Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Browser öffnet selbstständig Tabs mit kryptischen Adressen (https://www.trojaner-board.de/104795-browser-oeffnet-selbststaendig-tabs-kryptischen-adressen.html)

okr 05.11.2011 09:54
Browser öffnet selbstständig Tabs mit kryptischen Adressen
 
Hallo miteinander.
Möglicherweise habe ich ein Problem. In sehr unregelmäßigen Abständen öffnet mein Browser selbstständig ein Tab mit Adressen wie (hinten gekürzt): hxxp://ad.z5x.net/clk?3,eAGljckSgkAMRL.GGwfDjMDUlIc4KKDEpVyLmzOlKOJyULH4elHUHzCX192VdIBJzcS...

Dieses Problem hatte ich auf einem PC und jetzt auch auf einem Laptop. Am Laptop hab ich auch ab und zu mal ein Bluescreen mit sofortigem Systemneustart danach. Das trat am PC aber nicht auf.
Nach einigem Rumstöbern (speziell auf trojaner-board.de) hab ich ein bisschen Angst, dass es sich um einen Trojaner/Rootkit handeln könnte. Ich hab normale Virenscanner wie Malwarebytes, MSE benutzt und noch die Desinfect-DVD aus der c't 08/11 durchlaufen lassen, jedoch hat keines der Programme irgendwas gefunden.

Am PC ist das Problem bisher nicht wieder aufgetaucht, ob der wirklich sauber ist, weiß ich aber auch nciht. Am Laptop passierte das jetzt allerdings nach diesen Maßnahmen.
Standardmäßig läuft auf beiden MSE und (seit kurzem) Threatfire.

Ich hoffe, ihr könnt mir helfen.


OTL Logdateien:

OTL.Txt:OTL Logfile:
Code:
OTL logfile created on: 05.11.2011 09:34:58 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Oliver\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 78,95% Memory free
4,00 Gb Paging File | 3,10 Gb Available in Paging File | 77,44% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 36,44 Gb Free Space | 65,19% Space Free | Partition Type: NTFS
 
Computer Name: OLIVER-PC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.05 09:24:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe
PRC - [2011.02.22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.11.01 16:49:22 | 000,614,912 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.12 13:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\68D1.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011.02.22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011.02.22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009.10.26 14:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009.10.10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 96 91 76 33 8B CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "de.wikipedia.org"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.15 13:12:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.10.15 13:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions
[2011.11.05 07:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\vpaeuven.default\extensions
[2011.11.05 07:53:14 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\vpaeuven.default\extensions\firefox@ghostery.com
[2011.10.23 10:46:30 | 000,002,289 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\vpaeuven.default\searchplugins\ecosia.xml
[2011.10.29 07:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.29 07:47:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\OLIVER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VPAEUVEN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\OLIVER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VPAEUVEN.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\OLIVER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VPAEUVEN.DEFAULT\EXTENSIONS\JOHN@VELVETCACHE.ORG.XPI
[2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4210523E-A41A-4B4E-BC35-3E0213A5D893}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Infium - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.05 09:24:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe
[2011.11.05 09:14:29 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Malwarebytes
[2011.11.05 09:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.05 09:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.05 09:14:04 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.05 09:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.05 09:05:24 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\assembly
[2011.11.05 09:04:19 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Temporary Projects
[2011.11.04 10:59:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.11.04 10:59:20 | 000,000,000 | ---D | C] -- C:\4c7277d37b1868240bcecc0518
[2011.11.04 09:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2011.11.04 09:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011.11.04 09:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011.11.04 09:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011.11.04 09:35:37 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011.11.04 09:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011.11.04 09:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011.11.04 09:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2011.11.04 09:24:57 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2011.11.04 09:24:57 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2011.11.04 09:24:57 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2011.11.04 09:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
[2011.11.04 09:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.11.04 08:41:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.11.04 08:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011.11.04 07:07:25 | 000,000,000 | ---D | C] -- C:\6811f6991fd37e838a
[2011.11.03 21:44:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.03 21:31:57 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Diagnostics
[2011.11.03 19:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows7FirewallControl
[2011.11.03 19:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl
[2011.11.03 12:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011.11.03 12:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011.11.03 12:45:22 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Visual Studio 2008
[2011.11.03 12:45:14 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Visual Studio 2010
[2011.11.03 12:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2011.11.03 11:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011.11.03 11:57:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.10.30 09:24:14 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.10.30 09:05:27 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Columbus Soft
[2011.10.30 09:05:23 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\PriMusFree
[2011.10.30 09:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriMusFree
[2011.10.30 09:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriMusFree
[2011.10.29 08:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.10.29 08:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.10.29 07:48:31 | 000,000,000 | ---D | C] -- C:\Users\Oliver\P5JavaClientSettings
[2011.10.29 07:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.10.29 07:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.10.29 07:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.10.29 07:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011.10.26 16:06:50 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.10.26 16:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.10.26 16:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.10.24 17:30:29 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\PeerNetworking
[2011.10.24 17:29:11 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Remote Assistance Logs
[2011.10.22 09:16:42 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Skype
[2011.10.22 09:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.10.22 09:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.10.22 09:16:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.10.22 09:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.10.18 20:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.10.16 20:00:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.10.16 19:35:35 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\ICQ
[2011.10.16 08:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.6
[2011.10.16 08:00:52 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\ICQ
[2011.10.16 08:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.6
[2011.10.16 07:55:09 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\QIP
[2011.10.15 22:54:07 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Macromedia
[2011.10.15 22:54:07 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Adobe
[2011.10.15 22:54:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.10.15 22:53:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.15 17:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.10.15 17:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.10.15 17:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011.10.15 14:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Protector Suite
[2011.10.15 13:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.10.15 13:35:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.10.15 13:35:07 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\InstallShield
[2011.10.15 13:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011.10.15 13:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.10.15 13:34:31 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.10.15 13:34:31 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.10.15 13:33:49 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011.10.15 13:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011.10.15 13:33:43 | 000,000,000 | ---D | C] -- C:\Intel
[2011.10.15 13:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.10.15 13:27:41 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.10.15 13:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.10.15 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011.10.15 13:12:30 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Mozilla
[2011.10.15 13:12:30 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Mozilla
[2011.10.15 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.10.14 19:19:05 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.10.14 19:18:52 | 000,000,000 | -HSD | C] -- C:\Boot
[2011.10.14 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.10.14 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Searches
[2011.10.14 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.10.14 18:24:57 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Identities
[2011.10.14 18:24:56 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Contacts
[2011.10.14 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\VirtualStore
[2011.10.14 18:24:52 | 000,000,000 | --SD | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Videos
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Saved Games
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Pictures
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Music
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Links
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Favorites
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Downloads
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Documents
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\Desktop
[2011.10.14 18:24:52 | 000,000,000 | R--D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Vorlagen
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\AppData\Local\Verlauf
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\AppData\Local\Temporary Internet Files
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Startmenü
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\SendTo
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Recent
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Netzwerkumgebung
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Lokale Einstellungen
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Documents\Eigene Videos
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Documents\Eigene Musik
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Eigene Dateien
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Documents\Eigene Bilder
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Druckumgebung
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Cookies
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\AppData\Local\Anwendungsdaten
[2011.10.14 18:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Oliver\Anwendungsdaten
[2011.10.14 18:24:52 | 000,000,000 | -H-D | C] -- C:\Users\Oliver\AppData
[2011.10.14 18:24:52 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Temp
[2011.10.14 18:24:52 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Microsoft
[2011.10.14 18:24:52 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Media Center Programs
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.10.14 18:24:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.10.14 18:24:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.10.14 18:20:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.10.14 18:19:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.05 09:36:21 | 001,554,610 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.05 09:36:21 | 000,674,164 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.05 09:36:21 | 000,633,204 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.05 09:36:21 | 000,139,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.05 09:36:21 | 000,115,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.05 09:31:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.05 09:30:58 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.05 09:30:58 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.05 09:29:32 | 000,000,000 | ---- | M] () -- C:\Users\Oliver\defogger_reenable
[2011.11.05 09:24:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe
[2011.11.05 09:24:00 | 000,050,477 | ---- | M] () -- C:\Users\Oliver\Desktop\Defogger.exe
[2011.11.05 09:14:07 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.04 09:36:36 | 000,001,165 | ---- | M] () -- C:\Users\Oliver\Desktop\Microsoft Visual C# 2010 Express.lnk
[2011.11.04 09:24:59 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2011.11.04 07:23:52 | 001,596,906 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.30 09:31:18 | 000,267,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.30 09:07:04 | 000,000,963 | ---- | M] () -- C:\Users\Oliver\Desktop\PriMusFree.lnk
[2011.10.26 16:06:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.10.24 17:30:40 | 000,044,219 | ---- | M] () -- C:\Users\Oliver\AppData\Local\RAContactHistory.xml
[2011.10.22 09:17:40 | 000,002,032 | -H-- | M] () -- C:\Users\Oliver\Documents\Default.rdp
[2011.10.22 09:16:34 | 000,002,547 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.16 08:01:06 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.6.lnk
[2011.10.15 14:10:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2011.10.15 14:10:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2011.10.15 13:28:18 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.10.15 13:12:04 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.14 19:18:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011.10.14 18:21:29 | 000,057,035 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.10.14 18:21:29 | 000,057,035 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.05 09:29:32 | 000,000,000 | ---- | C] () -- C:\Users\Oliver\defogger_reenable
[2011.11.05 09:24:00 | 000,050,477 | ---- | C] () -- C:\Users\Oliver\Desktop\Defogger.exe
[2011.11.05 09:14:07 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.04 09:55:30 | 000,001,165 | ---- | C] () -- C:\Users\Oliver\Desktop\Microsoft Visual C# 2010 Express.lnk
[2011.11.04 09:24:59 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2011.10.30 09:05:23 | 000,000,963 | ---- | C] () -- C:\Users\Oliver\Desktop\PriMusFree.lnk
[2011.10.26 16:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.10.24 17:30:40 | 000,044,219 | ---- | C] () -- C:\Users\Oliver\AppData\Local\RAContactHistory.xml
[2011.10.22 09:16:34 | 000,002,547 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.16 08:07:09 | 000,002,032 | -H-- | C] () -- C:\Users\Oliver\Documents\Default.rdp
[2011.10.16 08:01:06 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.6.lnk
[2011.10.15 14:10:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2011.10.15 14:10:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2011.10.15 13:34:31 | 000,007,383 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011.10.15 13:28:18 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.10.15 13:27:43 | 001,596,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.15 13:27:42 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.10.15 13:12:04 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.15 13:12:04 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.14 19:18:53 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011.10.14 19:18:52 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2011.10.14 18:25:05 | 000,001,401 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.10.14 18:25:03 | 000,001,435 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.10.14 18:21:27 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.10.30 09:05:27 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Columbus Soft
[2011.11.05 08:59:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ICQ
[2011.10.24 17:30:29 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\PeerNetworking
[2011.10.16 07:55:09 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\QIP
[2011.10.23 20:54:48 | 000,017,766 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.10.14 18:24:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.04 10:59:29 | 000,000,000 | ---D | M] -- C:\4c7277d37b1868240bcecc0518
[2011.11.04 08:47:46 | 000,000,000 | ---D | M] -- C:\6811f6991fd37e838a
[2011.10.15 12:56:08 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.11.04 11:10:28 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.14 18:24:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.10.15 13:33:43 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.04 09:37:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.05 09:14:04 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.11.05 09:14:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.14 18:24:48 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.14 18:24:48 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.05 09:35:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.14 18:24:52 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.05 09:12:07 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >
--- --- ---


Extras.Txt:OTL Logfile:
Code:
OTL Extras logfile created on: 05.11.2011 09:34:58 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Oliver\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 78,95% Memory free
4,00 Gb Paging File | 3,10 Gb Available in Paging File | 77,44% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 36,44 Gb Free Space | 65,19% Space Free | Partition Type: NTFS
 
Computer Name: OLIVER-PC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.0.144.38
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"PriMus Free_is1" = PriMus Free 1.1 (Build 10152)
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 07.11.2011 11:13
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


okr 07.11.2011 19:23
Guten Abend. Hier das Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8107

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.11.2011 18:13:27
mbam-log-2011-11-07 (18-13-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 285732
Laufzeit: 10 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Problem:
ESET kann nichts runterladen: "Can not get update. Is proxy configured?"
Ich benutze aber keinen Proxy, darum kann ich auch nichts konfigurieren. Ganz normale Internetverbindung über WLAN.

Eine Idee, woran das liegen kann?
Schon mal vielen Dank fürs Angehen des Gesamtproblems :)

Gruß
Oliver

cosinus 07.11.2011 19:25
http://www.trojaner-board.de/94344-p...n-pruefen.html

okr 07.11.2011 21:08
Ich musste IE neu installieren, der lief überhaupt nicht, Buttons seltsam angeordnet und ist nach 10s immer abgestürzt.
Bei den Systemeinstellungen konnte ich die Internetoptionen (die komischerweise "Internet Options" hießen, obwohl der Rest der Menüs auf deutsch ist) nicht öffnen. Wenn ich die öffnen wollte, ist einfach überhaupt nichts passiert. Also in der Hinsicht war da einiges nicht so, wie es sein sollte. Nach der IE-Neuinstallation waren die Internetoptionen wieder normal, n Proxy war nicht eingestellt. Möglicherweise wurden die Einstellungen, die da vorher waren, aber auch durch die Installation überschrieben.

Hier jedenfalls das Log, nicht wundern, am Anfang hatte ich vergessen, Firewall etc aus zu schalten.

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cc0f35fcfe850b4ca274d0bc84b4f36f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-07 06:45:38
# local_time=2011-11-07 07:45:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 85 73097153 73097153 0 0
# compatibility_mode=8192 67108863 100 0 8249 8249 0 0
# scanned=1306
# found=0
# cleaned=0
# scan_time=55
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cc0f35fcfe850b4ca274d0bc84b4f36f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-07 07:09:43
# local_time=2011-11-07 08:09:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 85 73098654 73098654 0 0
# compatibility_mode=8192 67108863 100 0 9750 9750 0 0
# scanned=3
# found=0
# cleaned=0
# scan_time=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cc0f35fcfe850b4ca274d0bc84b4f36f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-07 07:59:48
# local_time=2011-11-07 08:59:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 85 73098770 73098770 0 0
# compatibility_mode=8192 67108863 100 0 9866 9866 0 0
# scanned=128084
# found=0
# cleaned=0
# scan_time=2889

Hat nichts gefunden, ich hoffe, es ist trotzdem irgendwie hilfreich!

cosinus 08.11.2011 09:01
Auch das OTL-Log ist unauffällig.

Erstell dir mal ein neues Profil mit dem Firefox und teste => Profile verwalten | Anleitung | Firefox-Hilfe

okr 09.11.2011 18:56
Was genau meinst du, soll ich testen? Ob sich Tabs von allein öffnen? Das ist (und war) sehr unregelmäßig und selten.
Grundsätzlich kann es natürlich auch sein, dass das einen ganz anderen Grund hat, aber dann wüsste ich nicht, welchen. Vor allem bei der Art der URL...


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:36 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19