Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)

kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)


Plagegeister aller Art und deren Bekämpfung: kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.04.2012, 16:35   #1
blauer_alex
 
kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben) - Standard

kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)


Irgendwie hat er mir nur die OTL.txt ausgespuckt...


Code:
ATTFilter
OTL logfile created on: 11.04.2012 16:49:17 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 63,89% Memory free
8,80 Gb Paging File | 7,57 Gb Available in Paging File | 86,01% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,81 Gb Total Space | 175,62 Gb Free Space | 69,47% Space Free | Partition Type: NTFS
Drive D: | 30,33 Gb Total Space | 26,29 Gb Free Space | 86,70% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 406,76 Gb Free Space | 43,67% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Programme\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe (UPEK Inc.)
PRC - C:\Programme\Lenovo\LenovoSecuritySolution FP\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Lenovo\LenovoSecuritySolution FP\psqltray.exe (UPEK Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
PRC - C:\Programme\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
PRC - C:\Programme\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UpekSrvc) -- C:\Programme\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe (UPEK Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (Bluetooth OBEX Service) -- C:\Programme\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV - (Bluetooth Device Manager) -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV - (Bluetooth Media Service) -- C:\Programme\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found
DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (BTMUSB) -- C:\Windows\System32\drivers\btmusb.sys (Motorola, Inc.)
DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {B26DD33C-0015-4CDE-BD1E-8BE3368B34F0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms}
IE - HKCU\..\SearchScopes\{B26DD33C-0015-4CDE-BD1E-8BE3368B34F0}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/?ref=hp"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.http: "199.195.109.21"
FF - prefs.js..network.proxy.http_port: 9090
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.14 16:31:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.07 22:29:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5025 [2011.09.11 04:29:55 | 000,000,000 | ---D | M]
 
[2010.09.28 02:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.04.02 02:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ohh0ccb1.default\extensions
[2011.06.19 19:00:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ohh0ccb1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.03 03:35:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ohh0ccb1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.02 17:23:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ohh0ccb1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.29 02:20:39 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ohh0ccb1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.02.24 19:04:54 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ohh0ccb1.default\searchplugins\11-suche.xml
[2012.02.24 19:04:53 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ohh0ccb1.default\searchplugins\englische-ergebnisse.xml
[2012.02.24 19:04:54 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ohh0ccb1.default\searchplugins\gmx-suche.xml
[2012.03.28 15:38:02 | 000,001,048 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ohh0ccb1.default\searchplugins\icqplugin.xml
[2012.02.24 19:04:54 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ohh0ccb1.default\searchplugins\lastminute.xml
[2012.02.24 19:04:53 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ohh0ccb1.default\searchplugins\webde-suche.xml
[2012.02.01 15:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OHH0CCB1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OHH0CCB1.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OHH0CCB1.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.03.14 16:31:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.01.02 15:10:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.02 15:10:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.02 15:10:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 15:10:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 15:10:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 15:10:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.06 05:05:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IndicatorListener] C:\Program Files\Motorola\Bluetooth\mkil.dll (Motorola, Inc.)
O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Lenovo\LenovoSecuritySolution FP\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF9D236-A1D2-426D-9AB6-7E95DCBAC6B4}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7010AAE3-7CBB-46A4-8500-130D143CA629}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89FFD387-559B-46F8-BDE7-5656CFE00E67}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll) - C:\Programme\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe - (Panasonic Corporation)
MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.07 19:35:51 | 004,453,848 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.04.07 19:24:26 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.04.07 17:33:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.scr
[2012.04.06 05:11:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2012.04.06 05:10:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.04.06 02:12:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.04.03 21:12:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012.04.03 21:12:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012.04.03 21:12:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.04.03 21:04:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.03 11:21:08 | 000,000,000 | ---D | C] -- C:\FRST
[2012.04.02 18:43:28 | 000,000,000 | ---D | C] -- C:\TDSS
[2012.04.02 18:25:44 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.02 17:48:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.04.02 17:43:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.04.02 13:32:51 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012.03.28 01:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.28 01:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.28 01:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.28 00:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.03.28 00:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.03.28 00:52:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.03.26 03:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV-Guide
[2012.03.26 03:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\iSaver
[2012.03.26 03:18:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ScreeNet iSaver
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.11 16:25:01 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.11 16:13:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.04.10 21:29:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.10 20:25:00 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.10 03:13:47 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.10 03:13:47 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.10 03:11:46 | 000,703,208 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.04.10 03:11:46 | 000,665,050 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.04.10 03:11:46 | 000,148,762 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.04.10 03:11:46 | 000,125,144 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.04.10 03:05:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.04.10 03:05:53 | 2361,569,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.10 02:12:49 | 000,000,029 | ---- | M] () -- C:\Users\***\AppData\Roaming\default.rss
[2012.04.10 01:49:50 | 000,001,197 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2012.04.10 01:42:59 | 004,453,848 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.04.10 01:31:54 | 000,337,137 | ---- | M] () -- C:\Users\***\Desktop\FSS.exe
[2012.04.07 17:32:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.scr
[2012.04.06 05:05:20 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012.04.03 20:07:46 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\nfpzi1dy.exe
[2012.04.02 18:16:00 | 000,080,384 | ---- | M] () -- C:\Users\***\Desktop\MBRCheck.exe
[2012.04.02 18:07:44 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.02 17:39:04 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.04.02 17:38:32 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.03.26 06:56:42 | 001,152,080 | ---- | M] () -- C:\Program Files\VirtualDJ Local Database v6.xml
[2012.03.26 03:20:44 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\TV-Guide starten.lnk
[2012.03.24 06:19:13 | 001,138,173 | ---- | M] () -- C:\Program Files\VirtualDJ Database v6.xml
[2012.03.21 16:00:15 | 000,016,629 | ---- | M] () -- C:\Users\***\Desktop\Kündigung.odt
[2012.03.19 21:06:29 | 000,023,319 | ---- | M] () -- C:\Users\***\Desktop\Programmliste.ods
[2012.03.15 15:19:24 | 003,805,600 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.04.11 15:29:40 | 001,152,080 | ---- | C] () -- C:\Program Files\VirtualDJ Local Database v6.xml
[2012.04.11 15:29:40 | 001,138,173 | ---- | C] () -- C:\Program Files\VirtualDJ Database v6.xml
[2012.04.10 01:49:50 | 000,001,197 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2012.04.10 01:35:58 | 000,337,137 | ---- | C] () -- C:\Users\***\Desktop\FSS.exe
[2012.04.03 21:12:57 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.04.03 21:12:57 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.04.03 21:12:57 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.04.03 21:12:57 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.04.03 21:12:57 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.04.03 20:09:38 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\nfpzi1dy.exe
[2012.04.03 20:09:38 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.04.02 18:25:44 | 000,080,384 | ---- | C] () -- C:\Users\***\Desktop\MBRCheck.exe
[2012.04.02 18:07:44 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.02 02:54:07 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.03.28 00:53:00 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.26 03:20:44 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\TV-Guide starten.lnk
[2012.03.21 15:28:50 | 000,016,629 | ---- | C] () -- C:\Users\***\Desktop\Kündigung.odt
[2012.03.19 19:24:53 | 000,023,319 | ---- | C] () -- C:\Users\***\Desktop\Programmliste.ods
[2011.12.15 04:12:19 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2011.09.29 20:38:31 | 000,008,704 | ---- | C] () -- C:\windows\System32\CNMVS75.DLL
[2011.09.11 03:10:58 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2011.09.11 03:10:57 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2011.09.11 03:10:57 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2011.09.11 03:10:57 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2011.09.11 03:10:57 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2011.09.11 03:10:57 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2011.09.11 03:10:57 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2011.09.11 03:10:57 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2011.09.11 03:10:57 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2011.09.11 03:10:57 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2011.09.11 03:10:57 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2011.09.11 03:10:57 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2011.09.11 03:10:57 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2011.09.11 03:10:57 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2011.09.11 03:10:57 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2011.09.11 03:10:57 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2011.09.11 03:10:57 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2011.09.11 03:10:57 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2011.09.11 03:10:57 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2011.07.25 19:17:43 | 000,003,654 | ---- | C] () -- C:\windows\System32\drivers\Sonyhcp.dll
[2011.05.10 21:33:45 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.09 04:16:35 | 000,000,083 | ---- | C] () -- C:\windows\wwp.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011.02.22 22:31:47 | 000,000,029 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.rss
[2011.02.22 22:31:47 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\downloads.m3u
[2010.12.13 21:33:07 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2010.12.13 21:33:07 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2010.11.15 20:47:35 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini
[2010.11.03 01:11:56 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2010.09.28 02:37:38 | 000,000,765 | ---- | C] () -- C:\ProgramData\profile.xml
[2010.06.30 06:09:28 | 000,703,208 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010.06.30 06:09:28 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010.06.30 06:09:28 | 000,148,762 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010.06.30 06:09:28 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010.06.29 23:04:08 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2010.06.29 22:55:51 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2010.06.29 22:55:43 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010.06.29 22:55:43 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010.06.29 22:55:43 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010.06.29 22:55:42 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010.06.29 22:55:42 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010.06.29 22:55:31 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010.06.29 22:36:34 | 000,272,896 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010.06.29 22:36:33 | 001,759,744 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010.06.29 22:36:33 | 000,196,608 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2010.06.29 22:36:33 | 000,028,544 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010.06.29 22:36:33 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
 
========== LOP Check ==========
 
[2011.05.27 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports
[2011.09.11 04:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5025
[2011.12.13 02:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCON Installer
[2011.06.27 16:57:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.08.30 22:24:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.10.18 01:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.10.23 14:44:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Das Fussball Studio
[2011.02.28 19:43:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2011.03.11 03:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dev-Cpp
[2011.11.03 03:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.03 03:35:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.28 19:48:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeMoviesToDVD
[2011.06.27 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.02.23 01:09:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.09.11 04:29:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2010.10.18 01:34:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.08.23 03:49:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS
[2010.09.27 04:33:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.12.13 21:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.05.11 17:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2010.09.26 00:14:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite
[2011.08.29 20:21:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2010.12.13 21:32:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.04.02 17:23:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver
[2011.10.28 04:45:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2011.09.11 04:42:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2011.05.09 03:53:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows SideBar
[2011.09.11 04:43:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2012.03.28 15:34:29 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.04.06 05:10:45 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.04.10 16:19:18 | 000,000,000 | --SD | M] -- C:\32788R22FWJFW
[2012.03.02 05:38:23 | 000,000,000 | ---D | M] -- C:\Alles
[2012.04.06 05:11:45 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012.03.28 01:03:58 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.09.26 00:12:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.25 19:17:42 | 000,000,000 | ---D | M] -- C:\Drivers
[2012.04.03 11:22:10 | 000,000,000 | ---D | M] -- C:\FRST
[2010.06.29 22:27:04 | 000,000,000 | ---D | M] -- C:\Intel
[2010.06.29 22:40:57 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.04.11 15:30:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.30 22:17:42 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.09.26 00:12:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.06.25 00:23:40 | 000,000,000 | ---D | M] -- C:\Programs
[2012.04.06 05:11:45 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.09.26 00:12:22 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.04.11 16:59:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.04.02 18:43:46 | 000,000,000 | ---D | M] -- C:\TDSS
[2012.04.02 17:54:13 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011.09.13 16:58:00 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.10 16:20:39 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010.06.30 06:12:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010.06.30 06:12:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-21 00:43:24
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\***\AppData\Roaming\default.rss:OECustomProperty

< End of report >

Alt 12.04.2012, 07:00   #2
Psychotic
/// Malwareteam
 
kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben) - Standard

kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)


Zitat:
FF - prefs.js..network.proxy.http: "199.195.109.21"
FF - prefs.js..network.proxy.http_port: 9090
Hast DU diesen Proxy in Firefox eingerichtet?
__________________

__________________
Alt 12.04.2012, 15:36   #3
blauer_alex
 
kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben) - Standard

kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)


Nicht dass ich wüsste. Bzw weiss ich nicht mal, wie sowas eigentlich geht? ^^
__________________
Alt 13.04.2012, 08:20   #4
Psychotic
/// Malwareteam
 
kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben) - Standard

kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)


Schritt 1: Fix mit OTL


Durch *** entfremdete Werte müssen vor dem Fix in ihren Ursprungszustand versetzt werden!
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook:  - No CLSID value found
FF - prefs.js..network.proxy.http: "199.195.109.21"
FF - prefs.js..network.proxy.http_port: 9090
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
[2011.06.09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
@Alternate Data Stream - 143 bytes -> C:\Users\***\AppData\Roaming\default.rss:OECustomProperty
:FILES
C:\Users\***\AppData\Roaming\5025
C:\Users\***\AppData\Roaming\kock
C:\Users\***\AppData\Roaming\UAs
C:\Users\***\AppData\Roaming\xmldm
:COMMANDS
[EMPTYTEMP]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)
anderen, anhang, aufgegeben, befall, diverse, entfernt, gelöst, internet, kabel, kein internet, kein internetzugang, komplett, laptop, logfile, logfiles, lösung, meldungen, nichts, problem, programme, router, schädlinge, seite, seiten, sirefef, tan, trojaner, verbindung, virus, wlan, wlan., zugang


« TR/Agent.1768617.1 in der Autorun.exe | SMART HDD - Entfernen - Wie gehts genau? »


Ähnliche Themen: kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)


  1. kein Internetzugang mehr nach Virenscan
    Log-Analyse und Auswertung - 05.05.2015 (5)
  2. Kein Internetzugang
    Netzwerk und Hardware - 16.12.2014 (1)
  3. Provider sperrt Internetzugang nach Spamversand (Befall unter Win7 Home Prem x64?)
    Plagegeister aller Art und deren Bekämpfung - 04.07.2014 (15)
  4. Infizierter Rechner lässt nach Virenscan kein Internetzugang zu
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (56)
  5. Nach Virenscan mit Malwarebytes kein Internetzugang möglich
    Alles rund um Windows - 04.04.2014 (5)
  6. Nach Deinstallation der Firewall kein Internetzugang mehr!
    Antiviren-, Firewall- und andere Schutzprogramme - 03.09.2013 (21)
  7. Win64/Sirefef.M eingefangen vermutlich System bereits befallen
    Log-Analyse und Auswertung - 04.09.2012 (3)
  8. GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (23)
  9. System noch sicher nach Befall durch sirefef?
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (2)
  10. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  11. Virenfund Trojan.Generic.7552386 und Trojan.Sirefef.FY nach GVU-Befall
    Log-Analyse und Auswertung - 03.08.2012 (15)
  12. Kein Internetzugang nach runterladen von Avast
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (7)
  13. Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop
    Plagegeister aller Art und deren Bekämpfung - 12.04.2011 (29)
  14. Nach Installation von Avira Antivirus kein Internetzugang mehr !
    Plagegeister aller Art und deren Bekämpfung - 18.04.2009 (4)
  15. Nach Anti-Vir-Update kein Internetzugang mehr & Rechner fährt nicht runter
    Antiviren-, Firewall- und andere Schutzprogramme - 03.02.2006 (6)
  16. Kein Internetzugang mehr nach Entfernung von MSLAUGH - was nun ?
    Plagegeister aller Art und deren Bekämpfung - 24.03.2005 (1)
  17. Kein Internetzugang!!!
    Plagegeister aller Art und deren Bekämpfung - 09.02.2005 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben) - Irgendwie hat er mir nur die OTL.txt ausgespuckt... Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 11.04.2012 16:49:17 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = - kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)...
Archiv
Du betrachtest: kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131