| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein Internet Explorer öffnet einfach Seiten mit Werbungen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.05.2010, 21:15
| #1 |
 |  Mein Internet Explorer öffnet einfach Seiten mit Werbungen. Hallo, und schonmal ein herzliches DANKESCHÖN an alle die mir versuchen zu helfen. Ich habe mir scheinbar auch einen Virus draufgeladen, welcher meinen Internet Explorer, den ich sonst nie benutze, einfach mal öffnet und irgendwelche Werbungseiten aufruft. Habe schon Antivir laufen lassen, doch das erkennt nur Trojaner und Malware welche ich schon alle in Quarantäne geschoben habe. Hilft alles nichts. Da das Problem schon öfter aufgetreten zu sein scheint, hoffe ich das mir schnell geholfen werden kann. Lg Jonas Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:04:10, on 04.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Users\MIETSC~1\AppData\Local\Temp\Gcw.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Virtual CD v9\System\VC9Play.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\RocketDock\RocketDock.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Pro\DTAgent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\conime.exe C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Users\MIETSC~1\AppData\Local\Temp\Gcx.exe C:\Program Files\Opera\opera.exe c:\Users\mietschies\Documents\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: P2P Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Program Files\P2P_Max_DE\tbP2P0.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: 778670 helper - {1B12F639-CBA9-45DD-89FE-9FA7D4340716} - (no file) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: QXK Olive - {7E1C93A1-907F-4F3F-955A-5B46BA08457D} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: P2P Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Program Files\P2P_Max_DE\tbP2P0.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file) O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: qndsfmao - {8925A538-F508-4A3E-8AF9-6C39E2D3AE7B} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: P2P Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Program Files\P2P_Max_DE\tbP2P0.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\MIETSC~1\AppData\Local\Temp\sshnas21.dll,BackupReadW O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\MIETSC~1\AppData\Local\Temp\Gcx.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: phase-6 Reminder.lnk = C:\Program Files\phase-6\phase-6\reminder\reminder.exe O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O21 - SSODL: kvxqmtre - {EE0B1EFB-E977-42C2-BC92-49D3E494FB39} - (no file) O21 - SSODL: evgratsm - {DE376580-867B-4F5A-A473-B69F3A8F4A48} - (no file) O21 - SSODL: StdDrv - {18b567c4-69cf-446e-9940-2ac63f750905} - (no file) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing) O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c988f78e8c0b34) (gupdate1c988f78e8c0b34) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\VC9SecS.exe -- End of file - 14315 bytes |
|
05.05.2010, 11:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mein Internet Explorer öffnet einfach Seiten mit Werbungen. Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
05.05.2010, 17:44
| #3 |
| | Mein Internet Explorer öffnet einfach Seiten mit Werbungen. So, erstmal danke für die absolut schnelle antwort
__________________ habe beide Scans durchgeführt mit folgenden Ergebnissen Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
05.05.2010 18:11:26
mbam-log-2010-05-05 (18-11-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 429962
Laufzeit: 2 Stunde(n), 39 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 25
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 11
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\f406.f406mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\f406.f406mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1b12f639-cba9-45dd-89fe-9fa7d4340716} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1b12f639-cba9-45dd-89fe-9fa7d4340716} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b12f639-cba9-45dd-89fe-9fa7d4340716} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bwkt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e1c93a1-907f-4f3f-955a-5b46ba08457d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7e1c93a1-907f-4f3f-955a-5b46ba08457d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\System32\778670 (Trojan.BHO) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Program Files\Cheat Engine\Systemcallretriever.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\mietschies\AppData\Local\Temp\gmfrxpgv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\mietschies\AppData\Local\Temp\rknfl.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\mietschies\AppData\Roaming\0979169DDB67BF102637976E655C6EB9\gotnewupdate.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\mietschies\Downloads\2.4.0-2.4.1 WoW Patch.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\System32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 05.05.2010 18:21:53 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\mietschies\Documents Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 34,14 Gb Free Space | 11,25% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 89,49 Gb Free Space | 59,39% Space Free | Partition Type: NTFS Drive E: | 6,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GUILD-KILLER Current User Name: mietschies Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\mietschies\Documents\OTL.exe (OldTimer Tools) PRC - C:\Users\mietschies\AppData\Local\Temp\Gcx.exe () PRC - C:\Programme\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\RocketDock\RocketDock.exe () PRC - C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe () PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\Virtual CD v9\System\VC9Play.exe (H+H Software GmbH) PRC - C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) PRC - C:\Programme\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDClock.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Programme\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\mietschies\Documents\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FirebirdServerMAGIXInstance) -- File not found SRV - (comHost) -- File not found SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (appdrvrem01) Application Driver Auto Removal Service (01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe () SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation) SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (appdrv01) Application Driver (01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (vdrv9000) -- C:\Windows\System32\drivers\vdrv9000.sys (H+H Software GmbH) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH) DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron ) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.11.27 22:37:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 18:22:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 18:22:46 | 000,000,000 | ---D | M] [2008.11.27 22:42:23 | 000,000,000 | ---D | M] -- C:\Users\mietschies\AppData\Roaming\Mozilla\Extensions [2010.05.03 21:06:46 | 000,000,000 | ---D | M] -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions [2009.11.17 12:38:29 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.12.24 20:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.03.14 20:48:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.05.01 15:22:35 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.03.14 20:48:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.04.06 17:45:21 | 000,000,000 | ---D | M] (P2P Max DE Toolbar) -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{e0007d18-baa4-4573-ae78-8bea0958c610} [2008.09.28 20:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.04.21 18:57:32 | 000,000,000 | ---D | M] -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\DTToolbar@toolbarnet.com [2010.01.30 22:26:07 | 000,000,000 | ---D | M] -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\firefox@tvunetworks.com [2009.05.08 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\moveplayer@movenetworks.com [2010.03.14 20:48:06 | 000,000,000 | ---D | M] -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\staged-xpis [2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\conduit.xml [2010.04.21 18:57:21 | 000,002,059 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\daemon-search.xml [2010.04.29 11:57:24 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-1.xml [2008.11.27 22:42:42 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-10.xml [2008.11.30 16:57:10 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-11.xml [2008.12.20 11:19:41 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-12.xml [2009.02.06 17:46:30 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-13.xml [2009.03.07 14:25:30 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-14.xml [2009.04.04 19:59:51 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-15.xml [2009.04.07 13:28:25 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-16.xml [2009.04.24 12:48:32 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-17.xml [2009.04.28 19:46:00 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-18.xml [2009.06.12 11:38:39 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-19.xml [2007.12.31 09:59:02 | 000,000,949 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-2.xml [2009.07.23 13:23:35 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-20.xml [2009.08.05 08:21:24 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-21.xml [2009.09.12 16:21:58 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-22.xml [2009.10.29 10:13:19 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-23.xml [2009.12.16 23:11:09 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-24.xml [2010.01.08 15:34:48 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-25.xml [2010.02.19 17:18:32 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-26.xml [2010.03.24 12:38:39 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-27.xml [2010.04.02 18:23:07 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-28.xml [2010.04.21 18:57:46 | 000,000,950 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-29.xml [2008.02.08 20:26:39 | 000,000,949 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-3.xml [2008.03.27 17:21:54 | 000,000,949 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-4.xml [2008.04.19 14:41:26 | 000,000,949 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-5.xml [2008.07.02 10:04:41 | 000,000,949 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-6.xml [2008.07.16 20:07:34 | 000,000,949 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-7.xml [2008.10.24 17:42:19 | 000,000,949 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-8.xml [2008.11.14 22:35:56 | 000,000,949 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin-9.xml [2009.06.07 14:21:06 | 000,000,944 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\icqplugin.xml [2009.06.12 11:37:47 | 000,001,196 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\searchplugins\winamp-search.xml [2010.04.21 18:57:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.06.11 09:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2007.12.24 23:49:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com [2008.10.07 16:41:55 | 000,024,683 | ---- | M] (Ask.com) -- C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll [2008.07.08 23:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Programme\Mozilla Firefox\plugins\npbyond.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found. O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (P2P Max DE Toolbar) - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P0.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - {8925A538-F508-4A3E-8AF9-6C39E2D3AE7B} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - No CLSID value found. O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (P2P Max DE Toolbar) - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (P2P Max DE Toolbar) - {E0007D18-BAA4-4573-AE78-8BEA0958C610} - C:\Programme\P2P_Max_DE\tbP2P0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [VC9Player] C:\Programme\Virtual CD v9\System\VC9Play.exe (H+H Software GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\mietschies\AppData\Local\Temp\Gcx.exe () O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: StdDrv - {18b567c4-69cf-446e-9940-2ac63f750905} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\mietschies\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\mietschies\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {9DE6E729-3CBD-42A2-AE52-C99609B230D4} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (C:\Windows\system32\mlJDusqp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.07.23 22:32:11 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ] O32 - AutoRun File - [2008.02.01 09:49:57 | 000,862,208 | ---- | M] () - D:\autorun.dat -- [ NTFS ] O32 - AutoRun File - [2008.02.01 09:49:52 | 000,402,696 | ---- | M] (Electronic Arts) - D:\AutoRun.exe -- [ NTFS ] O32 - AutoRun File - [2008.02.01 09:49:46 | 000,000,160 | ---- | M] () - D:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{077e7491-d6ec-11dc-87e3-00192145a9e0}\Shell - "" = AutoRun O33 - MountPoints2\{077e7491-d6ec-11dc-87e3-00192145a9e0}\Shell\AutoRun\command - "" = L:\noautorun.exe -- File not found O33 - MountPoints2\{ddc56561-ad00-11de-bd5e-00192145a9e0}\Shell\AutoRun\command - "" = ysep1.exe O33 - MountPoints2\{ddc56561-ad00-11de-bd5e-00192145a9e0}\Shell\open\Command - "" = ysep1.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.05 18:20:03 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\mietschies\Documents\OTL.exe [2010.05.05 13:19:02 | 000,000,000 | ---D | C] -- C:\Users\mietschies\AppData\Roaming\Malwarebytes [2010.05.05 13:18:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.05 13:18:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.05 13:18:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.05 13:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.05 13:18:16 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\mietschies\Documents\mbam-setup.exe [2010.05.04 22:01:58 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\mietschies\Documents\HiJackThis.exe [2010.05.04 20:53:34 | 000,000,000 | ---D | C] -- C:\VundoFix Backups [2010.05.04 20:53:16 | 000,119,808 | ---- | C] (Atribune.org) -- C:\Users\mietschies\Documents\VundoFix.exe [2010.05.01 15:45:50 | 000,000,000 | ---D | C] -- C:\Users\mietschies\AppData\Roaming\0979169DDB67BF102637976E655C6EB9 [2010.05.01 15:22:54 | 000,000,000 | ---D | C] -- C:\Users\mietschies\AppData\Local\TVU Networks [2010.05.01 15:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks [2010.05.01 15:22:40 | 000,000,000 | ---D | C] -- C:\Programme\TVUPlayer [2010.05.01 15:22:40 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.05.01 15:22:37 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3 [2010.04.27 15:21:47 | 000,000,000 | ---D | C] -- C:\Programme\XP Codec Pack [2010.04.27 15:19:33 | 024,391,296 | ---- | C] (Spiceworks, Inc.) -- C:\Users\mietschies\Documents\Spiceworks.exe [2010.04.21 19:14:21 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Pro [2010.04.21 19:14:05 | 000,000,000 | ---D | C] -- C:\Users\mietschies\AppData\Roaming\DAEMON Tools Pro [2010.04.21 19:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2010.04.21 19:12:59 | 010,088,256 | ---- | C] (DT Soft Ltd.) -- C:\Users\mietschies\Documents\DAEMONToolsPro4360309-0160.exe [2010.04.21 18:57:21 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar [2010.04.21 18:55:25 | 000,000,000 | ---D | C] -- C:\Users\mietschies\AppData\Roaming\DAEMON Tools Lite [2010.04.21 18:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.04.21 18:54:35 | 009,591,104 | ---- | C] (DT Soft Ltd.) -- C:\Users\mietschies\Documents\daemon_lite.exe [2010.04.21 18:12:56 | 000,000,000 | ---D | C] -- C:\Users\mietschies\Documents\Rockstar Games [2010.04.21 18:08:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.04.21 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\mietschies\AppData\Local\Rockstar Games [2010.04.21 17:48:50 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE [2010.04.21 17:18:05 | 000,000,000 | ---D | C] -- C:\Programme\Rockstar Games [2010.04.15 19:10:42 | 001,924,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\mietschies\install_flash_player.exe [2010.04.15 12:16:43 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.15 12:16:43 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.15 12:16:41 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.15 12:16:39 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.15 12:16:39 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.04.14 12:44:08 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.04.08 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\mietschies\Documents\*.tmp files -> C:\Users\mietschies\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.05 18:24:59 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ECB209C1-EF82-4205-B8BA-33541061685C}.job [2010.05.05 18:20:46 | 004,980,736 | -HS- | M] () -- C:\Users\mietschies\NTUSER.DAT [2010.05.05 18:20:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\mietschies\Documents\OTL.exe [2010.05.05 18:17:42 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.05.05 18:16:10 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.05.05 18:16:10 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.05.05 18:15:27 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.05.05 18:15:23 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.05 18:15:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.05 18:15:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.05 18:15:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.05 18:15:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.05 18:15:08 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys [2010.05.05 18:13:33 | 000,524,288 | -HS- | M] () -- C:\Users\mietschies\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.05.05 18:13:33 | 000,065,536 | -HS- | M] () -- C:\Users\mietschies\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.05 18:13:31 | 006,291,456 | -H-- | M] () -- C:\Users\mietschies\AppData\Local\IconCache.db [2010.05.05 18:12:59 | 000,012,460 | ---- | M] () -- C:\Users\mietschies\Documents\Malwarebytes.docx [2010.05.05 17:33:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.05 13:18:57 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.05 13:18:21 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\mietschies\Documents\mbam-setup.exe [2010.05.04 22:01:58 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\mietschies\Documents\HiJackThis.exe [2010.05.04 20:53:16 | 000,119,808 | ---- | M] (Atribune.org) -- C:\Users\mietschies\Documents\VundoFix.exe [2010.05.03 16:31:08 | 000,524,288 | -HS- | M] () -- C:\Users\mietschies\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.04.30 12:40:15 | 000,135,168 | ---- | M] () -- C:\Users\mietschies\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.30 09:42:19 | 000,429,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.29 10:08:18 | 005,549,301 | ---- | M] () -- C:\Users\mietschies\Documents\LaunchGTAIV.zip [2010.04.27 15:21:58 | 000,000,901 | ---- | M] () -- C:\Users\mietschies\Desktop\Media Player Classic.lnk [2010.04.27 15:20:21 | 024,391,296 | ---- | M] (Spiceworks, Inc.) -- C:\Users\mietschies\Documents\Spiceworks.exe [2010.04.27 15:20:17 | 007,858,598 | ---- | M] () -- C:\Users\mietschies\Documents\XP-Codec-Pack_2.5.1.exe [2010.04.22 06:26:30 | 000,001,723 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk [2010.04.21 19:24:54 | 000,029,031 | ---- | M] () -- C:\Users\mietschies\Documents\YASU_1.1_7035.rar [2010.04.21 19:23:27 | 001,427,212 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.21 19:23:27 | 000,621,714 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.21 19:23:27 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.21 19:23:27 | 000,123,452 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.21 19:23:27 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.21 19:14:55 | 000,697,328 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys [2010.04.21 19:13:10 | 010,088,256 | ---- | M] (DT Soft Ltd.) -- C:\Users\mietschies\Documents\DAEMONToolsPro4360309-0160.exe [2010.04.21 19:11:28 | 000,038,446 | ---- | M] () -- C:\Users\mietschies\Documents\YASU_1.5_8111_public.zip [2010.04.21 18:54:45 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\Users\mietschies\Documents\daemon_lite.exe [2010.04.21 18:48:15 | 000,044,857 | ---- | M] () -- C:\Users\mietschies\Documents\YASU_1.6_9040.zip [2010.04.21 18:35:21 | 000,001,770 | ---- | M] () -- C:\Users\mietschies\Documents\GTA4_bended.rar [2010.04.21 18:26:10 | 000,010,200 | ---- | M] () -- C:\Users\mietschies\Documents\Chrispysto.docx [2010.04.21 17:51:47 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.04.21 17:18:05 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk [2010.04.20 17:01:01 | 000,000,047 | ---- | M] () -- C:\Users\mietschies\AppData\Roaming\AVSDVDPlayer.m3u [2010.04.19 18:41:14 | 000,164,276 | ---- | M] () -- C:\Windows\hpoins19.dat [2010.04.19 18:40:40 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini [2010.04.15 19:10:42 | 001,924,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\mietschies\install_flash_player.exe [2010.04.10 08:36:06 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\mietschies\Documents\*.tmp files -> C:\Users\mietschies\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.05 18:12:59 | 000,012,460 | ---- | C] () -- C:\Users\mietschies\Documents\Malwarebytes.docx [2010.05.05 13:18:57 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.01 15:46:58 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.04.27 15:21:58 | 000,000,901 | ---- | C] () -- C:\Users\mietschies\Desktop\Media Player Classic.lnk [2010.04.27 15:21:56 | 000,421,888 | ---- | C] () -- C:\Windows\System32\ac3filter.acm [2010.04.27 15:19:53 | 007,858,598 | ---- | C] () -- C:\Users\mietschies\Documents\XP-Codec-Pack_2.5.1.exe [2010.04.22 06:30:22 | 005,549,301 | ---- | C] () -- C:\Users\mietschies\Documents\LaunchGTAIV.zip [2010.04.22 06:26:30 | 000,001,723 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk [2010.04.21 19:24:53 | 000,029,031 | ---- | C] () -- C:\Users\mietschies\Documents\YASU_1.1_7035.rar [2010.04.21 19:11:28 | 000,038,446 | ---- | C] () -- C:\Users\mietschies\Documents\YASU_1.5_8111_public.zip [2010.04.21 18:48:15 | 000,044,857 | ---- | C] () -- C:\Users\mietschies\Documents\YASU_1.6_9040.zip [2010.04.21 18:35:21 | 000,001,770 | ---- | C] () -- C:\Users\mietschies\Documents\GTA4_bended.rar [2010.04.21 18:26:09 | 000,010,200 | ---- | C] () -- C:\Users\mietschies\Documents\Chrispysto.docx [2010.04.21 17:18:05 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk [2010.04.16 20:07:51 | 000,066,193 | ---- | C] () -- C:\Users\mietschies\Desktop\12-02-10_1912.3gp [2010.04.16 20:05:59 | 000,092,599 | ---- | C] () -- C:\Users\mietschies\Desktop\12-02-10_1921.3gp [2010.04.16 20:04:49 | 000,297,572 | ---- | C] () -- C:\Users\mietschies\Desktop\12-02-10_1924.3gp [2010.04.16 20:03:49 | 000,296,242 | ---- | C] () -- C:\Users\mietschies\Desktop\12-02-10_1905.3gp [2010.04.10 08:36:06 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.02.09 21:53:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\jesterss.dll [2009.12.30 19:34:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.16 23:09:53 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2009.10.30 23:44:27 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.01.03 17:45:26 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.01.03 17:45:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.11.04 19:27:28 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.10.30 20:22:30 | 000,000,432 | ---- | C] () -- C:\Windows\Uninstall Spielesammlung.ini [2008.10.30 20:16:46 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.10.10 14:17:42 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysogg.dll [2008.10.10 14:16:35 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.10.09 16:56:05 | 000,000,139 | ---- | C] () -- C:\Windows\Videodeluxe.INI [2008.10.09 16:36:53 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.08.02 21:51:56 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.07.15 15:02:47 | 001,735,764 | -HS- | C] () -- C:\Windows\System32\dfeofong.ini [2008.07.15 14:21:38 | 001,735,584 | -HS- | C] () -- C:\Windows\System32\duhkxxsl.ini [2008.07.15 11:45:46 | 001,735,283 | -HS- | C] () -- C:\Windows\System32\flooyxyk.ini [2008.07.15 11:42:15 | 000,001,509 | -HS- | C] () -- C:\Windows\System32\pqsuDJlm.ini2 [2008.07.15 11:42:14 | 000,001,509 | -HS- | C] () -- C:\Windows\System32\pqsuDJlm.ini [2008.04.30 12:46:32 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll [2008.04.29 17:40:03 | 001,536,000 | ---- | C] () -- C:\Windows\System32\libmySQL.dll [2008.04.29 17:40:03 | 000,946,176 | ---- | C] () -- C:\Windows\System32\MaNGOSScript.dll [2008.04.29 17:40:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGResources.dll [2008.02.09 10:48:47 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.01.31 04:03:26 | 000,054,608 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2007.12.26 18:58:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.12.25 08:52:00 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2007.12.25 08:51:59 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2007.10.10 05:39:59 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2007.10.09 19:13:18 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll [1999.07.29 18:27:10 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 24 bytes -> C:\Windows:374FD30C4384BAEE < End of report >  |
|
05.05.2010, 20:07
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Internet Explorer öffnet einfach Seiten mit Werbungen.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2010, 14:28
| #5 |
| | Mein Internet Explorer öffnet einfach Seiten mit Werbungen. Hi Cosinus, habe Malware geupdatet und neuen Suchlauf durchgeführt. Hier der Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4071
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
06.05.2010 15:26:52
mbam-log-2010-05-06 (15-26-52).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 430425
Laufzeit: 1 Stunde(n), 41 Minute(n), 50 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\mietschies\AppData\Local\Temp\F6DB.tmp (Backdoor.Sinowal) -> Quarantined and deleted successfully.
C:\Users\mietschies\AppData\Local\Temp\scxramwnoe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\mietschies\AppData\Local\Temp\Gcx.exe (Trojan.FakeAlert) -> Delete on reboot.
|
|
06.05.2010, 15:01
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Internet Explorer öffnet einfach Seiten mit Werbungen. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (FirebirdServerMAGIXInstance) -- File not found
SRV - (comHost) -- File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (P2P Max DE Toolbar) - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {8925A538-F508-4A3E-8AF9-6C39E2D3AE7B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (P2P Max DE Toolbar) - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\mietschies\AppData\Local\Temp\Gcx.exe ()
[2008.07.15 15:02:47 | 001,735,764 | -HS- | C] () -- C:\Windows\System32\dfeofong.ini
[2008.07.15 14:21:38 | 001,735,584 | -HS- | C] () -- C:\Windows\System32\duhkxxsl.ini
[2008.07.15 11:45:46 | 001,735,283 | -HS- | C] () -- C:\Windows\System32\flooyxyk.ini
[2008.07.15 11:42:15 | 000,001,509 | -HS- | C] () -- C:\Windows\System32\pqsuDJlm.ini2
[2008.07.15 11:42:14 | 000,001,509 | -HS- | C] () -- C:\Windows\System32\pqsuDJlm.ini
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Mein Internet Explorer öffnet einfach Seiten mit Werbungen. |
|
06.05.2010, 15:28
| #7 |
| | Mein Internet Explorer öffnet einfach Seiten mit Werbungen. So nun hab ich auch das gemacht, mit folgendem Ergebnis: Zusätzlich möchte ich sagen, dass sich heute noch kein Mal mein IE geöffnet hat!, dafür schonmal DANKE. Code:
ATTFilter All processes killed
========== OTL ==========
Service FirebirdServerMAGIXInstance stopped successfully!
Service FirebirdServerMAGIXInstance deleted successfully!
File File not found not found.
Service comHost stopped successfully!
Service comHost deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Programme\Winamp Toolbar\winamptb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Programme\Google\Google Toolbar\GoogleToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0007d18-baa4-4573-ae78-8bea0958c610}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0007d18-baa4-4573-ae78-8bea0958c610}\ deleted successfully.
C:\Programme\P2P_Max_DE\tbP2P0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Programme\Google\Google Toolbar\GoogleToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8925A538-F508-4A3E-8AF9-6C39E2D3AE7B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8925A538-F508-4A3E-8AF9-6C39E2D3AE7B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e0007d18-baa4-4573-ae78-8bea0958c610} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0007d18-baa4-4573-ae78-8bea0958c610}\ not found.
File C:\Programme\P2P_Max_DE\tbP2P0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
File C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 not found.
File C:\Users\mietschies\AppData\Local\Temp\Gcx.exe not found.
C:\Windows\System32\dfeofong.ini moved successfully.
C:\Windows\System32\duhkxxsl.ini moved successfully.
C:\Windows\System32\flooyxyk.ini moved successfully.
C:\Windows\System32\pqsuDJlm.ini2 moved successfully.
C:\Windows\System32\pqsuDJlm.ini moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: mietschies
->Temp folder emptied: 1136092758 bytes
->Temporary Internet Files folder emptied: 39043824 bytes
->Java cache emptied: 59836370 bytes
->FireFox cache emptied: 86737446 bytes
->Opera cache emptied: 21856564 bytes
->Flash cache emptied: 89712 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 962514 bytes
%systemroot%\System32 .tmp files removed: 675840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101316392 bytes
RecycleBin emptied: 20881162264 bytes
Total Files Cleaned = 21.293,00 mb
OTL by OldTimer - Version 3.2.4.1 log created on 05062010_162058
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
06.05.2010, 15:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Internet Explorer öffnet einfach Seiten mit Werbungen. Schön. Dann wende jetzt mal bitte CF an: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2010, 17:17
| #9 |
| | Mein Internet Explorer öffnet einfach Seiten mit Werbungen. So habe auch diese Check ausgeführt, allerdings lässt sich nun nichts mehr öffnen, sei es Word oder FireFox/Opera. Ich werde es gleich nochmal mit einem Neustart probieren. (Hat sich nach Neustart wieder erledigt und ich hab das Gefühl mein Rechner ist wesentlich schneller geworden) Hier der Log von CF: Code:
ATTFilter ComboFix 10-05-05.0D - mietschies 06.05.2010 17:29:41.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2047.1098 [GMT 2:00]
ausgeführt von:: c:\users\mietschies\Documents\cofi.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-246336926-1473631755-3376170504-500
C:\install.exe
c:\program files\Cheat Engine\dbk32.sys
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacy Policy.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Terms and Conditions.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\users\mietschies\AppData\Local\gcyci.dat
c:\users\mietschies\AppData\Local\gcyci_nav.dat
c:\users\mietschies\AppData\Local\gcyci_navps.dat
c:\windows\system32\Config.cfg
c:\windows\system32\Install.bat
D:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
((((((((((((((((((((((( Dateien erstellt von 2010-04-06 bis 2010-05-06 ))))))))))))))))))))))))))))))
.
2010-05-06 15:40 . 2010-05-06 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-06 14:20 . 2010-05-06 14:20 -------- d-----w- C:\_OTL
2010-05-05 11:19 . 2010-05-05 11:19 -------- d-----w- c:\users\mietschies\AppData\Roaming\Malwarebytes
2010-05-05 11:18 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 11:18 . 2010-05-05 11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 11:18 . 2010-05-05 11:18 -------- d-----w- c:\programdata\Malwarebytes
2010-05-05 11:18 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 18:53 . 2010-05-04 18:53 -------- d-----w- C:\VundoFix Backups
2010-05-01 13:45 . 2010-05-05 12:22 -------- d-----w- c:\users\mietschies\AppData\Roaming\0979169DDB67BF102637976E655C6EB9
2010-05-01 13:22 . 2010-05-01 13:22 -------- d-----w- c:\users\mietschies\AppData\Local\TVU Networks
2010-05-01 13:22 . 2010-05-01 13:22 -------- d-----w- c:\programdata\TVU Networks
2010-05-01 13:22 . 2010-05-01 13:22 -------- d-----w- c:\program files\TVUPlayer
2010-05-01 13:22 . 2010-05-01 13:22 -------- d-----w- c:\program files\Conduit
2010-05-01 13:22 . 2010-05-06 14:21 -------- d-----w- c:\program files\softonic-de3
2010-04-27 13:21 . 2010-04-27 13:21 -------- d-----w- c:\program files\XP Codec Pack
2010-04-21 17:14 . 2010-04-22 04:26 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-04-21 17:14 . 2010-04-21 17:20 -------- d-----w- c:\users\mietschies\AppData\Roaming\DAEMON Tools Pro
2010-04-21 17:14 . 2010-04-21 17:14 -------- d-----w- c:\programdata\DAEMON Tools Pro
2010-04-21 16:57 . 2010-05-06 14:21 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-21 16:55 . 2010-04-21 17:05 -------- d-----w- c:\users\mietschies\AppData\Roaming\DAEMON Tools Lite
2010-04-21 16:55 . 2010-04-21 16:55 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-04-21 15:53 . 2010-04-21 16:09 -------- d-----w- c:\users\mietschies\AppData\Local\Rockstar Games
2010-04-21 15:48 . 2010-04-21 15:48 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-04-21 15:18 . 2010-04-21 15:23 -------- d-----w- c:\program files\Rockstar Games
2010-04-15 17:10 . 2010-04-15 17:10 1924976 ----a-w- c:\users\mietschies\install_flash_player.exe
2010-04-15 10:16 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 10:16 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 10:16 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 10:16 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 10:16 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 10:16 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 10:16 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 10:16 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 10:16 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 15:48 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 15:48 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 10:44 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-08 17:39 . 2010-04-08 17:39 -------- d-----w- c:\programdata\BioWare
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 15:42 . 2010-03-31 14:43 35381 ----a-w- c:\programdata\nvModes.dat
2010-05-06 15:42 . 2007-10-10 04:05 -------- d-----w- c:\programdata\NVIDIA
2010-05-06 15:39 . 2010-01-15 17:24 -------- d-----w- c:\program files\Cheat Engine
2010-05-06 15:13 . 2010-02-12 21:35 -------- d-----w- c:\program files\CCleaner
2010-05-06 14:21 . 2009-06-11 07:58 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-06 14:21 . 2009-04-06 15:45 -------- d-----w- c:\program files\P2P_Max_DE
2010-05-06 14:21 . 2009-05-23 08:02 -------- d-----w- c:\program files\Winamp Toolbar
2010-05-06 14:11 . 2007-12-25 12:10 -------- d-----w- c:\users\mietschies\AppData\Roaming\ICQ
2010-05-05 16:11 . 2007-12-25 12:11 -------- d-----w- c:\program files\ICQToolbar
2010-05-04 12:25 . 2010-03-05 20:21 -------- d-----w- c:\program files\AIM6
2010-05-02 18:06 . 2008-01-21 18:04 -------- d-----w- c:\users\mietschies\AppData\Roaming\Skype
2010-05-02 10:06 . 2010-02-20 18:29 -------- d-----w- c:\users\mietschies\AppData\Roaming\uTorrent
2010-04-21 17:23 . 2006-11-02 15:33 621714 ----a-w- c:\windows\system32\perfh007.dat
2010-04-21 17:23 . 2006-11-02 15:33 123452 ----a-w- c:\windows\system32\perfc007.dat
2010-04-21 17:14 . 2008-02-09 08:48 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-21 17:13 . 2008-02-09 09:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-21 16:27 . 2009-09-19 09:13 -------- d-----w- c:\users\mietschies\AppData\Roaming\Image Zone Express
2010-04-21 15:51 . 2008-06-22 18:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-21 15:23 . 2007-12-25 06:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 16:41 . 2009-09-19 08:56 164276 ----a-w- c:\windows\hpoins19.dat
2010-04-16 16:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-10 06:35 . 2007-12-24 21:46 -------- d-----w- c:\program files\Google
2010-04-05 17:17 . 2010-03-31 14:05 -------- d-----w- c:\program files\Dragon Age
2010-04-01 06:26 . 2010-04-01 06:05 -------- d--h--w- c:\program files\Temp
2010-04-01 06:15 . 2010-04-01 06:05 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-04-01 06:15 . 2010-04-01 06:15 -------- d-----w- c:\program files\Realtek
2010-03-31 18:46 . 2008-05-13 16:29 -------- d-----w- c:\users\mietschies\AppData\Roaming\Ubisoft
2010-03-31 18:46 . 2008-05-13 15:53 -------- d-----w- c:\programdata\Ubisoft
2010-03-31 18:44 . 2007-12-25 06:46 -------- d-----w- c:\program files\Ubisoft
2010-03-31 14:39 . 2010-03-31 14:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-31 14:37 . 2009-05-29 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-31 14:25 . 2007-12-25 06:52 -------- d-----w- c:\programdata\Media Center Programs
2010-03-31 14:25 . 2010-03-31 14:05 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-31 12:54 . 2010-02-28 13:21 -------- d-----w- c:\program files\Activision
2010-03-30 18:40 . 2010-03-30 18:40 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-30 12:01 . 2010-03-30 12:00 -------- d-----w- c:\program files\Visions
2010-03-29 20:10 . 2009-04-08 12:05 -------- d-----w- c:\users\mietschies\AppData\Roaming\Pro Cycling Manager 2008
2010-03-29 14:01 . 2008-02-09 12:59 -------- d-----w- c:\users\mietschies\AppData\Roaming\Hamachi
2010-03-29 09:41 . 2008-01-08 18:42 -------- d-----w- c:\program files\EA SPORTS
2010-03-27 09:07 . 2010-03-27 09:07 -------- d-----w- c:\program files\GUILD WARS
2010-03-26 20:16 . 2008-09-28 18:07 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-03-26 18:28 . 2007-12-26 12:10 -------- d-----w- c:\users\mietschies\AppData\Roaming\Pro Cycling Manager 2007
2010-03-26 16:24 . 2010-04-01 06:15 3048096 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-03-26 16:03 . 2010-04-01 06:15 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-03-26 16:03 . 2010-04-01 06:15 1749536 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-03-26 16:02 . 2010-04-01 06:15 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-03-26 16:02 . 2010-04-01 06:15 2649120 ----a-w- c:\windows\system32\RtkAPO.dll
2010-03-25 09:27 . 2010-03-25 09:27 1107264 ----a-w- c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-22 12:22 . 2010-04-01 06:15 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-20 17:58 . 2010-02-22 14:12 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-03-17 10:08 . 2010-04-01 06:15 307616 ----a-w- c:\windows\system32\FMAPO.dll
2010-03-16 09:42 . 2010-05-01 13:22 52224 ----a-w- c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
2010-03-16 09:42 . 2010-05-01 13:22 101376 ----a-w- c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
2010-03-16 00:15 . 2010-03-16 00:15 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-16 00:15 . 2010-03-16 00:15 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-03-16 00:15 . 2010-03-16 00:15 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-16 00:15 . 2010-03-16 00:15 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-16 00:14 . 2010-03-16 00:14 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 00:14 . 2010-03-16 00:14 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-13 20:34 . 2008-08-02 19:03 -------- d-----w- c:\program files\Opera
2010-03-12 09:26 . 2007-10-10 03:34 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-09 16:25 . 2010-03-31 08:27 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-31 08:28 834048 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-02-25 16:57 . 2007-12-24 21:21 122672 ----a-w- c:\users\mietschies\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-12-25 07:30 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-11 12:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 12:32 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 12:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-20 15:40 . 2010-02-20 15:40 3112408 ----a-w- c:\users\mietschies\AppData\Roaming\ProtectDisc\pe17af2e81.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-24 68856]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-26 8546848]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-10-24 46728]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-24 1836544]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"VC9Player"="c:\program files\Virtual CD v9\System\VC9Play.exe" [2007-04-12 202312]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-9 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
phase-6 Reminder.lnk - c:\program files\phase-6\phase-6\reminder\reminder.exe [2009-7-13 1032192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSServer"=rundll32.exe c:\windows\system32\nnnoNeEw.dll,#1
"eed3d6d7"=rundll32.exe "c:\windows\system32\gnofoefd.dll",b
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5f,1d,eb,1a,9e,b8,ca,01
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 gupdate1c988f78e8c0b34;Google Update Service (gupdate1c988f78e8c0b34);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys [2006-09-20 11392]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 202872]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-21 697328]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2009-04-08 3468904]
S1 vdrv9000;vdrv9000;c:\windows\system32\DRIVERS\vdrv9000.sys [2007-01-23 105984]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-11-08 194240]
S2 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
S2 VC9SecS;Virtual CD v9 Management Service;c:\program files\Virtual CD v9\System\VC9SecS.exe [2007-04-12 124488]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-24 13:54]
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 07:41]
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 07:41]
2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{ECB209C1-EF82-4205-B8BA-33541061685C}.job
- c:\windows\system32\msfeedssync.exe [2008-03-21 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=
FF - component: c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - component: c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\mietschies\AppData\Roaming\Mozilla\Firefox\Profiles\5bnfwh1h.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
URLSearchHooks-{e0007d18-baa4-4573-ae78-8bea0958c610} - (no file)
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
WebBrowser-{E0007D18-BAA4-4573-AE78-8BEA0958C610} - (no file)
SSODL-StdDrv-{18b567c4-69cf-446e-9940-2ac63f750905} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-06 17:42
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84F051F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x88ad1d24
\Driver\ACPI -> acpi.sys @ 0x8836cd68
\Driver\atapi -> 0x84f051f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdrv9000]
"ImagePath"="system32\DRIVERS\vdrv9000.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-1112595839-425856898-2786594882-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:79,44,30,e7,14,5a,dd,08,90,33,e8,63,8b,f2,ea,29,62,b4,40,53,75,
5b,0d,63,ce,d5,59,bd,fc,2c,3a,2a,60,16,07,ba,b8,e6,d1,5e,58,72,f6,a9,ab,85,\
"rkeysecu"=hex:fe,ec,74,91,0c,53,cc,28,ad,7f,5c,7b,ea,61,23,1f
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(4896)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\UAService7.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-06 17:52:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-06 15:52
Vor Suchlauf: 19 Verzeichnis(se), 57.649.147.904 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 57.252.720.640 Bytes frei
- - End Of File - - 82D7328E795A82198CD44302014D5501
Geändert von JonWayn (06.05.2010 um 17:28 Uhr) |
|
06.05.2010, 19:19
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Internet Explorer öffnet einfach Seiten mit Werbungen. Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Mein Internet Explorer öffnet einfach Seiten mit Werbungen. |
| antivir, antivir guard, ask toolbar, askbar, avira, bho, browser, desktop, google, gupdate, hijack, hijackthis, internet, internet explorer, launch, local\temp, malware, plug-in, problem, programdata, realtek, rundll, security, senden, server, software, symantec, system, trojaner, virus, vista, werbungseiten, windows |
Linear-Darstellung
