Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.01.2012, 18:14   #1
dieba
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Hallo,

es geht um den Laptop meiner Frau, ein Targa Traveller 1720 ML42 mit Vista Home Basic. In den letzten Monaten wurde das Arbeiten manchmal sehr mühsam, da zeitweise permanenter Plattenzugriff das Arbeiten blockierte. Ebenfalls waren Bootzeit und die Zeit, bis nach dem Booten eine vernünftige Eingabe möglich war, sehr verlängert. Am 1. Januar blieb der Rechner beim Herunterfahren hängen, nach ca 1/2 Stunde Wartezeit schaltete ich ihn dann aus. Anschließend ließ er sich nicht mehr booten, auch die Recovery-CD blieb beim booten an der gleichen Stelle hängen. Über F10 (ich wollte eigentlich in Bios) bekam ich eine Option gepromptet (weiss leider nicht mehr den Namen), über die der Rechner Gottseidank wieder bootete. Ich habe danach aufgeräumt und eine Sicherung erstellt. Die Deaktivierung von Superfetch und einiger autorun starts (u.a. Spybot S&D) brachte bzgl der Plattenzugriffe einige Erleichterung. Beim Aufräumen stiess ich allerdings auf zwei Hinweise:

1. Avira zeigte mir unter Quarantäne an: Datei C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe ist das Trojanische Pferd TR/Agent.1042480 21.07.2011 (leider kein log mehr vorhanden)
ein letzter Avira Vollscan lieferte HKEY_LOCAL_MACHINE\Software\DeterministicNetworks\DNE\Parameters\symboliclinkvalue [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. (logdatei angehängt)

2. Malwarebytes zeigte mir an Infizierte Dateien:
c:\Users\christa\downloads\setupdralex.exe (Backdoor.Bot) -> Quarantined and deleted successfully. (logdatei angehängt)

Nun habe ich Bedenken, dass der Rechner doch kompromittiert sein könnte, und würde mich über Info/Rat freuen.

Ich habe mich durch http://www.trojaner-board.de/69886-a...-beachten.html durchgearbeitet und bin bei 2 Stellen hängen geblieben: defogger lief ohne Probleme durch, aus der Anleitung ging für mich aber nicht eindeutig hervor, ob ich nur im Fehlerfall nicht auf "re-enable" drücken darf, habe das Programm ohne Drücken beendigt. War das ok? Und beim Zippen der Logdateien habe ich erst .7z Archiv (default) erstellt, bis ich dann merkte, dass nur .zip hochgeladen werden darf. Vielleicht dazu noch ein Hinweis in der Anleitung.

Danke im voraus,
dieba

Code:
ATTFilter
OTL logfile created on: 06.01.2012 13:56:11 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\christa\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,71 Mb Total Physical Memory | 489,17 Mb Available Physical Memory | 54,67% Memory free
3,84 Gb Paging File | 3,10 Gb Available in Paging File | 80,72% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,57 Gb Total Space | 50,42 Gb Free Space | 49,64% Space Free | Partition Type: NTFS
 
Computer Name: FREIZEIT | User Name: christa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.06 13:50:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\christa\Desktop\OTL.exe
PRC - [2011.07.01 11:03:22 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 11:54:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.09.25 13:07:58 | 000,181,624 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
PRC - [2008.09.22 07:02:08 | 001,119,624 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAB8SWK.EXE
PRC - [2006.12.29 11:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.19 14:42:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\o2flash.exe
PRC - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.12.21 19:09:26 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2007.01.08 12:08:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.01 11:03:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 11:54:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.12 03:20:08 | 000,095,896 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.10.23 16:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Program Files\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006.10.19 14:42:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\o2flash.exe -- (O2Flash)
SRV - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.01 11:03:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 11:03:26 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.11.22 11:06:08 | 000,893,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.11.21 10:21:06 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.08.01 15:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2007.05.11 15:28:30 | 000,357,376 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2007.01.19 09:41:06 | 000,077,824 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGR1310_60.sys -- (AGR1310_60)
DRV - [2007.01.08 12:16:50 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.30 16:30:30 | 000,811,440 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006.11.20 15:14:08 | 000,038,400 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006.11.17 13:58:32 | 000,031,360 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.10.28 00:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.10.05 16:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006.09.21 14:22:42 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfbd.sys -- (tosrfbd)
DRV - [2006.07.10 15:17:48 | 000,016,896 | ---- | M] (WideView Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BDA_Loader_220A.sys -- (BDA_Loader_220A)
DRV - [2006.07.03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2005.08.18 18:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.05.17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.juelich.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google Deutschland"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.juelich.de/stabue/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.3
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.98.20110322
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.04 12:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.03 18:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.13 20:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.08.20 11:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christa\AppData\Roaming\mozilla\Extensions
[2010.08.20 11:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christa\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.06 12:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions
[2010.05.24 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.14 19:23:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.11.12 18:02:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.03.26 20:52:04 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions\ietab@ip.cn
[2012.01.06 12:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions\staged
[2012.01.03 17:22:08 | 000,002,128 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\booklooker.xml
[2012.01.03 17:22:08 | 000,005,203 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\buchticket-autorensuche.xml
[2012.01.03 17:22:09 | 000,002,454 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\google-deutschland.xml
[2012.01.03 17:22:09 | 000,002,786 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\google-images.xml
[2012.01.03 17:22:09 | 000,002,007 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\leo-en-de.xml
[2012.01.04 12:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\CHRISTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P6T23GQ.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
() (No name found) -- C:\USERS\CHRISTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P6T23GQ.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\USERS\CHRISTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P6T23GQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.04 12:33:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.04 12:33:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.04 12:33:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.04 12:33:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.04 12:33:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.04 12:33:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.04 12:33:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\christa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011.11.10 11:20:39 | 000,000,000 | -H-D | M]
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C1F45C5-0DFA-4E69-87DD-49FAC983ED1C}: DhcpNameServer = 172.16.15.254 10.0.0.138 194.109.6.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F988EA9-9DF7-4BEE-B4D9-821228261E1C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63875ECE-B993-498D-8FA7-8E83293B6696}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2965EE1-3C04-423A-A5A1-A3197B0707FA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Programme\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 16777216
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled - 
ActiveX: ccc-core-static - msiexec /fums {AA696568-50B5-9FAA-60D7-9C333239C3A4} /qb
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase-6 Reminder.lnk - C:\Programme\phase-6\phase-6-basic\reminder\reminder.exe - (phase-6)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Sidebar - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.06 13:50:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\christa\Desktop\OTL.exe
[2012.01.04 21:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.01.04 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.01.04 18:10:51 | 000,000,000 | ---D | C] -- C:\Users\christa\!!Systemänderungen
[2012.01.04 17:29:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2012.01.03 20:13:49 | 000,000,000 | ---D | C] -- C:\Users\christa\AppData\Roaming\JAM Software
[2012.01.03 20:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2012.01.03 20:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2012.01.02 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012.01.01 15:33:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012.01.01 15:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.01.01 15:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2011.12.22 20:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011.12.17 12:20:50 | 000,000,000 | ---D | C] -- C:\Windows\ISP
[2011.12.17 12:20:36 | 000,000,000 | ---D | C] -- C:\Users\christa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Circus
[2011.12.17 12:19:57 | 000,000,000 | ---D | C] -- C:\CIRCUS
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.06 13:50:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\christa\Desktop\OTL.exe
[2012.01.06 13:46:21 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.06 13:44:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.06 12:40:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.06 12:26:23 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 12:26:23 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 12:22:44 | 000,000,000 | ---- | M] () -- C:\Users\christa\defogger_reenable
[2012.01.06 12:19:14 | 000,050,477 | ---- | M] () -- C:\Users\christa\Desktop\Defogger.exe
[2012.01.06 12:01:06 | 000,002,527 | ---- | M] () -- C:\Users\christa\Desktop\HiJackThis.lnk
[2012.01.06 11:28:34 | 000,006,144 | ---- | M] () -- C:\Users\christa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.06 10:30:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.05 00:08:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.05 00:07:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.05 00:07:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.05 00:07:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.05 00:07:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.04 21:33:56 | 000,001,017 | ---- | M] () -- C:\Users\christa\Desktop\procexp.lnk
[2011.12.31 17:34:50 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2011.12.25 16:16:27 | 000,000,085 | ---- | M] () -- C:\Windows\QTW.INI
[2011.12.19 14:57:21 | 000,112,579 | ---- | M] () -- C:\Users\christa\Desktop\Jahresrundbrief 2011_std.pdf
[2011.12.17 12:20:50 | 000,000,120 | ---- | M] () -- C:\Windows\isp.ini
[2011.12.17 03:09:37 | 000,318,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.11 19:02:25 | 002,861,852 | ---- | M] () -- C:\Users\christa\Desktop\England2011.pdf
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.10 01:33:58 | 011,296,768 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Sandra.mdb
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.06 13:46:21 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.06 12:22:44 | 000,000,000 | ---- | C] () -- C:\Users\christa\defogger_reenable
[2012.01.06 12:19:08 | 000,050,477 | ---- | C] () -- C:\Users\christa\Desktop\Defogger.exe
[2012.01.04 21:33:56 | 000,001,017 | ---- | C] () -- C:\Users\christa\Desktop\procexp.lnk
[2012.01.02 21:41:30 | 000,001,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012.01.01 15:52:54 | 011,296,768 | ---- | C] () -- C:\Users\christa\AppData\Roaming\Sandra.mdb
[2011.12.19 14:57:18 | 000,112,579 | ---- | C] () -- C:\Users\christa\Desktop\Jahresrundbrief 2011_std.pdf
[2011.12.17 15:59:51 | 000,000,085 | ---- | C] () -- C:\Windows\QTW.INI
[2011.12.17 12:20:50 | 000,000,120 | ---- | C] () -- C:\Windows\isp.ini
[2011.12.17 12:19:59 | 000,003,888 | ---- | C] () -- C:\Windows\System\MCIQTENU.DLL
[2011.12.11 19:02:25 | 002,861,852 | ---- | C] () -- C:\Users\christa\Desktop\England2011.pdf
[2011.06.14 08:21:40 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.09.06 21:53:39 | 000,017,408 | ---- | C] () -- C:\Users\christa\AppData\Local\WebpageIcons.db
[2010.08.06 17:40:38 | 000,000,680 | ---- | C] () -- C:\Users\christa\AppData\Local\d3d9caps.dat
[2010.06.07 18:33:15 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.09.25 16:06:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.25 16:06:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.08.02 11:33:53 | 000,001,796 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.11.02 17:09:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.05.26 22:57:48 | 000,000,600 | ---- | C] () -- C:\Users\christa\AppData\Local\PUTTY.RND
[2007.11.21 10:21:03 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2007.11.21 10:21:03 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2007.11.21 10:21:03 | 000,110,592 | ---- | C] () -- C:\Windows\System32\AegisI5.exe
[2007.09.09 01:10:22 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.24 11:37:46 | 000,006,144 | ---- | C] () -- C:\Users\christa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.23 18:34:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.06.21 17:15:03 | 000,000,000 | ---- | C] () -- C:\Users\christa\AppData\Roaming\wklnhst.dat
[2007.02.09 14:40:18 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.02.09 14:40:17 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.01.20 14:35:19 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.01.18 13:47:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2007.01.18 13:47:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2007.01.18 13:47:20 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll
[2007.01.18 13:02:43 | 000,135,168 | ---- | C] () -- C:\Windows\System32\TXTUSER.EXE
[2007.01.18 12:45:41 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.01.18 11:58:33 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2007.01.18 11:06:07 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2007.01.18 10:29:04 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.02 16:38:05 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:38:05 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,318,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.31 17:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.09.07 18:31:08 | 000,128,512 | ---- | C] () -- C:\Windows\chklogo6.exe
[2006.08.10 15:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006.04.20 07:34:24 | 000,193,584 | ---- | C] () -- C:\Windows\System32\CSGina.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\Windows\System32\RMDevice.dll
 
========== LOP Check ==========
 
[2010.09.01 20:40:41 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\GARMIN
[2012.01.03 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\JAM Software
[2011.10.07 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Phase6
[2008.10.03 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Snapfish
[2008.05.01 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\T-Online
[2007.06.21 17:15:40 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Template
[2010.08.20 11:06:36 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Thunderbird
[2012.01.05 00:08:44 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2007.06.21 15:43:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2007.01.20 13:07:46 | 000,000,000 | ---D | M] -- C:\30bf431c1c23393eaa
[2009.10.28 13:10:20 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.17 12:20:02 | 000,000,000 | ---D | M] -- C:\CIRCUS
[2006.11.02 13:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.06.21 15:39:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.06 11:58:53 | 000,000,000 | ---D | M] -- C:\Garmin
[2007.06.23 18:27:16 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.07.28 10:16:22 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.06 11:59:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2007.06.21 15:39:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.06.21 15:39:33 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.06 14:00:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.01 15:33:30 | 000,000,000 | ---D | M] -- C:\TEMP
[2010.05.29 18:10:56 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.06 12:01:39 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2006.11.02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008.01.19 06:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 18:58:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.15 18:58:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-03 16:00:12
 
<           >

< End of report >
         

Alt 07.01.2012, 00:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 07.01.2012, 11:43   #3
dieba
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Hallo Arne,
danke für die schnelle Antwort. Habe vollen MB Scan durchgeführt, hatte einen Fund (s.u.).
Wollte dann eset durchführen, bin aber mit folgendem Problem stecken geblieben: ESET wies auf 2 Störer hin (die ja ausgeschaltet werden sollen): Avira und Defender. Mir ist nicht klar, wie ich sie ausschalten soll: bei Defender finde ich keine Möglichkeit im Sicherheitscenter, genügt es unter den Defenderoptionen die automatische Überprüfung auszuschalten? Bei Avira hatte ich den Antivirguard deaktiviert, genügt das, weil mich ESET trotzdem auf Avira hingewiesen hat? und noch eine Frage: soll ich trotz beider Abschaltungen am Netz bleiben (notwendig wegen "online"-scan?). Anbei erst mal der neue MB-Scan (es gibt nur einen älteren vom 30.11., den ich im ersten posting schon im Anhang mitgeschickt hatte):

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
christa :: FREIZEIT [Administrator]

07.01.2012 09:03:40
mbam-log-2012-01-07 (09-03-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 288912
Laufzeit: 1 Stunde(n), 35 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\StartupRun\strun.exe (PUP.StartUpManager) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________

Alt 07.01.2012, 15:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Ja bei Avira einfach den Guard deaktivieren.
Windows-Defender: Aktivieren und Deaktivieren von Windows Defender
Findet man ganz leicht via Google
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.01.2012, 15:33   #5
dieba
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



danke!, mach ich gleich.
und am Netz bleiben oder nicht bei ESEt-Scan?


Alt 07.01.2012, 16:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Immer im Internet bleiben. Es steht nichts davon dass du offeline sein sollst
__________________
--> TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)

Alt 07.01.2012, 20:21   #7
dieba
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Hallo Arne,
hier jetzt das Ergebnis des ESET-Scans:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6266d81321a59146a8a86d684cc241d9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 06:32:18
# local_time=2012-01-07 07:32:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 130312821 130312821 0 0
# compatibility_mode=1797 16775165 100 100 619206 100845182 102964 0
# compatibility_mode=5892 16776574 100 100 4839 163481390 0 0
# compatibility_mode=8192 67108863 100 0 20823 20823 0 0
# scanned=186046
# found=2
# cleaned=0
# scan_time=12519
C:\Users\christa\Downloads\route_anzeigen.exe	a variant of Win32/Foxferi.A trojan (unable to clean)	00000000000000000000000000000000	I
E:\Christa\Users\christa\Downloads\route_anzeigen.exe	a variant of Win32/Foxferi.A trojan (unable to clean)	00000000000000000000000000000000	I
         

Alt 07.01.2012, 20:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Zitat:
C:\Users\christa\Downloads\route_anzeigen.exe
Wo hast du diese Datei her?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.01.2012, 21:18   #9
dieba
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Habe gerade nochmal meine Frau gefragt, sie hat (jedenfalls nicht bewusst) diese Datei nicht heruntergeladen. Ich installiere ihr gelegentlich etwas, entweder von CD oder auch aus dem Netz heruntergeladen, kann mich aber auch nicht an so ein Programm oder den Download erinnern. Das "/Downloads"-Verzeichnis ist als Standard-download Ort für firefox eingestellt; könnte es sein, dass meine Frau ungewollt auf etwas geklickt hat?

Gruß, dieba

Alt 07.01.2012, 21:41   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Lad die routen_anzeigen.exe bitte mal bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.01.2012, 21:52   #11
dieba
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



hochgeladen. Habe leider zu spät gesehen, dass ich Avira hätte ausschalten sollen.

Alt 07.01.2012, 21:58   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Müsste ein Schädling sein => VirusTotal - Free Online Virus, Malware and URL Scanner

Antivir erkennt den noch nicht. Mal sehen was ThreatExpert zu dem Teil sagt.


Antivirus results
AhnLab-V3 - 2012.01.07.00 - 2012.01.07 - -
AntiVir - 7.11.20.194 - 2012.01.06 - -
Antiy-AVL - 2.0.3.7 - 2012.01.07 - -
Avast - 6.0.1289.0 - 2012.01.07 - Win32:Dropper-JQD [Drp]
AVG - 10.0.0.1190 - 2012.01.07 - Generic25.VAV
BitDefender - 7.2 - 2012.01.07 - -
ByteHero - 1.0.0.1 - 2011.12.31 - -
CAT-QuickHeal - 12.00 - 2012.01.07 - -
ClamAV - 0.97.3.0 - 2012.01.07 - -
Commtouch - 5.3.2.6 - 2012.01.07 - -
Comodo - 11205 - 2012.01.07 - -
DrWeb - 5.0.2.03300 - 2012.01.07 - -
Emsisoft - 5.1.0.11 - 2012.01.07 - Trojan.Win32.Foxferi!IK
eSafe - 7.0.17.0 - 2012.01.03 - Win32.Artemis
eTrust-Vet - 37.0.9668 - 2012.01.06 - -
F-Prot - 4.6.5.141 - 2012.01.07 - -
F-Secure - 9.0.16440.0 - 2012.01.07 - -
Fortinet - 4.3.388.0 - 2012.01.07 - -
GData - 22 - 2012.01.07 - Win32:Dropper-JQD
Ikarus - T3.1.1.109.0 - 2012.01.07 - Trojan.Win32.Foxferi
Jiangmin - 13.0.900 - 2012.01.07 - -
K7AntiVirus - 9.123.5881 - 2012.01.06 - Riskware
Kaspersky - 9.0.0.837 - 2012.01.07 - -
McAfee - 5.400.0.1158 - 2012.01.07 - Artemis!75FDE14D0A38
McAfee-GW-Edition - 2010.1E - 2012.01.07 - Artemis!75FDE14D0A38
Microsoft - 1.7903 - 2012.01.07 - Trojan:Win32/Foxferi.A
NOD32 - 6775 - 2012.01.07 - a variant of Win32/Foxferi.A
Norman - 6.07.13 - 2012.01.07 - W32/Suspicious_Gen2.SQGJX
nProtect - 2012-01-07.01 - 2012.01.07 - -
Panda - 10.0.3.5 - 2012.01.07 - -
PCTools - 8.0.0.5 - 2012.01.07 - -
Prevx - 3.0 - 2012.01.07 - -
Rising - 23.91.04.02 - 2012.01.06 - -
Sophos - 4.73.0 - 2012.01.07 - -
SUPERAntiSpyware - 4.40.0.1006 - 2012.01.07 - -
Symantec - 20111.2.0.82 - 2012.01.07 - -
TheHacker - 6.7.0.1.373 - 2012.01.06 - -
TrendMicro - 9.500.0.1008 - 2012.01.07 - -
TrendMicro-HouseCall - 9.500.0.1008 - 2012.01.07 - -
VBA32 - 3.12.16.4 - 2012.01.06 - -
VIPRE - 11365 - 2012.01.07 - Trojan.Win32.Generic!BT
ViRobot - 2012.1.7.4869 - 2012.01.07 - -
VirusBuster - 14.1.155.0 - 2012.01.07 - Trojan.Foxferi!Jz10v/O+yNE
File info:
MD5: 75fde14d0a38d0f1b8cae7dd54c58ff7
SHA1: 95a74475fcfa2a1f53bbfab36cc308d6e0982783
SHA256: 6f4952b3426c559c78821c0a8a96955c9a63bf2076d0f912dcf4f26add85cb7f
File size: 263527 bytes
Scan date: 2012-01-07 20:48:18 (UTC)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.01.2012, 22:23   #13
dieba
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



?soll ich warten oder was unternehmen?

Gruß, dieba

Alt 07.01.2012, 23:28   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



Hier ist der Bericht von Threatexpert => ThreatExpert Report: Trojan.Win32.Foxferi

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2012, 02:22   #15
dieba
 
TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Standard

TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)



noch so spät aktiv? Toll!
OTL-Scan wie gewünscht:

Code:
ATTFilter
OTL logfile created on: 08.01.2012 01:53:10 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\christa\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,71 Mb Total Physical Memory | 387,73 Mb Available Physical Memory | 43,34% Memory free
3,84 Gb Paging File | 3,14 Gb Available in Paging File | 81,89% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,57 Gb Total Space | 50,54 Gb Free Space | 49,75% Space Free | Partition Type: NTFS
Drive E: | 465,73 Gb Total Space | 214,95 Gb Free Space | 46,15% Space Free | Partition Type: NTFS
 
Computer Name: FREIZEIT | User Name: christa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.06 13:50:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\christa\Desktop\OTL.exe
PRC - [2011.07.01 11:03:22 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 11:54:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.12.29 11:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.19 14:42:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\o2flash.exe
PRC - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.01.08 12:08:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.01 11:03:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 11:54:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.12 03:20:08 | 000,095,896 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.10.23 16:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Program Files\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006.10.19 14:42:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\o2flash.exe -- (O2Flash)
SRV - [2006.03.22 11:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.01 11:03:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 11:03:26 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.11.22 11:06:08 | 000,893,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.11.21 10:21:06 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.08.01 15:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2007.05.11 15:28:30 | 000,357,376 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2007.01.19 09:41:06 | 000,077,824 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGR1310_60.sys -- (AGR1310_60)
DRV - [2007.01.08 12:16:50 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.30 16:30:30 | 000,811,440 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006.11.20 15:14:08 | 000,038,400 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006.11.17 13:58:32 | 000,031,360 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.10.28 00:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.10.05 16:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006.09.21 14:22:42 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfbd.sys -- (tosrfbd)
DRV - [2006.07.10 15:17:48 | 000,016,896 | ---- | M] (WideView Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BDA_Loader_220A.sys -- (BDA_Loader_220A)
DRV - [2006.07.03 10:31:26 | 000,009,088 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2005.08.18 18:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.05.17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.juelich.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google Deutschland"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.juelich.de/stabue/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.3
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.98.20110322
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.04 12:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.03 18:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.13 20:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.08.20 11:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christa\AppData\Roaming\mozilla\Extensions
[2010.08.20 11:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christa\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.06 14:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions
[2010.05.24 10:07:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.14 19:23:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.11.12 18:02:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.03.26 20:52:04 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\christa\AppData\Roaming\mozilla\Firefox\Profiles\8p6t23gq.default\extensions\ietab@ip.cn
[2012.01.03 17:22:08 | 000,002,128 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\booklooker.xml
[2012.01.03 17:22:08 | 000,005,203 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\buchticket-autorensuche.xml
[2012.01.03 17:22:09 | 000,002,454 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\google-deutschland.xml
[2012.01.03 17:22:09 | 000,002,786 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\google-images.xml
[2012.01.03 17:22:09 | 000,002,007 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Mozilla\Firefox\Profiles\8p6t23gq.default\searchplugins\leo-en-de.xml
[2012.01.04 12:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\CHRISTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P6T23GQ.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
() (No name found) -- C:\USERS\CHRISTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P6T23GQ.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\USERS\CHRISTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8P6T23GQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.04 12:33:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.04 12:33:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.04 12:33:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.04 12:33:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.04 12:33:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.04 12:33:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.04 12:33:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\christa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011.11.10 11:20:39 | 000,000,000 | -H-D | M]
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C1F45C5-0DFA-4E69-87DD-49FAC983ED1C}: DhcpNameServer = 172.16.15.254 10.0.0.138 194.109.6.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F988EA9-9DF7-4BEE-B4D9-821228261E1C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63875ECE-B993-498D-8FA7-8E83293B6696}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2965EE1-3C04-423A-A5A1-A3197B0707FA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Programme\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 16777216
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase-6 Reminder.lnk - C:\Programme\phase-6\phase-6-basic\reminder\reminder.exe - (phase-6)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Sidebar - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled - 
ActiveX: ccc-core-static - msiexec /fums {AA696568-50B5-9FAA-60D7-9C333239C3A4} /qb
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.07 11:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.07 11:09:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\christa\Desktop\esetsmartinstaller_enu.exe
[2012.01.06 13:50:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\christa\Desktop\OTL.exe
[2012.01.04 21:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.01.04 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.01.04 18:10:51 | 000,000,000 | ---D | C] -- C:\Users\christa\!!Systemänderungen
[2012.01.04 17:29:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2012.01.03 20:13:49 | 000,000,000 | ---D | C] -- C:\Users\christa\AppData\Roaming\JAM Software
[2012.01.03 20:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2012.01.03 20:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2012.01.02 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012.01.01 15:33:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012.01.01 15:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.01.01 15:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2011.12.22 20:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011.12.17 12:20:50 | 000,000,000 | ---D | C] -- C:\Windows\ISP
[2011.12.17 12:20:36 | 000,000,000 | ---D | C] -- C:\Users\christa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Circus
[2011.12.17 12:19:57 | 000,000,000 | ---D | C] -- C:\CIRCUS
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.08 01:46:30 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.08 01:45:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.07 19:41:37 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 19:41:37 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 19:40:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.07 16:33:40 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2012.01.07 15:49:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\christa\Desktop\esetsmartinstaller_enu.exe
[2012.01.07 11:16:42 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.07 11:16:42 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.07 11:16:42 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.07 11:16:42 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.07 10:55:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.07 08:44:07 | 000,310,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.06 17:19:47 | 000,014,215 | ---- | M] () -- C:\Users\christa\Desktop\Logfiles.zip
[2012.01.06 14:22:34 | 000,302,592 | ---- | M] () -- C:\Users\christa\Desktop\3c5dcupk.exe
[2012.01.06 13:50:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\christa\Desktop\OTL.exe
[2012.01.06 13:46:21 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.06 12:22:44 | 000,000,000 | ---- | M] () -- C:\Users\christa\defogger_reenable
[2012.01.06 12:19:14 | 000,050,477 | ---- | M] () -- C:\Users\christa\Desktop\Defogger.exe
[2012.01.06 12:01:06 | 000,002,527 | ---- | M] () -- C:\Users\christa\Desktop\HiJackThis.lnk
[2012.01.06 11:28:34 | 000,006,144 | ---- | M] () -- C:\Users\christa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.04 21:33:56 | 000,001,017 | ---- | M] () -- C:\Users\christa\Desktop\procexp.lnk
[2011.12.25 16:16:27 | 000,000,085 | ---- | M] () -- C:\Windows\QTW.INI
[2011.12.19 14:57:21 | 000,112,579 | ---- | M] () -- C:\Users\christa\Desktop\Jahresrundbrief 2011_std.pdf
[2011.12.17 12:20:50 | 000,000,120 | ---- | M] () -- C:\Windows\isp.ini
[2011.12.11 19:02:25 | 002,861,852 | ---- | M] () -- C:\Users\christa\Desktop\England2011.pdf
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.10 01:33:58 | 011,296,768 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Sandra.mdb
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.06 17:17:57 | 000,014,215 | ---- | C] () -- C:\Users\christa\Desktop\Logfiles.zip
[2012.01.06 14:22:30 | 000,302,592 | ---- | C] () -- C:\Users\christa\Desktop\3c5dcupk.exe
[2012.01.06 13:46:21 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.06 12:22:44 | 000,000,000 | ---- | C] () -- C:\Users\christa\defogger_reenable
[2012.01.06 12:19:08 | 000,050,477 | ---- | C] () -- C:\Users\christa\Desktop\Defogger.exe
[2012.01.04 21:33:56 | 000,001,017 | ---- | C] () -- C:\Users\christa\Desktop\procexp.lnk
[2012.01.02 21:41:30 | 000,001,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012.01.01 15:52:54 | 011,296,768 | ---- | C] () -- C:\Users\christa\AppData\Roaming\Sandra.mdb
[2011.12.19 14:57:18 | 000,112,579 | ---- | C] () -- C:\Users\christa\Desktop\Jahresrundbrief 2011_std.pdf
[2011.12.17 15:59:51 | 000,000,085 | ---- | C] () -- C:\Windows\QTW.INI
[2011.12.17 12:20:50 | 000,000,120 | ---- | C] () -- C:\Windows\isp.ini
[2011.12.17 12:19:59 | 000,003,888 | ---- | C] () -- C:\Windows\System\MCIQTENU.DLL
[2011.12.11 19:02:25 | 002,861,852 | ---- | C] () -- C:\Users\christa\Desktop\England2011.pdf
[2011.06.14 08:21:40 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.09.06 21:53:39 | 000,017,408 | ---- | C] () -- C:\Users\christa\AppData\Local\WebpageIcons.db
[2010.08.06 17:40:38 | 000,000,680 | ---- | C] () -- C:\Users\christa\AppData\Local\d3d9caps.dat
[2010.06.07 18:33:15 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.09.25 16:06:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.25 16:06:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.08.02 11:33:53 | 000,001,796 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.11.02 17:09:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.05.26 22:57:48 | 000,000,600 | ---- | C] () -- C:\Users\christa\AppData\Local\PUTTY.RND
[2007.11.21 10:21:03 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2007.11.21 10:21:03 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2007.11.21 10:21:03 | 000,110,592 | ---- | C] () -- C:\Windows\System32\AegisI5.exe
[2007.09.09 01:10:22 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.24 11:37:46 | 000,006,144 | ---- | C] () -- C:\Users\christa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.23 18:34:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.06.21 17:15:03 | 000,000,000 | ---- | C] () -- C:\Users\christa\AppData\Roaming\wklnhst.dat
[2007.02.09 14:40:18 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.02.09 14:40:17 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.01.20 14:35:19 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.01.18 13:47:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2007.01.18 13:47:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2007.01.18 13:47:20 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll
[2007.01.18 13:02:43 | 000,135,168 | ---- | C] () -- C:\Windows\System32\TXTUSER.EXE
[2007.01.18 12:45:41 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.01.18 11:58:33 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2007.01.18 11:06:07 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2007.01.18 10:29:04 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.02 16:38:05 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:38:05 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,310,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.31 17:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.09.07 18:31:08 | 000,128,512 | ---- | C] () -- C:\Windows\chklogo6.exe
[2006.08.10 15:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006.04.20 07:34:24 | 000,193,584 | ---- | C] () -- C:\Windows\System32\CSGina.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\Windows\System32\RMDevice.dll
 
========== LOP Check ==========
 
[2010.09.01 20:40:41 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\GARMIN
[2012.01.03 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\JAM Software
[2011.10.07 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Phase6
[2008.10.03 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Snapfish
[2008.05.01 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\T-Online
[2007.06.21 17:15:40 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Template
[2010.08.20 11:06:36 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Thunderbird
[2012.01.07 10:55:33 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.07 18:57:32 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Adobe
[2009.06.09 16:30:59 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Ahead
[2007.06.21 15:44:20 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\ATI
[2010.12.16 17:57:50 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Avira
[2007.08.20 21:57:38 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Corel
[2007.06.21 16:55:53 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Corel Photo Album
[2008.05.17 18:52:33 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\CyberLink
[2010.09.01 20:40:41 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\GARMIN
[2008.12.21 15:07:04 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Google
[2007.06.21 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Identities
[2009.06.18 21:49:28 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\InstallShield
[2012.01.03 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\JAM Software
[2007.08.19 21:02:41 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Macromedia
[2011.11.30 00:06:40 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Malwarebytes
[2011.12.22 20:55:11 | 000,000,000 | --SD | M] -- C:\Users\christa\AppData\Roaming\Microsoft
[2009.09.06 22:11:54 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\mIRC
[2011.10.07 17:08:59 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Mozilla
[2011.10.07 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Phase6
[2011.06.18 23:31:31 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Skype
[2011.06.18 23:06:57 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\skypePM
[2008.05.26 23:15:05 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\SmartFTP
[2008.10.03 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Snapfish
[2008.05.01 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\T-Online
[2007.06.21 17:15:40 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Template
[2010.08.20 11:06:36 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Thunderbird
[2011.11.20 17:08:17 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\vlc
[2007.06.23 20:06:29 | 000,000,000 | ---D | M] -- C:\Users\christa\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2010.02.01 02:45:40 | 000,038,784 | ---- | M] () -- C:\Users\christa\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007.06.23 22:17:51 | 000,026,694 | R--- | M] () -- C:\Users\christa\AppData\Roaming\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
[2007.06.23 22:17:51 | 000,026,694 | R--- | M] () -- C:\Users\christa\AppData\Roaming\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
[2007.06.23 22:17:51 | 000,026,694 | R--- | M] () -- C:\Users\christa\AppData\Roaming\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
[2007.06.23 22:17:51 | 000,026,694 | R--- | M] () -- C:\Users\christa\AppData\Roaming\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
[2010.06.07 18:12:26 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\christa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.15 16:31:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008.01.15 16:31:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.15 16:31:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.06.24 10:28:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.06.24 10:28:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         

Antwort

Themen zu TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)
0x00000001, adobe, antivir, autorun, avira, bho, booten, defender, excel, excel.exe, explorer, firefox, format, google earth, herunterfahren, hijack, home, hängen, infizierte, infizierte dateien, kein log, logfile, mozilla thunderbird, msiexec, programm, programme, realtek, registry, required, rundll, safer networking, software, vista, winlogon.exe



Ähnliche Themen: TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)


  1. Trojan.Agent und Backdoor.Agent eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (18)
  2. Trojanerproblem : Backdoor.Agent und Trojaner.Agent
    Log-Analyse und Auswertung - 06.06.2013 (8)
  3. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  4. Backdoor.Agent.TRJ
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (19)
  5. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  6. Backdoor. Agent appconf32.exe
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (15)
  7. Backdoor.Agent
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (16)
  8. 95.com und Backdoor.Agent
    Log-Analyse und Auswertung - 09.01.2012 (3)
  9. Backdoor Agent b
    Log-Analyse und Auswertung - 17.01.2008 (5)
  10. Backdoor.Win32.Agent.iw
    Plagegeister aller Art und deren Bekämpfung - 09.11.2006 (3)
  11. Backdoor BDS/Agent.AY
    Plagegeister aller Art und deren Bekämpfung - 28.12.2005 (14)
  12. backdoor agent
    Log-Analyse und Auswertung - 14.10.2005 (45)
  13. Backdoor.Agent.bg
    Log-Analyse und Auswertung - 13.07.2005 (2)
  14. Backdoor.Agent
    Plagegeister aller Art und deren Bekämpfung - 23.08.2004 (1)
  15. Backdoor.Agent.B
    Plagegeister aller Art und deren Bekämpfung - 21.08.2004 (1)
  16. backdoor.agent.b
    Plagegeister aller Art und deren Bekämpfung - 08.08.2004 (8)
  17. Backdoor.agent.b
    Plagegeister aller Art und deren Bekämpfung - 28.07.2004 (1)

Zum Thema TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) - Hallo, es geht um den Laptop meiner Frau, ein Targa Traveller 1720 ML42 mit Vista Home Basic. In den letzten Monaten wurde das Arbeiten manchmal sehr mühsam, da zeitweise permanenter - TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot)...
Archiv
Du betrachtest: TR/Agent.1042480 und setupdralex.exe (Backdoor.Bot) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.