Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Kazy.mekml.1 - Befall (https://www.trojaner-board.de/98294-tr-kazy-mekml-1-befall.html)

omx 27.04.2011 14:06
TR/Kazy.mekml.1 - Befall
 
Dateien unsichtbar, kritischer Zustand, Festplatte defekt etc. !!!
Wie bei anderen Usern auch die Frage: Wie bekomme ich diesen Trojaner weg?
Der OTL-Scan läuft gerade.
Ich erbitte Hilfe, da es wohl keine Pauschallösung gibt.

markusg 27.04.2011 14:36
dann poste doch erst mal die otl logs

omx 27.04.2011 15:02
sry, der malwarebytes-scan läuft gerade. werde otl im anschluss scannen,
oder nicht nötig ?

markusg 27.04.2011 15:20
doch malwarebytes posten, danach otl

omx 27.04.2011 15:38
malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6456

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

27.04.2011 16:34:58
mbam-log-2011-04-27 (16-34-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 337312
Laufzeit: 2 Stunde(n), 11 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.FakeMS.VGen) -> Value: 4E3E0230AEBB4E96 -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8AE076C7-B185-5964-8D3D-ADCC7D0030C5} (Trojan.ZbotR.Gen) -> Value: {8AE076C7-B185-5964-8D3D-ADCC7D0030C5} -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cleansweep.exe (Trojan.Agent) -> Value: cleansweep.exe -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\cleansweep.exe (Trojan.Agent) -> No action taken.
c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken.

Infizierte Dateien:
c:\Recycle.Bin\recycle.bin.exe (Trojan.FakeMS.VGen) -> No action taken.
c:\Users\Stoni\AppData\Local\Temp\tmpDC49.tmp (Trojan.FakeAlert) -> No action taken.
c:\cleansweep.exe\config.bin (Trojan.Agent) -> No action taken.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> No action taken.

markusg 27.04.2011 15:39
das was ich hier sehe gefällt mir schon jetzt nicht :d
machst du onlinebanking einköäufe oder sonst was wichtiges mit dem pc?

omx 27.04.2011 15:41
onlinebanking, einkäufe etc. - klar alles solche dinge !!!

markusg 27.04.2011 15:44
ok.
1. bank sofort anrufen sperren lassen, der spyeye den du auf dem pc hast klaut daten.
2. falls vorhanden von sauberem pc aus passwörter endern.
3.
lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
4. da wir nicht garantieren können, das wir dein system sauber bekommen, ist formatieren angesagt! vorher daten sichern.
wenn du willst, helfe ich dir, das system diesmal richtig abzusichern.

omx 27.04.2011 15:49
unhide kommt später !
otl läuft jetzt !
ok, werde konten für onlinebanking sperren lasssen.
datensicherung mache ich ...

markusg 27.04.2011 15:50
ok poste otl ich sehe es mir an, aber neu aufsetzen wirst du müssen

omx 27.04.2011 15:51
otl:OTL Logfile:
Code:
OTL logfile created on: 27.04.2011 16:42:44 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Stoni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 29,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 45,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 205,80 Gb Total Space | 62,25 Gb Free Space | 30,25% Space Free | Partition Type: NTFS
Drive D: | 27,07 Gb Total Space | 17,43 Gb Free Space | 64,39% Space Free | Partition Type: FAT32
Drive G: | 483,56 Mb Total Space | 96,30 Mb Free Space | 19,91% Space Free | Partition Type: FAT
 
Computer Name: STONI-PC | User Name: Stoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.27 14:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stoni\Downloads\OTL.exe
PRC - [2011.04.27 14:06:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.05 16:11:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.16 17:18:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.11.24 20:25:15 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 09:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.08.08 00:12:10 | 000,797,696 | ---- | M] (ODSoft multimedia) -- C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.12 16:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.06.20 23:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2007.05.22 16:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.05.18 16:14:14 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007.05.11 04:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007.04.26 14:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.27 20:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.27 19:57:54 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.01.30 17:47:46 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2003.12.02 08:49:00 | 000,053,248 | ---- | M] (GEAR Software) -- C:\Windows\System32\gearsec.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.27 14:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stoni\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - [2011.04.27 14:06:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.16 17:18:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.23 14:34:27 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.11.17 15:18:52 | 001,527,900 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2003.12.02 08:49:00 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\Windows\System32\gearsec.exe -- (gearsec)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 17:18:06 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.24 20:25:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.07.09 02:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.06.26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2007.06.11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.05.24 14:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.05 21:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.05 16:11:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.05 16:11:25 | 000,000,000 | ---D | M]
 
[2010.09.03 13:17:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stoni\AppData\Roaming\mozilla\Extensions
[2011.03.30 22:12:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions
[2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (Speed Dial) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\vshare@toolbar
[2011.03.07 08:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.20 11:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.19 14:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 15:02:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.20 16:25:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 08:21:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011.04.05 16:11:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.04.05 16:11:16 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.05 16:11:16 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.04.05 16:11:16 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.05 16:11:16 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.05 16:11:16 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.05 16:11:16 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{8AE076C7-B185-5964-8D3D-ADCC7D0030C5}]  File not found
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  File not found
O4 - HKCU..\Run: [cleansweep.exe]  File not found
O4 - HKCU..\Run: [KiesTrayAgent]  File not found
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - HKCU..\Run: [RGSC]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stoni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stoni\Pictures\Stoni & Friends\_lwf0000.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stoni\Pictures\Stoni & Friends\_lwf0000.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ca45d4b8-de2c-11dd-8820-001060d023da}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 14:20:20 | 000,000,000 | ---D | C] -- C:\Users\Stoni\AppData\Roaming\Malwarebytes
[2011.04.27 14:20:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.27 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.27 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.27 14:20:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.27 14:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.25 14:13:29 | 000,000,000 | ---D | C] -- C:\Users\Stoni\AppData\Roaming\Avira
[2011.04.16 00:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.16 00:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.04.16 00:51:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.14 16:43:41 | 000,000,000 | -H-D | C] -- C:\Users\Stoni\Desktop\Gran.Turismo.5.Official.Game.Guide.PS3
[2011.04.14 09:46:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 09:46:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 09:45:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 09:45:57 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 09:45:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 09:45:27 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 09:45:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 09:45:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 09:45:27 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 09:45:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 09:45:25 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 09:45:21 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 09:45:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 09:45:18 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.31 14:41:06 | 000,000,000 | RH-D | C] -- C:\Users\Stoni\Documents\Home-Physio
[2011.03.30 11:26:19 | 000,000,000 | -H-D | C] -- C:\Users\Stoni\ElsterFormular
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 16:19:47 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 16:19:47 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 16:02:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 14:20:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.27 14:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.27 12:24:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.26 19:59:23 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3BC906B6-DBF1-4D93-BFD3-20BEBE5F3A0C}.job
[2011.04.26 07:47:53 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 07:47:53 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 07:47:53 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 07:47:53 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.25 14:12:28 | 000,001,743 | ---- | M] () -- C:\Users\Stoni\Desktop\Windows Mail.lnk
[2011.04.25 13:44:32 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.25 13:32:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.21 19:28:32 | 000,112,183 | -H-- | M] () -- C:\Users\Stoni\AppData\Roaming\nvModes.001
[2011.04.21 08:13:54 | 000,112,183 | -H-- | M] () -- C:\Users\Stoni\AppData\Roaming\nvModes.dat
[2011.04.16 00:55:24 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.14 22:22:14 | 000,007,592 | -H-- | M] () -- C:\Users\Stoni\AppData\Local\d3d9caps.dat
[2011.04.14 12:47:45 | 000,480,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.10 11:19:37 | 000,262,144 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.04.05 16:30:50 | 000,210,944 | -H-- | M] () -- C:\Users\Stoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 14:20:10 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.25 14:12:28 | 000,001,743 | ---- | C] () -- C:\Users\Stoni\Desktop\Windows Mail.lnk
[2011.04.16 00:55:24 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.05 16:11:28 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010.06.24 12:49:45 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.04.27 15:10:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.04.27 15:10:22 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.08.08 19:17:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.08 19:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.05 00:12:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.09.18 22:26:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.16 23:12:55 | 000,024,785 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\UserTile.png
[2008.08.24 15:24:50 | 000,000,000 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\Default.PLS
[2008.08.10 11:11:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.03.14 09:02:36 | 000,007,592 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\d3d9caps.dat
[2008.01.23 09:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.01.05 23:29:23 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.05 22:56:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.11.26 20:18:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.11.26 15:51:09 | 000,112,183 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\nvModes.001
[2007.11.26 15:51:08 | 000,112,183 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\nvModes.dat
[2007.11.26 01:02:26 | 000,000,234 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\wklnhst.dat
[2007.11.26 00:49:25 | 000,210,944 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.26 00:25:48 | 000,000,093 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\fusioncache.dat
[2007.10.20 05:46:52 | 000,001,500 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.10.19 08:23:05 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.10.19 08:23:05 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.10.19 05:26:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.18 07:54:34 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.18 07:54:16 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.17 15:13:05 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.10.17 14:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2007.10.10 11:38:38 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2007.10.02 17:05:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.02 17:03:19 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys
[2007.10.02 17:03:19 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys
[2007.10.01 14:10:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,480,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >
--- --- ---

omx 27.04.2011 15:51
otl:OTL Logfile:
Code:
OTL logfile created on: 27.04.2011 16:42:44 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Stoni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 29,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 45,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 205,80 Gb Total Space | 62,25 Gb Free Space | 30,25% Space Free | Partition Type: NTFS
Drive D: | 27,07 Gb Total Space | 17,43 Gb Free Space | 64,39% Space Free | Partition Type: FAT32
Drive G: | 483,56 Mb Total Space | 96,30 Mb Free Space | 19,91% Space Free | Partition Type: FAT
 
Computer Name: STONI-PC | User Name: Stoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.27 14:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stoni\Downloads\OTL.exe
PRC - [2011.04.27 14:06:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.05 16:11:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.16 17:18:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.11.24 20:25:15 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 09:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.08.08 00:12:10 | 000,797,696 | ---- | M] (ODSoft multimedia) -- C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.12 16:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.06.20 23:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2007.05.22 16:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.05.18 16:14:14 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007.05.11 04:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007.04.26 14:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.27 20:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.27 19:57:54 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.01.30 17:47:46 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2003.12.02 08:49:00 | 000,053,248 | ---- | M] (GEAR Software) -- C:\Windows\System32\gearsec.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.27 14:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stoni\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - [2011.04.27 14:06:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.16 17:18:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.23 14:34:27 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.11.17 15:18:52 | 001,527,900 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2003.12.02 08:49:00 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\Windows\System32\gearsec.exe -- (gearsec)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 17:18:06 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.24 20:25:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.07.09 02:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.06.26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)
DRV - [2007.06.11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.05.24 14:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.05 21:28:00 | 000,076,288 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.05 16:11:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.05 16:11:25 | 000,000,000 | ---D | M]
 
[2010.09.03 13:17:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stoni\AppData\Roaming\mozilla\Extensions
[2011.03.30 22:12:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions
[2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (Speed Dial) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\vshare@toolbar
[2011.03.07 08:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.20 11:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.19 14:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 15:02:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.20 16:25:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 08:21:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011.04.05 16:11:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.04.05 16:11:16 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.05 16:11:16 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.04.05 16:11:16 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.05 16:11:16 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.05 16:11:16 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.05 16:11:16 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{8AE076C7-B185-5964-8D3D-ADCC7D0030C5}]  File not found
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  File not found
O4 - HKCU..\Run: [cleansweep.exe]  File not found
O4 - HKCU..\Run: [KiesTrayAgent]  File not found
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - HKCU..\Run: [RGSC]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stoni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stoni\Pictures\Stoni & Friends\_lwf0000.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stoni\Pictures\Stoni & Friends\_lwf0000.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ca45d4b8-de2c-11dd-8820-001060d023da}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 14:20:20 | 000,000,000 | ---D | C] -- C:\Users\Stoni\AppData\Roaming\Malwarebytes
[2011.04.27 14:20:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.27 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.27 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.27 14:20:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.27 14:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.25 14:13:29 | 000,000,000 | ---D | C] -- C:\Users\Stoni\AppData\Roaming\Avira
[2011.04.16 00:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.16 00:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.04.16 00:51:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.14 16:43:41 | 000,000,000 | -H-D | C] -- C:\Users\Stoni\Desktop\Gran.Turismo.5.Official.Game.Guide.PS3
[2011.04.14 09:46:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 09:46:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 09:45:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 09:45:57 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 09:45:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 09:45:27 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 09:45:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 09:45:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 09:45:27 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 09:45:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 09:45:25 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 09:45:21 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 09:45:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 09:45:18 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.31 14:41:06 | 000,000,000 | RH-D | C] -- C:\Users\Stoni\Documents\Home-Physio
[2011.03.30 11:26:19 | 000,000,000 | -H-D | C] -- C:\Users\Stoni\ElsterFormular
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 16:19:47 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 16:19:47 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 16:02:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 14:20:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.27 14:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.27 12:24:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.26 19:59:23 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3BC906B6-DBF1-4D93-BFD3-20BEBE5F3A0C}.job
[2011.04.26 07:47:53 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 07:47:53 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 07:47:53 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 07:47:53 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.25 14:12:28 | 000,001,743 | ---- | M] () -- C:\Users\Stoni\Desktop\Windows Mail.lnk
[2011.04.25 13:44:32 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.25 13:32:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.21 19:28:32 | 000,112,183 | -H-- | M] () -- C:\Users\Stoni\AppData\Roaming\nvModes.001
[2011.04.21 08:13:54 | 000,112,183 | -H-- | M] () -- C:\Users\Stoni\AppData\Roaming\nvModes.dat
[2011.04.16 00:55:24 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.14 22:22:14 | 000,007,592 | -H-- | M] () -- C:\Users\Stoni\AppData\Local\d3d9caps.dat
[2011.04.14 12:47:45 | 000,480,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.10 11:19:37 | 000,262,144 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.04.05 16:30:50 | 000,210,944 | -H-- | M] () -- C:\Users\Stoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 14:20:10 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.25 14:12:28 | 000,001,743 | ---- | C] () -- C:\Users\Stoni\Desktop\Windows Mail.lnk
[2011.04.16 00:55:24 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.05 16:11:28 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010.06.24 12:49:45 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.04.27 15:10:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.04.27 15:10:22 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.08.08 19:17:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.08 19:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.05 00:12:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.09.18 22:26:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.16 23:12:55 | 000,024,785 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\UserTile.png
[2008.08.24 15:24:50 | 000,000,000 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\Default.PLS
[2008.08.10 11:11:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.03.14 09:02:36 | 000,007,592 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\d3d9caps.dat
[2008.01.23 09:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.01.05 23:29:23 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.05 22:56:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.11.26 20:18:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.11.26 15:51:09 | 000,112,183 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\nvModes.001
[2007.11.26 15:51:08 | 000,112,183 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\nvModes.dat
[2007.11.26 01:02:26 | 000,000,234 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\wklnhst.dat
[2007.11.26 00:49:25 | 000,210,944 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.26 00:25:48 | 000,000,093 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\fusioncache.dat
[2007.10.20 05:46:52 | 000,001,500 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.10.19 08:23:05 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.10.19 08:23:05 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.10.19 05:26:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.18 07:54:34 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.18 07:54:16 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.17 15:13:05 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.10.17 14:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2007.10.10 11:38:38 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2007.10.02 17:05:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.02 17:03:19 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys
[2007.10.02 17:03:19 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys
[2007.10.01 14:10:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,480,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >
--- --- ---

markusg 27.04.2011 15:54
ok da ist noch was das ich benötige.
mach erst mal unhide.
• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe ()
:Files
C:\Recycle.Bin
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

omx 27.04.2011 16:35
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 deleted successfully.
File C:\Recycle.Bin\Recycle.Bin.exe not found.
========== FILES ==========
File\Folder C:\Recycle.Bin not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Stoni
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stoni
->Temp folder emptied: 3299321561 bytes
->Temporary Internet Files folder emptied: 676710997 bytes
->Java cache emptied: 61455526 bytes
->FireFox cache emptied: 316981564 bytes
->Apple Safari cache emptied: 11993088 bytes
->Opera cache emptied: 11080317 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 256903 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 646790585 bytes
RecycleBin emptied: 7541751641 bytes

Total Files Cleaned = 11.984,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04272011_171341

Files\Folders moved on Reboot...
C:\Users\Stoni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GPFH11R\www10_de_shopping_com[1].htm moved successfully.
File\Folder C:\Users\Stoni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AVEU916\adFrameCommon[1].htm not found!
File\Folder C:\Users\Stoni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AVEU916\adFrameCommon[2].htm not found!
File\Folder C:\Windows\temp\JET9CBB.tmp not found!
C:\Windows\temp\JETFF25.tmp moved successfully.

Registry entries deleted on Reboot...

den upload versuche ich jetzt ...

omx 27.04.2011 16:53
nach dem neustart soweit alles gut, jedoch
erscheint weiterhin alle 5 minuten ein fenster:
internet-explorer-skriptfehler ...
obwohl ich mit mozille arbeite !!!

markusg 27.04.2011 17:09
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

omx 27.04.2011 18:34
Combofix Logfile:
Code:
ComboFix 11-04-26.05 - Stoni 27.04.2011  18:42:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1182 [GMT 2:00]
ausgeführt von:: c:\users\Stoni\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleansweep.exe
c:\cleansweep.exe\cleansweep.exe
c:\cleansweep.exe\config.bin
C:\Install.exe
c:\users\Stoni\AppData\Roaming\Ilgece\ulwyy.exe
c:\users\Stoni\Pictures\desktop_2.ini
c:\windows\system32\midas.dll
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-27 bis 2011-04-27  ))))))))))))))))))))))))))))))
.
.
2011-04-27 17:00 . 2011-04-27 17:05        --------        d-----w-        c:\users\Stoni\AppData\Local\temp
2011-04-27 17:00 . 2011-04-27 17:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-27 15:08 . 2011-04-27 15:08        --------        d-----w-        C:\_OTL
2011-04-27 12:20 . 2011-04-27 12:20        --------        d-----w-        c:\users\Stoni\AppData\Roaming\Malwarebytes
2011-04-27 12:20 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 12:20 . 2011-04-27 12:20        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-27 12:20 . 2011-04-27 12:20        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-27 10:24 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0F74CC4-DAC1-479E-B1C4-DEFAE6E27066}\mpengine.dll
2011-04-25 12:13 . 2011-04-25 12:13        --------        d-----w-        c:\users\Stoni\AppData\Roaming\Avira
2011-04-15 22:54 . 2011-04-15 22:54        --------        d-----w-        c:\program files\iPod
2011-04-14 07:46 . 2011-02-18 14:03        305152        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-04-14 07:46 . 2011-02-18 14:03        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-04-14 07:46 . 2011-02-18 14:03        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-04-14 07:46 . 2011-02-16 16:16        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-04-14 07:46 . 2011-02-16 14:02        292864        ----a-w-        c:\windows\system32\atmfd.dll
2011-04-14 07:46 . 2011-02-22 13:24        213504        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 07:46 . 2011-02-22 13:24        79360        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 07:46 . 2011-02-22 13:23        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 07:46 . 2011-02-22 13:23        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-04-05 14:11 . 2011-04-05 14:11        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-05 14:11 . 2011-04-05 14:11        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll
2011-04-05 14:11 . 2011-04-05 14:11        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-05 14:11 . 2011-04-05 14:11        728024        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-05 14:11 . 2011-04-05 14:11        1893336        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-05 14:11 . 2011-04-05 14:11        142296        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll
2011-04-05 14:11 . 2011-04-05 14:11        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-05 14:11 . 2011-04-05 14:11        1975768        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-30 09:26 . 2011-03-30 09:29        --------        d-----w-        c:\users\Stoni\ElsterFormular
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 15:18 . 2010-11-23 14:27        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-22 14:13 . 2011-03-23 08:08        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 08:08        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 08:08        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-18 15:36 . 2011-02-18 15:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-04-20 09:56        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 16:02        222080        ------w-        c:\windows\system32\MpSigStub.exe
2009-09-25 16:41 . 2009-09-25 16:41        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-05 14:11 . 2011-04-05 14:11        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-03-25 2355296]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-03-25 11:31        2355296        ----a-w-        c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 09:06        2355224        ----a-w-        c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-03-25 2355296]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-03-25 2355296]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files\Samsung\Kies\" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 1025320]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-23 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-09 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-09 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-24 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 133104]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-02 53248]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 23:56]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 23:56]
.
2011-04-26 c:\windows\Tasks\User_Feed_Synchronization-{3BC906B6-DBF1-4D93-BFD3-20BEBE5F3A0C}.job
- c:\windows\system32\msfeedssync.exe [2008-07-05 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\Stoni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: {230E5809-FD3B-4D5B-903D-C6C0EF0E8EB7} = 62.109.123.7 213.191.92.86
FF - ProfilePath - c:\users\Stoni\AppData\Roaming\Mozilla\Firefox\Profiles\ag8h20us.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-{8AE076C7-B185-5964-8D3D-ADCC7D0030C5} - c:\users\Stoni\AppData\Roaming\Ilgece\ulwyy.exe
HKCU-Run-4E3E0230AEBB4E96 - c:\recycle.bin\Recycle.Bin.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-RemoteControl - c:\program files\HomeCinema\PowerDVD\PDVDServ.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-27 19:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2015449509-1598251346-3632004687-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:65,8d,f5,5c,34,aa,84,f9,53,6f,0b,2c,6b,dc,d7,44,3c,21,2a,9f,5e,df,fd,
  8f,fe,08,25,2b,c8,0c,9e,8e,e9,ba,9a,56,e6,a0,8f,4e,72,e5,0b,cb,79,62,5e,68,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-2015449509-1598251346-3632004687-1003\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:f2,f8,4c,f7,65,94,52,f9,5b,46,8e,ad,e0,36,cd,e8,8d,cb,b4,68,bf,
  3c,a3,6d,bb,6b,5d,89,8c,1c,00,6b,d3,6e,c8,7e,2d,d5,15,aa,18,47,27,bf,59,80,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-27  19:14:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-27 17:13
.
Vor Suchlauf: 14 Verzeichnis(se), 79.250.001.920 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 78.648.131.584 Bytes frei
.
- - End Of File - - F9993C2AA6513F6D116FE8CA83CBE268
--- --- ---

markusg 27.04.2011 18:44
sieht nicht gut aus, machst du onlinebanking /einkäufe oder sonst was wichtiges?
öffne computer c: qoobox rechtsklick quarantain, mit winrar oder zip packen, hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

omx 27.04.2011 18:46
yo mach ich, aber bislang alles gut!
moment, lade gleich hoch ...

markusg 27.04.2011 19:26
naja alles gut, würde ich nicht sagen, die malware stielt zugangsdaten, lasse umgehend onlinebanking sperren. notfall nummer
116 116
danach:
dieser trojaner kann nicht mit 100 %iger sicherheit bereinigt werden, deswegen:
- daten sichern, dann formatieren und neu aufsetzen, ich erkläre dir wie du den pc dann richtig absicherst.

omx 28.04.2011 07:53
wie kann ich ihn dann sichern ?

markusg 28.04.2011 11:28
hast du deine daten bereits gesichert?
wirst du zum formatieren eine recovery partition, recovery cd oder normale windows cd nutzen?
weist du wie das mit dem formatieren abläuft?

omx 28.04.2011 13:42
nein noch nicht, aber online-banking gesperrt!
ich glaube, medion hat eine recovery cd dabei.
hast du einen tipp für eine option, mit der ich auf meiner externen
festplatte ein back-up ablege, um nach der neuinstallation
den rechner wieder in den alten zustand zu bringen?
vor allem für das windows-mail !

der hilflose

markusg 28.04.2011 13:45
naja ganz in den alten zustand wirds wohl nicht gehen, über so was macht man sich auch einfach mal vorher gedanken, nicht wenns zu spät ist.
was hättest denn zb gemacht wenn deine festplatte mal kaputt ist?
in zukunft wirst du ein regelmäßiges backup erstellen wenn du dich an das konzept hällst was ich dir noch poste
sichere bilder dokumente musik, nur das was du aus legalen quellen hast.
mail:
Windows Live Mail – E-Mails sichern

omx 28.04.2011 13:54
yo werde ich. für die daten kann ich die dateisicherung vom vista nehmen?
und ein back-up-programm kannst du mir vielleicht empfehlen ;-)
format c funktioniert wie ?

markusg 28.04.2011 15:58
nein sichere die daten die du benötigst per hand.
wenn du so weit bist kommt weiteres

omx 18.05.2011 08:50
sry, war im urlaub. daten sind gesichert. wie läuft ne saubere formatierung ? habe ne d-partition als reboot. soll ich die benutzen?

markusg 18.05.2011 10:40
hi, ja, die recovery funktion benutzen.
weist du wie das funktioniert, falls nein mal geräte typ aufschreiben
bzw auch mal im handbuch schauen.

omx 18.05.2011 11:10
d.h. dann die partition löschen mit der recovery cd?
habe vista & im netz wurde es so beschrieben.

markusg 18.05.2011 14:08
verstehe nicht was genau du meinst. die recovery cd formatiert die partiton mit windows, falls es das war was du meintest.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19