA5658000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xAA140000 \??\C:\Users\Belarus\AppData\Local\Temp\ufdiyfow.sys
  0xAA04B000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSP.SYS
  0x92052000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110302.001\IDSvix86.sys
  0xB3DC1000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110302.002\NAVEX15.SYS
  0x9E631000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110302.002\NAVENG.SYS
  0x9EC10000 \SystemRoot\System32\cdd.dll
  0x779B0000 \Windows\System32\ntdll.dll

Processes (total 65):
      0 System Idle Process
      4 System
    352 C:\Windows\System32\smss.exe
    420 csrss.exe
    472 C:\Windows\System32\wininit.exe
    484 csrss.exe
    520 C:\Windows\System32\services.exe
    532 C:\Windows\System32\lsass.exe
    540 C:\Windows\System32\lsm.exe
    632 C:\Windows\System32\winlogon.exe
    724 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\audiodg.exe
    1072 C:\Windows\System32\svchost.exe
    1088 C:\Windows\System32\SLsvc.exe
    1172 C:\Windows\System32\svchost.exe
    1356 C:\Windows\System32\svchost.exe
    1592 C:\Windows\System32\spoolsv.exe
    1628 C:\Windows\System32\svchost.exe
    1832 C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    1952 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2028 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    244 E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
    368 C:\Windows\System32\svchost.exe
    360 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    488 C:\Windows\System32\svchost.exe
    648 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    1444 C:\Windows\System32\svchost.exe
    1452 C:\Windows\System32\SearchIndexer.exe
    288 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2224 WUDFHost.exe
    2468 C:\Windows\System32\dwm.exe
    2484 C:\Windows\System32\taskeng.exe
    2568 C:\Windows\explorer.exe
    2792 C:\Windows\System32\taskeng.exe
    2904 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    2952 C:\Program Files\Windows Live\Family Safety\fsui.exe
    3108 C:\Windows\vVX3000.exe
    3220 C:\Windows\System32\rundll32.exe
    3228 C:\Program Files\Windows Sidebar\sidebar.exe
    3244 C:\Windows\System32\rundll32.exe
    3256 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3292 C:\Windows\ehome\ehtray.exe
    3344 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3428 mobsync.exe
    2996 ehmsas.exe
    3444 E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
    3764 dllhost.exe
    2988 C:\Program Files\Windows Sidebar\sidebar.exe
    5104 WmiPrvSE.exe
    4188 C:\Program Files\Internet Explorer\iexplore.exe
    5824 C:\Program Files\Internet Explorer\iexplore.exe
    3000 FlashUtil10l_ActiveX.exe
    6012 C:\Program Files\Internet Explorer\iexplore.exe
    5072 C:\Windows\System32\SearchProtocolHost.exe
    4736 C:\Program Files\Internet Explorer\iexplore.exe
    5680 C:\Windows\System32\SearchFilterHost.exe
    4552 C:\Windows\System32\SearchProtocolHost.exe
    4488 dllhost.exe
    4588 dllhost.exe
    5868 C:\Users\NIKITA\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`79200000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000010`28c00000  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR10

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 02.03.2011 20:50
Ok, das von OSAM brauche ich aber noch :pfeiff:

Nik1 02.03.2011 22:04
Ich werde es morgen nachliefern.

Nik1 03.03.2011 18:53
Der Log von OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:51:01 on 03.03.2011

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx86.sys
"catchme" (catchme) - ? - C:\Users\Belarus\AppData\Local\Temp\catchme.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110302.001\IDSvix86.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110302.002\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110302.002\NAVEX15.SYS
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"smserial" (smserial) - ? - C:\Windows\System32\DRIVERS\smserial.sys  (File not found)
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1205000.07D\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1205000.07D\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
"Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
Deployer "Deployer" - ? -  (File not found | COM-object registry key not found) / hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{3BB1D69B-A780-4BE1-876E-F3D488877135} "{3BB1D69B-A780-4BE1-876E-F3D488877135}" - ? -  (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "{67DABFBF-D0AB-41FA-9C46-CC0F21721616}" - ? -  (File not found | COM-object registry key not found) / hxxp://download.divx.com/player/DivXBrowserPlugin.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} "Windows Live Family Safety Browser Helper Class" - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fssbho.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Belarus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Nikon Monitor.lnk" - "Nikon Corporation" - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
"Philips GoGear ARIA Device Manager.lnk" - "Philips" - C:\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"fssui" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
"LifeCam" - "Microsoft Corporation" - "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
"getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe
"Norton Internet Security" (NIS) - "Symantec Corporation" - E:\Bilder Belarus\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"Windows Live Family Safety" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - none  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 04.03.2011 12:38
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Nik1 11.03.2011 22:17
Mit einer Verspätung habe ich die Logs von der SuperAntiSpyware:
Ich habe 2 gemacht, die erste musste ich aber abbrechen. Dabei wurde beim 1sten Log 3 Registrierungsdateien und 1 Speicherdatei gemeldet (aber ob die Speicherdatei wirklich gefährlich ist, kann ich als Laie nicht sagen).
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/04/2011 at 07:48 PM

Application Version : 4.49.1000

Core Rules Database Version : 6533
Trace Rules Database Version: 4345

Scan type      : Complete Scan
Total Scan Time : 01:03:53

Memory items scanned      : 692
Memory threats detected  : 0
Registry items scanned    : 9541
Registry threats detected : 3
File items scanned        : 50279
File threats detected    : 1

Rogue.Component/Trace
        HKU\S-1-5-21-1558237076-1912684917-1743140925-1003\Software\54583524216994432838197925642372
        HKU\S-1-5-21-1558237076-1912684917-1743140925-1003\Software\54583524216994432838197925642372\Options
        HKU\S-1-5-21-1558237076-1912684917-1743140925-1003\Software\54583524216994432838197925642372\Options#AdvancedScanType

Adware.Tracking Cookie
        www.trackshittaz.at [ C:\Users\NIKITA\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SS4S5XRW ]

Code:
SUPERAntiSpyware Scann-Protokoll

hxxp://www.superantispyware.com

Generiert 03/11/2011 bei 09:55 PM

Version der Applikation : 4.49.1000

Version der Kern-Datenbank : 6533
Version der Spur-Datenbank : 4345

Scan Art      : kompletter Scann
Totale Scann-Zeit : 02:01:43

Gescannte Speicherelemente  : 635
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 9540
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 181035
Erfasste Datei-Elemente  : 0
Malwarebytes werde ich morgen nachliefern.

Wieso wurden die 3 Registrierungsdateien erst jetzt entdeckt?

cosinus 12.03.2011 12:28
Das sind nur Überreste. Ich denke Malwarebytes wird nichts finden, aber warten wir es ab.

Nik1 12.03.2011 22:15
Hast recht, MWB hat nichts gefunden:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6037

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

12.03.2011 22:13:25
mbam-log-2011-03-12 (22-13-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 332211
Laufzeit: 1 Stunde(n), 1 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 13.03.2011 14:12
Sieht doch gut aus. Rechner wieder ok? :)

Nik1 13.03.2011 16:04
Ich würde sagen, er ist OK. Heißt es, System Tool ist jetzt weg (Restrisiko bleibt trotzdem)?

cosinus 13.03.2011 19:03
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink (Mozilla und andere Browser) => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Nik1 14.03.2011 07:16
Werd ich machen. Danke.

Nik1 17.03.2011 21:04
Mein Computer streikt in letzter Zeit und funktioniert teilweise langsamer.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131