Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Personal Shield Pro.... Logfileposting (https://www.trojaner-board.de/102760-personal-shield-pro-logfileposting.html)

jogi86 22.08.2011 03:56
Personal Shield Pro.... Logfileposting
 
Hi,

ich habe es geschafft und mir den oben genannten Kollegen eingefangen....

So, hier nun die Malwarebytes Log- Datei:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7531

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

22.08.2011 04:44:19
mbam-log-2011-08-22 (04-44-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166899
Laufzeit: 10 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AZZ1F2UZXQEOCXUWB (Rootkit.0Access.XGen) -> Value: 4Y3Y0C3AZZ1F2UZXQEOCXUWB -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nN17200CeFhE17200 (Trojan.FakeAlert) -> Value: nN17200CeFhE17200 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E3DFF6CE-B27A-3CF5-9D0F-ABEE4F75C023} (Trojan.ZbotR.Gen) -> Value: {E3DFF6CE-B27A-3CF5-9D0F-ABEE4F75C023} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9FC34070-7A08-0E28-0F09-CCA4E96071E8} (Trojan.ZbotR.Gen) -> Value: {9FC34070-7A08-0E28-0F09-CCA4E96071E8} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Recycled\9cdea5fb9db.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.
c:\programdata\nn17200cefhe17200\nn17200cefhe17200.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\jogi\AppData\Roaming\Dasiut\xoilu.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
c:\Users\jogi\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



So und nun die OTL-Files:




OTL logfile created on: 22.08.2011 04:50:25 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\jogi\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 51,95% Memory free
4,20 Gb Paging File | 3,15 Gb Available in Paging File | 74,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 23,81 Gb Free Space | 26,96% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 60,04 Gb Free Space | 68,23% Space Free | Partition Type: NTFS

Computer Name: JOGI-PC | User Name: jogi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\jogi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\M-Audio Sonica Theater\Install\STInst.exe (Nemesis)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\Crypserv.exe (Kenonic Controls Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SonicaTheaterInstallerService) -- C:\Programme\M-Audio Sonica Theater\Install\STInst.exe (Nemesis)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (Kenonic Controls Ltd.)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys ()
DRV - (Haspnt) -- C:\Windows\System32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (U46_AA) -- C:\Windows\System32\drivers\U46DRV.sys ()
DRV - (U46WDM1_01) -- C:\Windows\System32\drivers\U46wdm.sys ()
DRV - (IKStealthPedal) -- C:\Windows\System32\drivers\IKStealthPedalLL.sys (IK Multimedia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: omt@guessmer.de:0.08
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.29 11:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.11 05:55:51 | 000,000,000 | ---D | M]

[2008.08.26 10:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jogi\AppData\Roaming\mozilla\Extensions
[2011.08.04 13:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jogi\AppData\Roaming\mozilla\Firefox\Profiles\o0mk0zod.default\extensions
[2010.01.03 20:35:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jogi\AppData\Roaming\mozilla\Firefox\Profiles\o0mk0zod.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.04 13:10:37 | 000,000,000 | ---D | M] ("OpenMixTools") -- C:\Users\jogi\AppData\Roaming\mozilla\Firefox\Profiles\o0mk0zod.default\extensions\omt@guessmer.de
[2011.08.08 12:51:59 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-1.xml
[2010.02.19 09:46:29 | 000,000,961 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-10.xml
[2010.12.14 18:34:15 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-11.xml
[2008.07.08 21:38:36 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-2.xml
[2008.07.16 16:32:59 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-3.xml
[2009.07.15 06:09:41 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-4.xml
[2009.07.24 22:50:38 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-5.xml
[2009.08.09 02:49:11 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-6.xml
[2010.01.03 19:03:43 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-7.xml
[2010.01.07 07:35:28 | 000,000,950 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-8.xml
[2010.01.26 19:00:06 | 000,000,961 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin-9.xml
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\icqplugin.xml
[2008.12.03 14:20:40 | 000,001,330 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\wikipedia-en.xml
[2008.11.26 23:34:21 | 000,001,032 | ---- | M] () -- C:\Users\jogi\AppData\Roaming\Mozilla\Firefox\Profiles\o0mk0zod.default\searchplugins\wikipedia-eng.xml
[2011.01.28 19:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.14 21:05:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.23 18:14:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.26 23:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.24 18:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2008.07.20 16:08:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.17 13:23:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.27 12:35:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.02.23 00:30:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.23 18:14:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.26 23:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.24 18:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.29 11:04:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.11 05:55:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.11 05:55:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.11 05:55:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.11 05:55:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.11 05:55:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.11 05:55:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JamInit] C:\Windows\System32\U46Pan.exe (EGO SYS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{9FC34070-7A08-0E28-0F09-CCA4E96071E8}] File not found
O4 - HKCU..\Run: [Audiogalaxy] C:\Users\jogi\AppData\Local\Audiogalaxy\Audiogalaxy.exe (AG Entertainment Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1b41aa61-9165-11de-a19d-001377af6179}\Shell\AutoRun\command - "" = F:\starter.exe
O33 - MountPoints2\{e6201a52-11c6-11e0-8719-001377af6179}\Shell\AutoRun\command - "" = F:\Launcher.exe
O33 - MountPoints2\{f3478361-2409-11de-8e28-001377af6179}\Shell\AutoRun\command - "" = F:\start.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.22 04:48:01 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\jogi\Desktop\OTL.exe
[2011.08.22 04:28:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.22 04:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.22 04:28:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.22 04:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.22 04:12:19 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jogi\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.22 03:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\nN17200CeFhE17200
[2011.08.11 13:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.08.11 13:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011.08.11 13:28:56 | 000,000,000 | ---D | C] -- C:\Users\jogi\Desktop\maik
[2011.08.03 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\jogi\AppData\Roaming\Orace
[2011.08.03 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\jogi\AppData\Roaming\Dasiut
[2011.07.26 18:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Allen & Heath
[2011.07.26 18:26:18 | 000,000,000 | ---D | C] -- C:\Users\jogi\Allen & Heath
[2011.07.26 18:26:08 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2011.07.26 18:25:51 | 000,000,000 | ---D | C] -- C:\Users\jogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allen & Heath
[2011.07.26 18:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Allen & Heath
[2011.07.26 18:17:38 | 046,817,554 | ---- | C] (Allen & Heath) -- C:\Users\jogi\Desktop\iLive+Editor+V1.82-Setup.exe
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[1 C:\Users\jogi\Documents\*.tmp files -> C:\Users\jogi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.22 04:48:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\jogi\Desktop\OTL.exe
[2011.08.22 04:45:22 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\gaxvj.sys
[2011.08.22 04:28:28 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.22 04:25:25 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2011.08.22 04:25:11 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.22 04:24:01 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 04:24:01 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.22 04:23:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.22 04:23:48 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.22 04:12:28 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jogi\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.22 03:49:03 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.22 03:47:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.21 14:46:06 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4922F9A8-23C3-44E0-B6A3-61E98C151398}.job
[2011.08.12 20:45:58 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.12 20:45:58 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.12 20:45:58 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.12 20:45:58 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.11 13:26:07 | 004,076,719 | ---- | M] () -- C:\Users\jogi\Desktop\FileZilla_3.2.7.1_win32-setup.exe
[2011.08.10 19:28:12 | 000,102,974 | ---- | M] () -- C:\Users\jogi\Documents\Rider.pdf
[2011.08.04 20:39:43 | 000,002,623 | ---- | M] () -- C:\Users\jogi\Desktop\Microsoft Word.lnk
[2011.07.29 15:19:27 | 206,667,199 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.26 18:26:08 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\iLive Editor V1.82.lnk
[2011.07.26 18:21:16 | 046,817,554 | ---- | M] (Allen & Heath) -- C:\Users\jogi\Desktop\iLive+Editor+V1.82-Setup.exe
[1 C:\Users\jogi\Documents\*.tmp files -> C:\Users\jogi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.22 04:45:22 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\gaxvj.sys
[2011.08.22 04:28:28 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.22 04:23:48 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.11 13:25:55 | 004,076,719 | ---- | C] () -- C:\Users\jogi\Desktop\FileZilla_3.2.7.1_win32-setup.exe
[2011.07.26 18:26:08 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\iLive Editor V1.82.lnk
[2011.03.23 22:33:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.10 18:54:07 | 000,000,092 | ---- | C] () -- C:\Users\jogi\AppData\Local\fusioncache.dat
[2011.02.11 14:04:36 | 000,049,152 | ---- | C] () -- C:\Windows\System32\IKClsCoInst.dll
[2011.01.19 16:33:22 | 000,007,592 | ---- | C] () -- C:\Users\jogi\AppData\Local\d3d9caps.dat
[2010.12.09 14:18:00 | 004,648,960 | ---- | C] () -- C:\Windows\System32\m7cl3-qt-mt336.dll
[2010.11.10 19:08:23 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll
[2010.11.10 19:08:23 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe
[2010.11.10 19:08:23 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys
[2010.11.10 19:08:23 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys
[2010.11.10 18:55:16 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010.11.10 18:51:15 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2010.11.05 20:15:59 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2010.08.19 16:59:15 | 000,000,045 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010.08.19 16:59:11 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010.08.19 16:59:11 | 000,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010.08.19 16:59:11 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010.08.19 16:59:11 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010.08.19 16:58:03 | 000,586,240 | ---- | C] () -- C:\Windows\System32\drivers\hardlock.sys
[2010.08.19 16:58:03 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010.08.19 16:57:58 | 000,073,216 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS
[2010.08.19 16:57:58 | 000,047,616 | ---- | C] () -- C:\Windows\System32\SNTI386.DLL
[2010.08.19 16:57:58 | 000,017,920 | ---- | C] () -- C:\Windows\System32\RNBOVDD.DLL
[2010.07.15 17:31:58 | 004,648,960 | ---- | C] () -- C:\Windows\System32\ls9-qt-mt336.dll
[2010.04.21 06:38:27 | 000,017,408 | ---- | C] () -- C:\Windows\System32\minimp3.exe
[2010.04.21 00:04:55 | 001,637,888 | ---- | C] () -- C:\Windows\System32\Lexicon PSP42.dll
[2010.04.21 00:02:56 | 002,864,128 | ---- | C] () -- C:\Windows\System32\PSP 84.dll
[2009.09.18 14:26:27 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2009.09.18 14:26:20 | 000,000,101 | ---- | C] () -- C:\Windows\nwwm2.ini
[2009.04.20 00:18:55 | 000,000,039 | ---- | C] () -- C:\Windows\nap.ini
[2009.03.06 18:46:12 | 000,000,298 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2009.02.17 12:47:06 | 004,648,960 | ---- | C] () -- C:\Windows\System32\pm5d2-qt-mt336.dll
[2008.12.18 19:58:36 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.18 19:58:36 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.01 18:53:34 | 005,607,424 | ---- | C] () -- C:\Windows\System32\smh-qt-mt336.dll
[2008.08.06 21:16:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.08.06 21:16:26 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.06.11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.06.11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.05.15 22:42:21 | 002,402,025 | ---- | C] () -- C:\Windows\System32\dongle.dll
[2008.05.15 22:11:23 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2008.04.20 18:30:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.03.29 04:59:40 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008.02.24 19:20:58 | 000,026,112 | ---- | C] () -- C:\Users\jogi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.24 15:16:42 | 000,027,744 | ---- | C] () -- C:\Users\jogi\AppData\Roaming\nvModes.001
[2008.02.24 05:35:55 | 000,027,744 | ---- | C] () -- C:\Users\jogi\AppData\Roaming\nvModes.dat
[2008.02.23 20:06:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.23 14:25:49 | 000,017,089 | ---- | C] () -- C:\Users\jogi\AppData\Roaming\UserTile.png
[2007.09.08 05:01:24 | 000,377,856 | ---- | C] () -- C:\Windows\System32\SetAutoConsole.exe
[2007.09.08 04:17:12 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.09.08 04:17:12 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.09.08 04:16:30 | 000,221,184 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2007.09.08 04:00:18 | 000,003,352 | ---- | C] () -- C:\Windows\System32\drivers\HDACfg.dat
[2007.09.08 03:52:14 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.09.07 10:43:53 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.09.07 10:43:53 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.07 10:43:52 | 000,651,350 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.09.07 10:43:52 | 000,121,114 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.09.07 10:37:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.07 10:37:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.12.20 05:00:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.16 12:43:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,417,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,618,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2006.08.27 22:32:33 | 000,905,290 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011.04.11 10:46:31 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Audacity
[2011.05.02 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Canon
[2008.02.28 23:46:00 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\DAEMON Tools
[2009.03.06 18:47:18 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\DAEMON Tools Lite
[2011.08.22 04:44:19 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Dasiut
[2011.01.26 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Downloaded Installations
[2010.07.26 19:12:35 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.20 00:05:57 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\EasyView
[2010.10.04 16:29:33 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Electronic Arts
[2011.05.26 19:07:34 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\elsterformular
[2010.04.21 21:03:42 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\FabFilter
[2011.08.11 13:55:42 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\FileZilla
[2010.04.23 19:33:49 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\GetRightToGo
[2011.01.28 19:27:42 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Guitar Pro 6
[2011.07.17 22:56:13 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\ICQ
[2010.04.11 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Leadertech
[2010.04.20 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Lexicon PCM Native
[2010.11.10 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Line 6
[2008.03.31 02:46:17 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Mp3tag
[2011.08.22 04:53:49 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Orace
[2008.02.23 14:25:49 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\PeerNetworking
[2009.04.19 23:13:10 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\PopSoft
[2011.05.24 18:07:35 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Soundcraft Vi
[2010.08.19 18:15:54 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Stardraw.com Ltd
[2010.11.10 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Steinberg
[2010.01.02 20:37:17 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\T-Online
[2011.04.12 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Teleca
[2010.04.06 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\temp
[2011.06.17 22:03:16 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\VST3 Presets
[2010.04.21 23:11:34 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Waves Audio
[2008.07.28 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Xilisoft Corporation
[2010.12.24 06:16:00 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Ynfu
[2010.12.24 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\jogi\AppData\Roaming\Zytos
[2011.08.22 03:47:29 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.22 04:25:25 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2011.08.21 14:46:06 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4922F9A8-23C3-44E0-B6A3-61E98C151398}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010.08.19 18:00:55 | 000,000,000 | ---D | M](C:\Windows\System32\?́???́?́?́?́?́?́) -- C:\Windows\System32\́둠睁́́́́́́
[2010.08.19 18:00:55 | 000,000,000 | ---D | C](C:\Windows\System32\?́???́?́?́?́?́?́) -- C:\Windows\System32\́둠睁́́́́́́

< End of report >



So, That's it. Wäre sehr sehr geil, wenn mir wer helfen könnte. Wie dem auch sei, auf jeden Fall schonmal Danke!!!!!!!

cosinus 22.08.2011 11:00
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:28 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129