Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: newporto.cn hat sich bei mir eingenistet :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.09.2010, 20:03   #1
Provocateur
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Hallo liebe Leute,

seit einigen Tagen bekomme ich dauernd die avast! Meldung, die wie folgt ausschaut:



Ich habe avast! komplett durchlaufen lassen, alles auffällige gelöscht.

Malwarebytes' Anti-Malware durchlaufen lassen und gestern alles auffällige gelöscht.

OTL eben durchlaufen lassen, hier die logs:

OTL.txt

Code:
ATTFilter
OTL logfile created on: 05.09.2010 19:50:21 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 1,17 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.05 19:49:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe
PRC - [2010.09.04 05:22:09 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010.07.23 04:09:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.07.23 04:09:20 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.01 15:15:36 | 001,642,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Winload.exe
PRC - [2009.11.17 10:47:24 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.10.27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.10.05 15:30:20 | 001,594,832 | --S- | M] () -- C:\Programme\Seagate Replica\bin\Seagate-Replica-Tray.exe
PRC - [2009.10.05 15:30:16 | 001,814,016 | --S- | M] () -- C:\Programme\Seagate Replica\bin\Seagate-Replica-Service.exe
PRC - [2009.10.05 15:28:04 | 000,162,256 | --S- | M] () -- C:\Programme\Seagate Replica\bin\Seagate-Replica-SysMon.exe
PRC - [2009.10.05 15:26:10 | 000,582,608 | --S- | M] () -- C:\Programme\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.09 09:31:56 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009.01.19 08:37:10 | 001,150,976 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008.07.09 23:07:00 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.06 01:30:52 | 000,176,128 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\S3Trayp.exe
PRC - [2006.12.12 15:36:36 | 000,030,720 | ---- | M] () -- C:\Programme\Power Manager\PM.exe
PRC - [2006.09.21 10:36:18 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2006.07.27 15:06:46 | 000,122,880 | ---- | M] () -- C:\Programme\Hotkey 1.0.4\FuncKey.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.05 19:49:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe
MOD - [2010.09.04 01:04:55 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\lpqcess.dll
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.10.05 15:30:16 | 001,814,016 | --S- | M] () [Auto | Running] -- C:\Programme\Seagate Replica\bin\Seagate-Replica-Service.exe -- (Seagate-Replica-Service)
SRV - [2009.10.05 15:28:04 | 000,162,256 | --S- | M] () [Auto | Running] -- C:\Programme\Seagate Replica\bin\Seagate-Replica-SysMon.exe -- (Seagate-Replica-SysMon)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.10.06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.09.06 03:05:06 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.08.05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.06.22 13:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 18:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.03.05 03:54:54 | 000,709,632 | R--- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007.01.16 03:15:08 | 000,192,256 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2007.01.16 03:15:08 | 000,192,256 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService)
DRV - [2006.11.22 11:35:00 | 000,982,272 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.17 01:35:00 | 000,528,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005.09.09 18:56:14 | 000,006,144 | ---- | M] (hxxp://www.internals.com) [Kernel | System | Running] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
DRV - [2005.04.22 10:54:00 | 000,112,751 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004.11.11 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.11.11 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.0
FF - prefs.js..network.proxy.http: "141.24.33.192"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.no_proxies_on: ""
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.05.23 03:30:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Programme\Siber Systems\AI RoboForm\Firefox [2009.08.03 14:30:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.05 19:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.05 19:44:24 | 000,000,000 | ---D | M]
 
[2009.12.31 16:11:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.09.05 17:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ek8rl6w1.default\extensions
[2010.08.27 14:11:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ek8rl6w1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.19 12:18:02 | 000,000,000 | ---D | M] (MediaWrap) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ek8rl6w1.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2010.08.27 14:11:46 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ek8rl6w1.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.03.17 23:26:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ek8rl6w1.default\extensions\battlefieldheroespatcher@ea.com
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ek8rl6w1.default\searchplugins\conduit.xml
[2010.09.04 15:32:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ek8rl6w1.default\searchplugins\icqplugin-1.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ek8rl6w1.default\searchplugins\icqplugin.xml
[2010.09.05 19:44:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.05 14:06:43 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       loc
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FuncKey] C:\Programme\Hotkey 1.0.4\FuncKey.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PowerManager] C:\Programme\Power Manager\PM.exe ()
O4 - HKLM..\Run: [PPort11reminder] C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RoboForm] C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Mozilla Firefox.lnk = C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.03 11:12:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{583985a9-8012-11de-8b6b-00225f714a1a}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe
O33 - MountPoints2\{583985a9-8012-11de-8b6b-00225f714a1a}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: evenhone - (C:\WINDOWS\lpqcess.dll) - C:\WINDOWS\lpqcess.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.05 19:44:22 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.09.05 19:36:21 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010.09.05 14:50:23 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.09.05 14:06:20 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.09.05 14:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.09.05 14:05:45 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2010.09.05 14:01:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Conduit
[2010.09.05 14:01:39 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.09.04 04:18:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2010.09.04 04:18:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.04 04:18:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.09.04 04:18:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.04 04:18:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.30 23:26:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\alpa_gun_almanci
[2010.08.13 00:15:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ambient Design
[2010.08.13 00:07:52 | 000,000,000 | ---D | C] -- C:\Programme\Ambient Design
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.05 19:49:52 | 000,023,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\virus.JPG
[2010.09.05 19:44:28 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.09.05 19:34:59 | 000,133,081 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\bookmarks-2010-09-05.json
[2010.09.05 14:50:29 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010.09.05 13:58:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.05 13:58:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.04 22:00:46 | 010,223,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat
[2010.09.04 22:00:46 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010.09.04 04:18:31 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 01:57:23 | 002,130,369 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Yolanda Be Cool  amp  Dcup - We No Speak Americano  Official Video  - OUT NOW.mp3
[2010.09.04 01:50:07 | 006,962,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\David Guetta Memories Vs  We No Speak Americano  Nils Collas Bootleg.mp3
[2010.09.04 01:04:55 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\lpqcess.dll
[2010.09.04 01:04:54 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\lpqcess.dll
[2010.09.03 22:35:24 | 003,774,443 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Cypress_Hill_-_Hits_from_the_Bong.mp3
[2010.09.03 12:03:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.02 05:23:28 | 000,899,072 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scrubs_sad_melody2.mp3
[2010.09.02 04:31:03 | 007,987,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\thomas_newman__any_other_name.mp3
[2010.09.01 23:21:20 | 004,605,952 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Boys Noize  - and down.mp3
[2010.09.01 05:00:23 | 000,012,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\lowrider.gif
[2010.08.31 18:55:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.08.30 19:18:56 | 000,088,576 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.30 05:05:02 | 000,186,898 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\468X60.gif
[2010.08.30 02:54:56 | 000,112,060 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\kifferhaufen.jpg
[2010.08.30 01:51:11 | 000,018,879 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\943099766-joint.9.jpg
[2010.08.28 04:45:41 | 007,502,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\sweed.wmv
[2010.08.28 04:40:11 | 000,224,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\layer4.jpg
[2010.08.28 04:40:02 | 000,292,314 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\layer2.jpg
[2010.08.28 04:39:51 | 000,241,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\layer3.jpg
[2010.08.28 04:39:42 | 000,213,557 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\layer1.jpg
[2010.08.28 04:39:31 | 000,225,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\300x250.gif
[2010.08.28 04:39:06 | 000,204,371 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\728x90.gif
[2010.08.28 04:37:52 | 003,186,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Afro Man - Because I Got High.mp3
[2010.08.20 00:20:17 | 004,022,515 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Eminem -  Business  Original  HQ.mp3
[2010.08.19 23:23:23 | 003,686,476 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Daz Dillinger - Mission Cleopatra - Instrumental.mp3
[2010.08.17 00:50:15 | 003,362,976 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Ashanti - Only U  Instrumental.mp3
[2010.08.15 18:08:25 | 003,176,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\love is gon.mp3
[2010.08.13 14:05:13 | 005,632,128 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\YoureNotAlone.mp3
[2010.08.13 00:07:59 | 000,000,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ArtRage 2 Free.lnk
[2010.08.12 17:41:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.12 03:32:25 | 000,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 03:13:00 | 001,008,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 03:13:00 | 000,452,886 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.12 03:13:00 | 000,435,908 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 03:13:00 | 000,081,664 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.12 03:13:00 | 000,068,804 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.11 22:59:20 | 004,054,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\2Pac Runnin Feat Biggie Smalls DIRTY VERSION.mp3
[2010.08.11 18:04:59 | 000,008,711 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\weiße schrift.X3D
[2010.08.10 02:24:11 | 003,346,213 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Schiller feat  September - Breathe  Dave Ramone Radio Edit   video.mp3
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.05 19:49:51 | 000,023,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\virus.JPG
[2010.09.05 19:44:27 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.09.05 19:34:59 | 000,133,081 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\bookmarks-2010-09-05.json
[2010.09.05 14:50:29 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010.09.04 04:18:31 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 01:57:16 | 002,130,369 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Yolanda Be Cool  amp  Dcup - We No Speak Americano  Official Video  - OUT NOW.mp3
[2010.09.04 01:49:45 | 006,962,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\David Guetta Memories Vs  We No Speak Americano  Nils Collas Bootleg.mp3
[2010.09.04 01:04:55 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\lpqcess.dll
[2010.09.04 01:04:54 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\lpqcess.dll
[2010.09.02 00:57:18 | 007,987,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\thomas_newman__any_other_name.mp3
[2010.09.02 00:52:27 | 000,899,072 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\scrubs_sad_melody2.mp3
[2010.09.01 23:20:21 | 004,605,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Boys Noize  - and down.mp3
[2010.09.01 05:00:21 | 000,012,736 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\lowrider.gif
[2010.08.30 05:05:01 | 000,186,898 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\468X60.gif
[2010.08.30 02:54:55 | 000,112,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\kifferhaufen.jpg
[2010.08.30 01:48:06 | 000,018,879 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\943099766-joint.9.jpg
[2010.08.28 17:24:29 | 003,774,443 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Cypress_Hill_-_Hits_from_the_Bong.mp3
[2010.08.28 04:43:00 | 007,502,766 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\sweed.wmv
[2010.08.28 04:40:10 | 000,224,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\layer4.jpg
[2010.08.28 04:40:01 | 000,292,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\layer2.jpg
[2010.08.28 04:39:50 | 000,241,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\layer3.jpg
[2010.08.28 04:39:41 | 000,213,557 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\layer1.jpg
[2010.08.28 04:39:30 | 000,225,766 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\300x250.gif
[2010.08.28 04:39:04 | 000,204,371 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\728x90.gif
[2010.08.28 04:37:46 | 003,186,134 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Afro Man - Because I Got High.mp3
[2010.08.19 23:31:11 | 004,022,515 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Eminem -  Business  Original  HQ.mp3
[2010.08.19 23:12:31 | 003,686,476 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Daz Dillinger - Mission Cleopatra - Instrumental.mp3
[2010.08.16 15:07:43 | 003,362,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Ashanti - Only U  Instrumental.mp3
[2010.08.15 18:08:15 | 003,176,372 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\love is gon.mp3
[2010.08.13 13:44:31 | 005,632,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\YoureNotAlone.mp3
[2010.08.13 00:07:59 | 000,000,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ArtRage 2 Free.lnk
[2010.08.11 19:21:40 | 004,054,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\2Pac Runnin Feat Biggie Smalls DIRTY VERSION.mp3
[2010.08.11 16:51:00 | 000,008,711 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\weiße schrift.X3D
[2010.08.10 02:24:06 | 003,346,213 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Schiller feat  September - Breathe  Dave Ramone Radio Edit   video.mp3
[2010.06.17 15:53:52 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.06.17 15:52:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010.06.17 15:44:44 | 000,031,864 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010.01.01 19:53:53 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2009.12.18 01:42:45 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009.12.18 01:42:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009.09.22 15:37:34 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.09.22 15:37:34 | 000,139,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys
[2009.09.06 03:05:06 | 000,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.08.26 15:34:32 | 000,088,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.05 19:48:10 | 001,456,640 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi
[2009.08.05 19:47:46 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2009.08.03 22:28:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.08.03 22:24:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.03 11:22:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
 
========== LOP Check ==========
 
[2010.08.13 00:15:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ambient Design
[2009.08.28 00:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\avidemux
[2009.09.06 03:12:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Pro
[2009.09.06 23:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GetRightToGo
[2010.09.05 18:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
[2009.12.08 21:58:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
[2010.08.20 16:53:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mezo
[2010.05.23 03:32:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia
[2009.08.30 16:00:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++
[2010.05.23 03:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite
[2010.08.20 04:35:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TurboFTP
[2009.09.04 00:23:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Xilisoft Corporation
[2010.08.25 12:52:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Zaas
[2010.02.13 18:17:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2009.09.06 03:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2010.03.14 23:44:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e4ZzC0xgrRE010Q
[2010.06.17 00:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.05.23 03:28:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.02.01 15:02:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2009.08.04 13:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2010.05.23 03:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.09.04 05:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm
[2010.06.17 15:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.08.20 04:35:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.12.12 18:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TurboFTP
[2009.09.06 03:04:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010.05.29 15:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 179 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:EC76150E
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 05.09.2010 19:50:21 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 1,17 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Disabled:ICQ -- File not found
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1EA56FAA-6CA2-4DDB-9FFD-62755076396E}" = Falk Navi-Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F055F6A-049B-4D8E-BA00-3B77C11A968F}" = Falk Navi-Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F121350-54E4-4348-BA9F-5A7836EF4CCB}" = Falk Navi-Manager
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58689B88-CB63-459D-B580-981E3B3E18F7}" = AW-GM100 3.2.3.2 WLAN WHQL driver
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D90E672A-CC7E-4CDF-82CB-4CC0465BDC91}" = Wireless LAN Driver Installation Program
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"ArtRage Free_is1" = ArtRage 2.2 Free
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"Hotkey 1.0.4_is1" = Hotkey 1.0.4
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"Power Manager_is1" = Power Manager 2.2.1
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Seagate Replica_is1" = Seagate Replica v3.0.769.6355
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SMSERIAL" = Motorola SM56 Data Fax Modem
"TUGZip_is1" = TUGZip 3.5
"TurboFTP" = TurboFTP (remove only)
"VIA Chrome9 HC IGP Display" = VIA/S3G Display Driver 6.14.10.0086
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0099
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2010 10:03:00 | Computer Name = ***** | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 16:03:00.250]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
Error - 05.09.2010 10:03:34 | Computer Name = ***** | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 16:03:34.750]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
Error - 05.09.2010 10:04:09 | Computer Name = ***** | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 16:04:09.250]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
Error - 05.09.2010 10:04:43 | Computer Name = ***** | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 16:04:43.890]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
Error - 05.09.2010 10:05:18 | Computer Name = ***** | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 16:05:18.390]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
Error - 05.09.2010 10:05:52 | Computer Name = ***** | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 16:05:52.890]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
Error - 05.09.2010 10:06:27 | Computer Name = ***** | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 16:06:27.390]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
Error - 05.09.2010 10:07:01 | Computer Name = ***** | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 16:07:01.906]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
Error - 05.09.2010 10:23:09 | Computer Name = ***** | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 16:23:09.531]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
Error - 05.09.2010 11:54:40 | Computer Name = *****| Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/05 17:54:40.578]: [00000436]: GetDeviceIpAddress:
 GetAddressByName [BRWC417FEA30FBB] Error  
 
[ System Events ]
Error - 04.09.2010 16:02:06 | Computer Name = ***** | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 04.09.2010 16:02:06 | Computer Name = ***** | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 04.09.2010 16:02:06 | Computer Name = ***** | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 04.09.2010 23:42:55 | Computer Name = ***** | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 04.09.2010 23:42:55 | Computer Name = ***** | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 04.09.2010 23:42:55 | Computer Name = ***** | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 05.09.2010 07:59:16 | Computer Name = ***** | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 05.09.2010 07:59:16 | Computer Name = ***** | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 05.09.2010 07:59:16 | Computer Name = ***** | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 05.09.2010 10:32:43 | Computer Name = ***** | Source = Service Control Manager | ID = 7034
Description = Dienst "Gatewaydienst auf Anwendungsebene" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >
         
Ich habe auch "Spybot - Search & Destroy" mal durchlaufen lassen und auch da alles verdächtige gelöscht. Danach hat es scheinbar ein paar Stunden geklappt, es kamen keine Fehlermeldungen, aber es fängt wieder an.

Ich habe auch Firefox komplett nochmal installiert etc.

Ich habe auch schon ein Thread eines Users gelesen, der das gleiche Problem hatte.. Aber er konnte mit Anti-Malware das Problem lösen, bei mir ging es leider nicht.

Bin echt verzweifelt, keine Ahnung was ich noch tun soll

Danke schonmal im voraus

Alt 05.09.2010, 22:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Zitat:
Malwarebytes' Anti-Malware durchlaufen lassen und gestern alles auffällige gelöscht.
Das Log musst Du natürlich auch posten!
__________________

__________________

Alt 05.09.2010, 23:07   #3
Provocateur
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Zitat:
Zitat von cosinus Beitrag anzeigen
Das Log musst Du natürlich auch posten!
Alles klar, hier:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4539

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

04.09.2010 18:13:23
mbam-log-2010-09-04 (18-13-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 52745
Laufzeit: 25 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{10AF2F98-95D7-4A47-A6EE-136E1484A44A}\RP229\A0109455.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{10AF2F98-95D7-4A47-A6EE-136E1484A44A}\RP229\A0110634.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Desktop\fritzbox_reconnecter\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
         
__________________

Alt 06.09.2010, 08:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Hat Malwarebytes noch mehr gefunden, gibt es noch weitere Logs?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.09.2010, 13:33   #5
Provocateur
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Oh ja, hier war noch ein log mit mehr Funde:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4539

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

04.09.2010 04:56:08
mbam-log-2010-09-04 (04-56-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144744
Laufzeit: 30 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 143
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 24

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{e50c6793-6d67-01ee-0e08-f6920d8e6b60} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1d720676-074a-7984-45d6-99e7febe2b03} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc149.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc150.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc154.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc159.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc160.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc161.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc167.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc168.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc169.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc170.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc171.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc172.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc173.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc174.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc175.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1229272821-688789844-725345543-500\Dc176.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTfqmasxnsrq.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Ich glaube ich hatte da auch eigenständig fast alle gelöscht, sodass Youtube seit der Löschung Schwierigkeiten macht, also stürzt immer ab etc.


Alt 06.09.2010, 13:47   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
MOD - [2010.09.04 01:04:55 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\lpqcess.dll
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..network.proxy.http: "141.24.33.192"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.no_proxies_on: ""
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O33 - MountPoints2\{583985a9-8012-11de-8b6b-00225f714a1a}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe
O33 - MountPoints2\{583985a9-8012-11de-8b6b-00225f714a1a}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe
O36 - AppCertDlls: evenhone - (C:\WINDOWS\lpqcess.dll) - C:\WINDOWS\lpqcess.dll ()
[2010.09.05 14:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.09.04 01:04:55 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\lpqcess.dll
[2010.09.04 01:04:54 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\lpqcess.dll
[2010.03.14 23:44:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e4ZzC0xgrRE010Q
@Alternate Data Stream - 179 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:EC76150E
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.


Ich brauch auch den Quarantäneordner von OTL. Bitte danach folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
--> newporto.cn hat sich bei mir eingenistet :(

Alt 06.09.2010, 15:20   #7
Provocateur
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Ok habe alles getan was du geschrieben hast. Hier das Log, die Dateien bzw. den Quarantäneordner habe ich hochgeladen, hoffe diese wird angezeigt.

Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Winload Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: "141.24.33.192" removed from network.proxy.http
Prefs.js: 3124 removed from network.proxy.http_port
Prefs.js: "" removed from network.proxy.no_proxies_on
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{583985a9-8012-11de-8b6b-00225f714a1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{583985a9-8012-11de-8b6b-00225f714a1a}\ not found.
File SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{583985a9-8012-11de-8b6b-00225f714a1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{583985a9-8012-11de-8b6b-00225f714a1a}\ not found.
File SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\evenhone:C:\WINDOWS\lpqcess.dll deleted successfully.
C:\WINDOWS\lpqcess.dll moved successfully.
C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP folder moved successfully.
File C:\WINDOWS\lpqcess.dll not found.
C:\WINDOWS\system32\lpqcess.dll moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e4ZzC0xgrRE010Q folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:EC76150E deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 6602766 bytes
->Temporary Internet Files folder emptied: 172170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22585443 bytes
->Flash cache emptied: 13588 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 49515161 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 81634903 bytes
->Flash cache emptied: 119227 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 245667 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1073844 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1225817 bytes
%systemroot%\System32 .tmp files removed: 4411783 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 294344 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 160,00 mb
 
 
OTL by OldTimer - Version 3.2.11.0 log created on 09062010_151120

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...
         

Alt 06.09.2010, 16:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.09.2010, 18:02   #9
Provocateur
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Alles getan, folgendes wurde nun als Log angezeigt (Seagate Replica ist meine externe Festplatte):

Code:
ATTFilter
ComboFix 10-09-04.06 - Administrator 06.09.2010  17:41:21.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1982.1616 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\srcr.dat

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTD.SYS
-------\Legacy_MYWEBSEARCHSERVICE


(((((((((((((((((((((((   Dateien erstellt von 2010-08-06 bis 2010-09-06  ))))))))))))))))))))))))))))))
.

2010-09-06 11:51 . 2010-09-06 11:51	--------	d-----w-	C:\_OTL
2010-09-05 21:38 . 2010-09-05 21:38	--------	d-----w-	c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2010-09-05 21:38 . 2010-09-05 21:38	--------	d-----w-	c:\programme\Conduit
2010-09-05 21:38 . 2010-09-05 21:38	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Conduit
2010-09-05 12:50 . 2010-09-05 21:37	--------	d-----w-	c:\programme\Spybot - Search & Destroy
2010-09-05 12:06 . 2010-09-05 12:06	--------	d-----w-	c:\programme\Enigma Software Group
2010-09-04 02:18 . 2010-09-04 02:18	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-09-04 02:18 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 02:18 . 2010-09-04 02:18	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-04 02:18 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-04 02:18 . 2010-09-04 02:18	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-08-12 22:15 . 2010-08-12 22:15	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Ambient Design
2010-08-12 22:07 . 2010-08-12 22:07	--------	d-----w-	c:\programme\Ambient Design

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 15:29 . 2009-08-27 19:31	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-09-06 13:37 . 2009-08-03 15:40	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ICQ
2010-09-05 19:00 . 2009-09-12 19:10	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\vlc
2010-09-04 03:28 . 2009-08-03 11:46	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\RoboForm
2010-08-25 10:52 . 2010-04-23 09:28	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Zaas
2010-08-23 19:28 . 2010-06-16 21:54	--------	d-----w-	c:\programme\ICQ7.2
2010-08-20 14:53 . 2010-05-14 17:30	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mezo
2010-08-20 02:35 . 2009-12-12 16:23	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-08-20 02:35 . 2009-12-12 16:23	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\TurboFTP
2010-08-12 15:41 . 2009-12-24 14:24	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-08-12 01:14 . 2009-08-05 09:20	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-08-12 01:13 . 2004-11-11 12:00	81664	----a-w-	c:\windows\system32\perfc007.dat
2010-08-12 01:13 . 2004-11-11 12:00	452886	----a-w-	c:\windows\system32\perfh007.dat
2010-08-11 12:30 . 2010-08-01 18:10	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\Apple Computer
2010-08-01 18:10 . 2010-08-01 18:10	--------	d-----w-	c:\dokumente und einstellungen\Gast\Anwendungsdaten\PC Suite
2010-06-30 12:28 . 2004-11-11 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-18 18:46	38848	----a-w-	c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-01-01 22:40	165032	----a-w-	c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-01-01 22:40	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-01-01 22:40	165456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-01-01 22:40	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-01-01 22:40	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-01-01 22:40	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-01-01 22:40	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-01-01 22:40	28880	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2010-06-26 21:08 . 2009-11-19 19:18	95144	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-24 12:10 . 2004-11-11 12:00	672768	----a-w-	c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2009-08-03 10:13	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2004-11-11 12:00	1852032	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-11 12:00	354304	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-11-11 12:00	80384	----a-w-	c:\windows\system32\iccvid.dll
2010-06-17 13:53 . 2010-06-17 13:53	50	----a-w-	c:\windows\system32\bridf08b.dat
2010-06-14 14:31 . 2009-08-03 09:09	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-11-11 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2009-07-23 14:30 . 2009-08-05 17:48	1456640	----a-w-	c:\programme\Gemeinsame Dateien\Falk Navi-Manager.msi
.

------- Sigcheck -------

[-] 2004-11-11 12:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-11-11 12:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"RoboForm"="c:\programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-09-04 160328]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FuncKey"="c:\programme\Hotkey 1.0.4\FuncKey.exe" [2006-07-27 122880]
"PowerManager"="c:\programme\Power Manager\PM.exe" [2006-12-12 30720]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2005-04-15 172032]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" [2007-02-05 176128]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-02-01 778240]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-11-17 198160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\
Mozilla Firefox.lnk - c:\programme\Mozilla Firefox\firefox.exe [2010-9-5 910296]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02.01.2010 00:40 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02.01.2010 00:40 17744]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [17.06.2010 00:14 246520]
R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\programme\Seagate Replica\bin\Seagate-Replica-Service.exe [08.12.2009 22:00 1814016]
R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\programme\Seagate Replica\bin\Seagate-Replica-SysMon.exe [08.12.2009 22:00 162256]
S3 esgiguard;esgiguard;\??\c:\programme\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\programme\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10.09.2009 12:39 192256]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.09.2009 03:05 722416]
.
Inhalt des "geplante Tasks" Ordners

2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ek8rl6w1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-06 17:50
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????? 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Service]
"ImagePath"="c:\programme\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1229272821-688789844-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,a5,1f,60,76,17,1e,40,ab,41,bb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,a5,1f,60,76,17,1e,40,ab,41,bb,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Alwil Software\Avast5\AvastSvc.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\S3trayp.exe
c:\windows\system32\rundll32.exe
c:\programme\Apoint2K\Apntex.exe
c:\programme\Brother\ControlCenter3\brccMCtl.exe
c:\programme\Brother\Brmfcmon\BrMfimon.exe
c:\programme\Seagate Replica\bin\Seagate-Replica-Tray.exe
c:\programme\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\PC Connectivity Solution\ServiceLayer.exe
c:\programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-06  17:58:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-06 15:58

Vor Suchlauf: 1.452.343.296 Bytes frei
Nach Suchlauf: 1.396.682.752 Bytes frei

- - End Of File - - 7F543FC0EF2A94ECC5EC0F9DD8B897C8
         

Alt 06.09.2010, 22:50   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2010, 00:40   #11
Provocateur
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Hi,

hier das OSAM Log:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:32:08 on 07.09.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSP" (aswSP) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"Atheros Wireless Network Adapter Service" (AR5211) - "Atheros Communications, Inc." - C:\WINDOWS\System32\DRIVERS\ar5211.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "ALWIL Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"esgiguard" (esgiguard) - ? - C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WINIO" (WINIO) - "hxxp://www.internals.com" - C:\WINDOWS\system32\WinIo.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\WINDOWS\system32\msvidctl.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "wlmailhtml" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "Malware Defense extension" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\OLKFSTUB.DLL
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{cc86590a-b60a-48e6-996b-41d25ed39a1e} "Portable Media Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{7A9A2CC0-1C55-41F8-8305-957DE59A6B0B} "RebitShellExt.ContextMenuExtension" - "Seagate Technology LLC" - C:\PROGRA~1\SEAGAT~1\bin\SEAGAT~2.DLL
{41219729-53A7-4BFA-860D-3C07701A7367} "RebitShellExt.InfotipExtension" - "Seagate Technology LLC" - C:\PROGRA~1\SEAGAT~1\bin\SEAGAT~2.DLL
{6F5D5D75-8A92-45A8-9EB7-59CB44C8C6A2} "Seagate Replica" - "Seagate Technology LLC" - C:\PROGRA~1\SEAGAT~1\bin\SEAGAT~3.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{AFEC8518-7AB9-47D0-B012-B7477881E94B} "TbCopyHook Class" - ? - C:\Programme\TurboFTP\tbshex.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - ? -   (File not found | COM-object registry key not found)
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Editor Drop Target" - ? -   (File not found | COM-object registry key not found)
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Viewer Drop Target" - ? -   (File not found | COM-object registry key not found)
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&RoboForm" - "Siber Systems Inc." - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_14.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_14.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_14.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
"Ausfüllen" - ? - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
"RoboForm" - ? - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
"Speichern" - ? - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&RoboForm" - "Siber Systems Inc." - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{724d43a9-0d85-11d4-9908-00400523e39a} "{724d43a9-0d85-11d4-9908-00400523e39a}" - "Siber Systems Inc." - C:\Programme\Siber Systems\AI RoboForm\roboform.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
"Mozilla Firefox.lnk" - "Mozilla Corporation" - C:\Programme\Mozilla Firefox\firefox.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"RoboForm" - "Siber Systems" - "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avast5" - "AVAST Software" - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
"FuncKey" - ? - "C:\Programme\Hotkey 1.0.4\FuncKey.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"HDAudDeck" - "VIA Technologies, Inc." - C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
"IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
"PowerManager" - ? - C:\Programme\Power Manager\PM.exe
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
"avast! iAVS4 Control Service" (aswUpdSv) - ? - "C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"  (File not found)
"avast! Mail Scanner" (avast! Mail Scanner) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
"avast! Web Scanner" (avast! Web Scanner) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Dienst für Seriennummern der tragbaren Medien" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\MsPMSNSv.dll
"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Seagate-Replica-Service" (Seagate-Replica-Service) - ? - C:\Programme\Seagate Replica\bin\Seagate-Replica-Service.exe  (File found, but it contains no detailed information)
"Seagate-Replica-SysMon" (Seagate-Replica-SysMon) - ? - C:\Programme\Seagate Replica\bin\Seagate-Replica-SysMon.exe  (File found, but it contains no detailed information)
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live Family Safety-Dienst" (fsssvc) - ? - "C:\Programme\Windows Live\Family Safety\fsssvc.exe"  (File not found)
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Bootkit Remover:


Alt 07.09.2010, 08:56   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Einen Gegencheck brauch ich noch:

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.09.2010, 13:18   #13
Provocateur
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Runtergeladen und ausgeführt..

Hier das Log:

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Professional
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000000c

Kernel Drivers (total 125):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806D1000 \WINDOWS\system32\hal.dll
  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
  0xB9F78000 ACPI.sys
  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB9F67000 pci.sys
  0xBA0A8000 isapnp.sys
  0xBA4BC000 compbatt.sys
  0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
  0xBA670000 pciide.sys
  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xBA5AC000 viaide.sys
  0xBA0B8000 MountMgr.sys
  0xB9F48000 ftdisk.sys
  0xBA5AE000 dmload.sys
  0xB9F22000 dmio.sys
  0xBA330000 PartMgr.sys
  0xBA0C8000 VolSnap.sys
  0xB9F0A000 atapi.sys
  0xBA0D8000 disk.sys
  0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB9EEA000 fltmgr.sys
  0xB9ED8000 sr.sys
  0xBA0F8000 PxHelp20.sys
  0xB9EC1000 KSecDD.sys
  0xB9E34000 Ntfs.sys
  0xB9E07000 NDIS.sys
  0xBA108000 uagp35.sys
  0xB9DED000 Mup.sys
  0xBA568000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB9CF1000 \SystemRoot\system32\DRIVERS\S3gIGPm.sys
  0xB9CDD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xBA198000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xBA1A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xBA1B8000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB9CBA000 \SystemRoot\system32\DRIVERS\ks.sys
  0xBA440000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
  0xBA450000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB9C96000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xBA458000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xBA1C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xB9C7B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0xBA468000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB9C53000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xB9AD2000 \SystemRoot\system32\DRIVERS\athw.sys
  0xBA588000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0xBA5E2000 \SystemRoot\system32\DRIVERS\serscan.sys
  0xBA6CA000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xBA1D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xBA590000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB9ABB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xBA1E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xBA1F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xBA498000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB9AAA000 \SystemRoot\system32\DRIVERS\psched.sys
  0xBA208000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xBA4A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xBA360000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB9A7A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xBA218000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xBA5E8000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB99F4000 \SystemRoot\system32\DRIVERS\update.sys
  0xB9DBD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xBA238000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xBA278000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xBA5EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB88FD000 \SystemRoot\system32\drivers\viahduaa.sys
  0xB88D9000 \SystemRoot\system32\drivers\portcls.sys
  0xBA288000 \SystemRoot\system32\drivers\drmk.sys
  0xB87E9000 \SystemRoot\system32\DRIVERS\smserial.sys
  0xBA3A8000 \SystemRoot\System32\Drivers\Modem.SYS
  0xBA5F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA6FC000 \SystemRoot\System32\Drivers\Null.SYS
  0xBA5F8000 \SystemRoot\System32\Drivers\Beep.SYS
  0xBA3D8000 \SystemRoot\System32\drivers\vga.sys
  0xBA5FC000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xBA600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xBA3E8000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xBA3F8000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xBA554000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB87B6000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB875D000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xBA298000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0xB8737000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xBA2A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB870F000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB86D7000 \SystemRoot\system32\DRIVERS\tcpip6.sys
  0xB86B5000 \SystemRoot\System32\drivers\afd.sys
  0xBA2B8000 \SystemRoot\system32\drivers\ip6fw.sys
  0xBA2F8000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xBA410000 \??\C:\WINDOWS\system32\WinIo.sys
  0xB868A000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xB861A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xBA2C8000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB85F3000 \SystemRoot\System32\Drivers\aswSP.SYS
  0xBA428000 \SystemRoot\System32\Drivers\Aavmker4.SYS
  0xBA308000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB85B3000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xBA62A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB99D8000 \SystemRoot\System32\drivers\Dxapi.sys
  0xBA488000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xBA792000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\S3gIGP.dll
  0xBF0F0000 \SystemRoot\System32\s3ginv.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xB351F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0xBA2E8000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
  0xB33B1000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
  0xB35E7000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
  0xB34CF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB3322000 \SystemRoot\System32\Drivers\aswMon2.SYS
  0xB892C000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
  0xB30CA000 \SystemRoot\system32\DRIVERS\nwrdr.sys
  0xB309D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB3038000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB32BA000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB299B000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB24B5000 \SystemRoot\System32\Drivers\HTTP.sys
  0xBA3A0000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
       0 System Idle Process
       4 System
     560 C:\WINDOWS\system32\smss.exe
     608 csrss.exe
     640 C:\WINDOWS\system32\winlogon.exe
     684 C:\WINDOWS\system32\services.exe
     696 C:\WINDOWS\system32\lsass.exe
     864 C:\WINDOWS\system32\svchost.exe
     932 svchost.exe
     972 C:\WINDOWS\system32\svchost.exe
    1052 svchost.exe
    1128 svchost.exe
    1324 C:\Programme\Alwil Software\Avast5\AvastSvc.exe
    1804 C:\WINDOWS\system32\spoolsv.exe
    1884 svchost.exe
     208 C:\WINDOWS\explorer.exe
     376 C:\Programme\Hotkey 1.0.4\FuncKey.exe
     384 C:\Programme\Power Manager\PM.exe
     392 C:\Programme\Apoint2K\Apoint.exe
     400 C:\WINDOWS\system32\VTTimer.exe
     408 C:\WINDOWS\system32\S3Trayp.exe
     428 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
     352 C:\WINDOWS\system32\rundll32.exe
     472 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
     480 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     488 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
     496 C:\Programme\Bonjour\mDNSResponder.exe
     588 svchost.exe
     612 C:\Programme\iTunes\iTunesHelper.exe
     880 C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
     888 C:\Programme\Apoint2K\ApntEx.exe
    1044 C:\Programme\ICQ6Toolbar\ICQ Service.exe
    1096 C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
    1356 C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe
    1368 C:\Programme\Brother\ControlCenter3\BrccMCtl.exe
    1392 C:\WINDOWS\system32\ctfmon.exe
    1452 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1500 C:\Programme\Mozilla Firefox\firefox.exe
    1648 C:\WINDOWS\system32\svchost.exe
    2080 C:\Programme\Seagate Replica\bin\Seagate-Replica-Service.exe
    2496 C:\Programme\Brother\Brmfcmon\BrMfimon.exe
    2576 C:\Programme\Seagate Replica\bin\Seagate-Replica-SysMon.exe
    2640 C:\Programme\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
    2888 C:\Programme\Seagate Replica\bin\Seagate-Replica-Tray.exe
    3072 C:\Programme\PC Connectivity Solution\ServiceLayer.exe
    3160 C:\Programme\iPod\bin\iPodService.exe
    3480 alg.exe
    3488 C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
    3576 C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
    2936 C:\Programme\ICQ7.2\ICQ.exe
    1708 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!
         

Alt 08.09.2010, 13:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.09.2010, 11:51   #15
Provocateur
 
newporto.cn hat sich bei mir eingenistet :( - Standard

newporto.cn hat sich bei mir eingenistet :(



Hi,

schlechte Nachrichten. Als ich gestern Abend endlich mal Zeit gefunden habe und Malware mein System checken lassen wollte, bekam ich wieder die Meldung mit newporto.cn, aber noch schlimmer, direkt danach sah ich, wie das ganze System befallen wurde, also wie alle System Dateien unten Rechts als Virus angezeigt wurden. Da habe ich abrupt mein Rechner heruntergefahren und dann noch geschafft, Malware auszuführen (zu der Zeit hat nichts funktioniert, kein taskmanager, nichts).

Hier das Log:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4570

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10.09.2010 01:15:56
mbam-log-2010-09-10 (01-15-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 40252
Laufzeit: 14 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\dspapg.dll (Trojan.Hiloti) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xjoyeqono (Trojan.Hiloti) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\dspapg.dll (Trojan.Hiloti) -> Delete on reboot.
         
Die Anzeige von Newporto.cn ist noch immer da, obwohl ich wirklich dachte dass es gelölscht wurde. Soll ich nun die ganzen Schritte nochmal wiederholen??

Danke nochmal für die Hilfe

Antwort

Themen zu newporto.cn hat sich bei mir eingenistet :(
0x00000001, alternate, antivirus, avast!, bho, bonjour, components, desktop, einstellungen, enigma, error, excel.exe, firefox, flash player, format, helper, hijack, hijackthis, iexplore.exe, installation, location, logfile, microsoft office word, mozilla, office 2007, oldtimer, otl logfile, problem, registry, rundll, safer networking, saver, searchplugins, security, security update, senden, server, shell32.dll, software, sptd.sys, thomas, udp, vlc media player, wireless lan, wlan



Ähnliche Themen: newporto.cn hat sich bei mir eingenistet :(


  1. pup.optional.Astromenda hat sich eingenistet
    Plagegeister aller Art und deren Bekämpfung - 07.03.2015 (13)
  2. advanced system protector hat sich eingenistet
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (19)
  3. Advanced System Protector hat sich eingenistet.
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (11)
  4. 2x | QV06.com hat sich bei mir eingenistet
    Mülltonne - 03.09.2013 (2)
  5. Trojaner searchnu hat sich eingenistet
    Log-Analyse und Auswertung - 08.11.2012 (12)
  6. loaupdt.jpg hat sich bei mir eingenistet
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  7. searchnu/406 hat sich eingenistet
    Log-Analyse und Auswertung - 15.04.2012 (1)
  8. searchnu hat sich als Startseite eingenistet
    Log-Analyse und Auswertung - 22.03.2012 (5)
  9. TAN-Banker-trojaner hat sich eingenistet
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (1)
  10. MS Antivirus hat sich eingenistet
    Log-Analyse und Auswertung - 04.10.2008 (8)
  11. MS Antivir hat sich eingenistet
    Log-Analyse und Auswertung - 30.09.2008 (34)
  12. www.search-daily.com hat sich eingenistet
    Plagegeister aller Art und deren Bekämpfung - 17.10.2007 (2)
  13. Es hat sich etwas eingenistet... Log Überprüfung bitte !
    Log-Analyse und Auswertung - 28.09.2005 (10)
  14. Hilfe Azesearch hat sich eingenistet
    Plagegeister aller Art und deren Bekämpfung - 03.04.2005 (4)
  15. AZEsearch hat sich eingenistet! Wie bekomme ich ihn weg?
    Plagegeister aller Art und deren Bekämpfung - 31.03.2005 (3)
  16. Azesearch Toolbar hat sich eingenistet
    Plagegeister aller Art und deren Bekämpfung - 13.03.2005 (13)
  17. Da hat sich jemand eingenistet!!!
    Log-Analyse und Auswertung - 08.12.2004 (6)

Zum Thema newporto.cn hat sich bei mir eingenistet :( - Hallo liebe Leute, seit einigen Tagen bekomme ich dauernd die avast! Meldung, die wie folgt ausschaut: Ich habe avast! komplett durchlaufen lassen, alles auffällige gelöscht. Malwarebytes' Anti-Malware durchlaufen lassen und - newporto.cn hat sich bei mir eingenistet :(...
Archiv
Du betrachtest: newporto.cn hat sich bei mir eingenistet :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.