Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   hallo 100€ abzocke (https://www.trojaner-board.de/107827-hallo-100-abzocke.html)

tinot1983 09.01.2012 13:33
hallo 100€ abzocke
 
Hi wie viele andere habe ich auch das gleiche problem mit dieser bundespolizei abzocke und komme ja netmal mehr in denn abgesicherten modus um die systemwieder herstellung zu nutzen.

habe nun viel rum gesucht und bin dann bei euch auf OTLPENet.exe gestossen

hier ist das log file
Code:
OTL logfile created on: 1/9/2012 1:20:57 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 0.30 Gb Free Space | 0.41% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 2.41 Gb Free Space | 32.23% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/12/13 12:30:17 | 003,316,000 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/07/06 10:08:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/14 11:35:02 | 000,201,080 | ---- | M] (Telefónica) [Auto] -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2011/05/11 12:06:00 | 004,330,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/04/29 06:45:46 | 001,006,080 | ---- | M] (IVT Corporation) [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2011/04/27 15:23:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/13 05:02:16 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2011/04/13 05:00:54 | 000,147,563 | ---- | M] (IVT Corporation) [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2011/03/16 03:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/15 19:39:17 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/02/10 08:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/01/12 11:35:12 | 001,051,968 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/01/12 11:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/10/23 04:05:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/19 17:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/19 17:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto] -- C:\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
SRV - [2009/12/19 17:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2008/09/08 00:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/14 22:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/04/30 11:52:36 | 000,200,704 | ---- | M] (OptionNV) [Auto] -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/07/20 09:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/10/18 10:11:08 | 000,061,440 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004/09/23 12:58:02 | 000,450,560 | ---- | M] (Lexmark International, Inc.) [On_Demand] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto] --  -- (zumbus)
DRV - File not found [Kernel | On_Demand] --  -- (XDva359)
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (hwusbdev)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (ALSysIO)
DRV - [2012/01/08 20:14:03 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/11/20 05:49:26 | 000,428,088 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/07/06 10:08:03 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/06 10:08:03 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/13 10:03:28 | 000,026,008 | ---- | M] (Telefónica I+D) [Kernel | System] -- C:\WINDOWS\system32\drivers\tidnet.sys -- (tidnet)
DRV - [2011/06/03 12:42:17 | 000,004,096 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2011/05/03 17:03:43 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2011/04/29 10:23:47 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/04/29 10:23:47 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/04/14 19:15:34 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/08/26 14:29:28 | 000,022,024 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcombus.sys -- (BTCOMBUS)
DRV - [2010/08/26 14:29:26 | 000,025,992 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcomport.sys -- (BTCOM)
DRV - [2010/08/18 15:19:24 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2010/08/16 08:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/08/16 08:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2010/06/24 04:35:04 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2010/04/09 02:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/04/06 11:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010/04/06 11:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010/04/06 11:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010/03/24 21:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/19 22:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/19 21:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/02/24 08:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/08/05 14:37:04 | 000,039,112 | ---- | M] (GBM Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GRemoteJoy.sys -- (GRemoteJoy)
DRV - [2009/08/05 14:37:04 | 000,023,368 | ---- | M] (GBM Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GRemoteBus.sys -- (GRemoteBus)
DRV - [2009/06/17 07:02:16 | 000,027,528 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2009/06/17 07:02:08 | 000,033,800 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2009/05/11 05:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 03:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/01/19 06:12:12 | 000,004,992 | ---- | M] (Option N.V.) [Kernel | System] -- C:\WINDOWS\system32\drivers\GtTdiFltr.sys -- (GtTdiFltr)
DRV - [2008/11/07 06:03:18 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2008/11/07 06:01:48 | 000,020,352 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhsoms.sys -- (GTUHSOMS)
DRV - [2008/11/07 05:58:56 | 000,105,984 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2008/11/07 05:57:38 | 000,062,592 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2008/10/09 07:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008/10/09 07:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/26 15:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand] -- C:\Program Files\BatteryCare\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2007/08/08 15:13:04 | 000,024,448 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2007/05/10 03:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/02 00:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/01/10 04:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/26 03:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/08/12 10:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/13 03:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2003/04/24 09:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\tino_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\tino_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\tino_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\tino\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\tino\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\tino\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\web
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 19:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/28 10:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/20 10:12:47 | 000,000,000 | ---D | M]
 
[2011/02/03 21:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tino\Application Data\Mozilla\Extensions
[2011/02/10 21:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tino\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/03 21:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tino\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/12/28 13:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions
[2011/10/24 17:09:33 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/01/05 12:48:58 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/05/31 18:26:19 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/12/28 13:52:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/21 09:54:13 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011/02/27 12:39:40 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/02/27 12:39:39 | 000,000,000 | ---D | M] (Clean And Close) -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\clean_and_close@csb7.com
[2011/10/13 17:17:39 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-CH), Hunspell-unterstützt) -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\de_CH@dicts.j3e.de
[2011/10/13 17:17:39 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\de_DE@dicts.j3e.de
[2011/04/24 15:28:46 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\DTToolbar@toolbarnet.com
[2011/04/07 12:13:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\extensions\engine@conduit.com
[2011/02/03 21:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tino\Application Data\Mozilla\SeaMonkey\Profiles\cpczg01h.default\extensions
[2011/11/08 19:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 19:33:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/02 18:41:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/03 15:45:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/03 15:45:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/03 15:45:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/03 15:45:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/03 15:45:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/03 15:45:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/23 03:52:32 | 000,001,447 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 2O7.net
O1 - Hosts: 127.0.0.1 192.168.112.2O7.net
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 1 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\tino_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\tino_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\tino_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\tino_ON_C\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [LXBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [Mobile Connection Manager] C:\Program Files\o2\Mobile Connection Manager\emmsn.exe (Telefónica)
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\0.36417745103463184.exe ()
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\tino_ON_C..\Run: [Akamai NetSession Interface] C:\Documents and Settings\tino\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\tino_ON_C..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\tino_ON_C..\Run: [Core Temp] C:\Program Files\Core Temp\Core Temp.exe ()
O4 - HKU\tino_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\tino_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\tino_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/21 11:38:16 | 000,192,908 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 11:38:16 | 000,050,812 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2010/10/22 12:23:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2740d841-83f2-11e0-94e2-00188bbba40a}\Shell - "" = AutoRun
O33 - MountPoints2\{2740d841-83f2-11e0-94e2-00188bbba40a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2740d841-83f2-11e0-94e2-00188bbba40a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{516d93bc-ee8a-11df-83a4-00188bbba40a}\Shell - "" = AutoRun
O33 - MountPoints2\{516d93bc-ee8a-11df-83a4-00188bbba40a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{516d93bc-ee8a-11df-83a4-00188bbba40a}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{61b0d3ca-48df-11e0-b45a-00188bbba40a}\Shell - "" = AutoRun
O33 - MountPoints2\{61b0d3ca-48df-11e0-b45a-00188bbba40a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61b0d3ca-48df-11e0-b45a-00188bbba40a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{718b1cc0-e244-11df-838d-00188bbba40a}\Shell - "" = AutoRun
O33 - MountPoints2\{718b1cc0-e244-11df-838d-00188bbba40a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{718b1cc0-e244-11df-838d-00188bbba40a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bace1baa-de69-11df-8375-ef9579204d00}\Shell - "" = AutoRun
O33 - MountPoints2\{bace1baa-de69-11df-8375-ef9579204d00}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bace1baa-de69-11df-8375-ef9579204d00}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bace1bac-de69-11df-8375-b2c0a2b3053c}\Shell - "" = AutoRun
O33 - MountPoints2\{bace1bac-de69-11df-8375-b2c0a2b3053c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bace1bac-de69-11df-8375-b2c0a2b3053c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bace1bae-de69-11df-8375-ed748285d346}\Shell - "" = AutoRun
O33 - MountPoints2\{bace1bae-de69-11df-8375-ed748285d346}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bace1bae-de69-11df-8375-ed748285d346}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d6de3831-343a-11e0-8436-00188bbba40a}\Shell - "" = AutoRun
O33 - MountPoints2\{d6de3831-343a-11e0-8436-00188bbba40a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6de3831-343a-11e0-8436-00188bbba40a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{db74b768-0eb5-11e0-83dd-00188bbba40a}\Shell - "" = AutoRun
O33 - MountPoints2\{db74b768-0eb5-11e0-83dd-00188bbba40a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{db74b768-0eb5-11e0-83dd-00188bbba40a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eaeedbe9-de33-11df-8373-c275da893b04}\Shell - "" = AutoRun
O33 - MountPoints2\{eaeedbe9-de33-11df-8373-c275da893b04}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eaeedbe9-de33-11df-8373-c275da893b04}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{eaeedbee-de33-11df-8373-93aaeaa4b206}\Shell - "" = AutoRun
O33 - MountPoints2\{eaeedbee-de33-11df-8373-93aaeaa4b206}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eaeedbee-de33-11df-8373-93aaeaa4b206}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\pointsoft.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/08 19:30:26 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/05 16:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tino\Desktop\mobile nova
[2011/12/26 15:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rumble Fighter-DE
[2011/12/25 11:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tino\My Documents\ICQ
[2011/12/24 09:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tino\Local Settings\Application Data\PMB Files
[2011/12/24 09:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/12/20 15:17:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/12/15 05:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tino\Desktop\redstone
[2011/12/13 14:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tino\Desktop\id,7139-Dateien
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/09 06:52:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/09 06:52:32 | 000,443,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/09 06:52:32 | 000,072,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/09 06:51:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/09 06:46:00 | 000,001,186 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2077806209-682003330-1003UA.job
[2012/01/09 06:38:26 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2012/01/09 06:30:10 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/08 20:14:03 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/08 19:19:13 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\0.36417745103463184.exe
[2012/01/08 14:46:00 | 000,001,134 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2077806209-682003330-1003Core.job
[2012/01/07 04:48:29 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\Google Chrome.lnk
[2012/01/07 04:48:29 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\tino\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/05 09:02:56 | 000,084,614 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\17601_1_lightbox_tanzen.jpg
[2012/01/03 04:11:17 | 000,001,963 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\cloner.config.php
[2012/01/03 04:00:50 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\install.xcloner.php
[2012/01/03 03:50:27 | 000,040,391 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\XCloner.php
[2011/12/27 15:52:20 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\tino\builtins.cfg
[2011/12/26 15:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rumble Fighter-DE
[2011/12/16 19:37:25 | 000,315,277 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\facebook.jpg
[2011/12/15 10:19:03 | 000,011,305 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\weihnachtbaum-icon.jpg
[2011/12/13 20:37:50 | 000,026,399 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\BLOG_ICON.jpg.png
[2011/12/13 14:38:08 | 000,017,131 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\id,7139.html
[2011/12/13 14:08:45 | 000,012,209 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\more-blog-comments.jpg
[2011/12/13 13:55:51 | 000,051,931 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\forum.jpg
[2011/12/13 13:46:32 | 000,060,998 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\stock-illustration-4837447-community-icon.jpg
[2011/12/13 13:33:43 | 000,031,985 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\screen_blog.jpg
[2011/12/10 22:05:33 | 000,027,879 | ---- | M] () -- C:\Documents and Settings\tino\Desktop\cbef081d709fe61c46eb7a0831a1ac2a.png
[2011/12/10 15:51:10 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\tino\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/08 19:19:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\0.36417745103463184.exe
[2012/01/05 09:02:55 | 000,084,614 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\17601_1_lightbox_tanzen.jpg
[2012/01/03 04:00:48 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\install.xcloner.php
[2012/01/03 03:54:06 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\cloner.config.php
[2012/01/03 03:50:26 | 000,040,391 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\XCloner.php
[2011/12/27 15:52:20 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\tino\builtins.cfg
[2011/12/16 19:37:20 | 000,315,277 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\facebook.jpg
[2011/12/15 10:19:01 | 000,011,305 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\weihnachtbaum-icon.jpg
[2011/12/13 20:37:31 | 000,026,399 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\BLOG_ICON.jpg.png
[2011/12/13 14:38:07 | 000,017,131 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\id,7139.html
[2011/12/13 14:08:45 | 000,012,209 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\more-blog-comments.jpg
[2011/12/13 13:55:51 | 000,051,931 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\forum.jpg
[2011/12/13 13:46:31 | 000,060,998 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\stock-illustration-4837447-community-icon.jpg
[2011/12/13 13:33:42 | 000,031,985 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\screen_blog.jpg
[2011/12/10 22:05:33 | 000,027,879 | ---- | C] () -- C:\Documents and Settings\tino\Desktop\cbef081d709fe61c46eb7a0831a1ac2a.png
[2011/11/28 15:38:44 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lz_tcm.ini
[2011/11/19 23:09:25 | 000,755,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/28 11:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/06/16 16:16:08 | 000,000,662 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2011/06/16 16:09:39 | 000,000,125 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2011/06/16 16:07:02 | 000,006,512 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2011/06/16 15:39:32 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2011/06/16 15:35:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2011/06/03 12:42:17 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2011/05/24 15:45:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/18 08:27:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2011/05/18 08:27:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2011/05/18 08:20:30 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxbuinsr.dll
[2011/05/18 08:20:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll
[2011/05/18 08:20:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxbucur.dll
[2011/05/18 08:20:25 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\lxbujswr.dll
[2011/05/08 13:34:57 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\shortcut_ex.dat
[2011/05/05 10:06:05 | 000,313,384 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/03 16:22:02 | 000,725,064 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/05/03 16:22:01 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/05/03 16:22:00 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2011/04/29 06:45:56 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2011/04/13 05:00:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll
[2011/02/26 19:12:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/01/30 18:52:33 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2011/01/28 13:24:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/10 19:22:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010/12/17 16:33:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tino\morphgear_key.exe
[2010/12/04 06:44:23 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\tino\Application Data\$_hpcst$.hpc
[2010/11/13 13:28:14 | 000,000,111 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2010/11/13 13:06:52 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2010/10/23 06:36:45 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\tino\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/23 02:01:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/10/23 02:01:49 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/10/23 02:01:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/10/23 01:53:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2010/10/22 18:40:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/22 14:13:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/22 14:11:54 | 003,315,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/22 12:26:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/22 12:20:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/06 11:33:10 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2010/01/22 03:04:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 03:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 03:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,443,922 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,180 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2011/06/16 15:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\ts3overlay
[2011/01/30 18:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\aborange
[2011/06/17 06:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\BatteryCare
[2011/02/25 16:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\BOM
[2012/01/08 20:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\DAEMON Tools Lite
[2012/01/09 06:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\DNA
[2011/06/06 18:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Dropbox
[2011/05/06 07:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\facemoods.com
[2012/01/05 09:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\FileZilla
[2011/05/23 08:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Free Download Manager
[2011/02/16 15:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Funambol
[2011/07/30 14:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\gamigoGr
[2011/01/12 16:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\GBM Software
[2011/04/06 16:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\GetRightToGo
[2012/01/07 21:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\ICQ
[2010/12/05 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\JonDo
[2011/07/30 14:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Launcher
[2011/02/19 05:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\LEGO Company
[2011/07/30 14:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Martial Empires Launcher
[2011/06/09 16:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\MyPhoneExplorer
[2010/12/10 15:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\MySQL
[2011/04/29 17:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\NAVIGON Fresh
[2011/05/25 19:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Need for Speed World
[2011/04/04 04:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Neverball
[2011/10/17 07:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\NPLUTO Corporation
[2010/12/12 11:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\OfficeRecovery
[2010/11/18 12:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\OpenOffice.org
[2011/09/13 16:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Opera
[2011/05/24 16:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\PCDr
[2010/12/14 08:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Pokemon Lab
[2010/11/16 07:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Recorder
[2011/07/30 14:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Repair DE
[2011/07/30 14:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\rtool
[2010/10/23 07:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\runic games
[2011/05/23 07:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\SoftGrid Client
[2011/03/03 19:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Software Informer
[2011/04/29 10:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Sony
[2011/12/24 09:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Sony Online Entertainment
[2010/11/12 13:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\T-Mobile
[2011/05/05 13:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\TeamViewer
[2010/10/22 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Telefónica
[2011/10/31 10:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\TGCMLog
[2011/02/10 21:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Thunderbird
[2011/02/22 23:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\TileRacer
[2011/02/16 15:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\TP
[2011/07/27 10:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\TS3Client
[2011/06/16 13:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\ts3overlay
[2011/02/15 19:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\TuneUp Software
[2012/01/05 09:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\TV-Browser
[2011/02/17 17:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\Unity
[2011/06/26 07:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tino\Application Data\wargaming.net
[2011/11/27 13:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2010/10/22 18:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/25 18:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/03/01 15:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2011/06/16 15:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/12/26 07:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/02/23 15:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TmForever
[2011/03/03 20:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2011/02/15 19:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/03/03 07:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/05/05 09:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/15 19:36:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
 
========== Purity Check ==========
 
 
< End of report >
nun hoffe ich ihr könnt mir helfen

mfg tinot1983

markusg 09.01.2012 14:45
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\0.36417745103463184.exe ()
:Files
C:\WINDOWS\system32\0.36417745103463184.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne arbeitsplatz, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

tinot1983 09.01.2012 15:47
danke markusg für die schnelle hilfe hat alles geklappt die
_OLT datei habe ich gerade hoch geladen also noch ma recht herzlichen dank

markusg 09.01.2012 16:12
danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

tinot1983 09.01.2012 18:51
so hier der gewünsche log

Combofix Logfile:
Code:
ComboFix 12-01-09.03 - tino 09.01.2012  18:39:41.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.2038.1081 [GMT 1:00]
ausgeführt von:: c:\documents and settings\tino\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\tino\Application Data\facemoods.com
c:\documents and settings\tino\Application Data\mIRC\logs\status.log
c:\documents and settings\tino\My Documents\Downloads\Integrated_CT2629906.exe
c:\documents and settings\tino\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-09 bis 2012-01-09  ))))))))))))))))))))))))))))))
.
.
2012-01-09 20:40 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-01-09 20:39 . 2012-01-09 20:39        --------        d-----w-        C:\_OTL
2012-01-09 14:43 . 2012-01-09 14:43        8782        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-01-09 00:30 . 2012-01-09 01:14        239168        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-08 00:33 . 2012-01-08 00:33        626688        ----a-w-        c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 00:33 . 2012-01-08 00:33        548864        ----a-w-        c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 00:33 . 2012-01-08 00:33        479232        ----a-w-        c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 00:33 . 2012-01-08 00:33        43992        ----a-w-        c:\program files\Mozilla Firefox\mozutils.dll
2011-12-24 14:50 . 2012-01-09 15:35        --------        d-----w-        c:\documents and settings\tino\Local Settings\Application Data\PMB Files
2011-12-24 14:50 . 2011-12-26 12:38        --------        d-----w-        c:\documents and settings\All Users\Application Data\PMB Files
2011-12-20 20:17 . 2011-12-20 20:17        --------        d--h--w-        c:\windows\PIF
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 14:57 . 2009-08-18 10:30        564632        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-11-20 14:57 . 2009-08-18 10:24        18328        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-20 10:49 . 2010-10-22 23:37        428088        ----a-w-        c:\windows\system32\drivers\sptd.sys
2011-11-14 23:25 . 2011-10-25 01:00        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-08 00:33 . 2011-03-30 01:03        121816        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\documents and settings\tino\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\documents and settings\tino\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\documents and settings\tino\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\documents and settings\tino\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2010-10-02 470544]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2011-10-16 323392]
"Akamai NetSession Interface"="c:\documents and settings\tino\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-12 3305760]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-12-24 3082320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-09-10 69632]
"Mobile Connection Manager"="c:\program files\o2\Mobile Connection Manager\emmsn.exe" [2011-06-15 4220792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^web'n'walk Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\web'n'walk Manager.lnk
backup=c:\windows\pss\web'n'walk Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^tino^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\tino\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43        640376        ----a-w-        c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25        37232        ----a-w-        c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BatteryCare]
2011-05-12 17:37        704512        ----a-w-        c:\program files\BatteryCare\BatteryCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17        3514176        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-07-20 14:55        1228800        ----a-w-        c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2004-09-17 13:24        61440        ----a-w-        c:\program files\Lexmark 6200 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2004-09-22 09:18        299008        ----a-w-        c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2010-04-28 22:28        3727411        ----a-w-        c:\program files\Free Download Manager\fdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe]
2004-09-22 10:46        188416        ----a-w-        c:\program files\Lexmark 6200 Series\lxbumon.exE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42        1695232        ------w-        c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-04-14 11:26        428544        ----a-w-        c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\tino\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\mIRC\\mIRC.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Documents and Settings\\tino\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\TV-Browser\\tvbrowser.exe"=
"c:\\Program Files\\TV-Browser\\tvbrowser_noDD.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires Online\\Spartan.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"56971:TCP"= 56971:TCP:Pando Media Booster
"56971:UDP"= 56971:UDP:Pando Media Booster
"57021:TCP"= 57021:TCP:Pando Media Booster
"57021:UDP"= 57021:UDP:Pando Media Booster
"56343:TCP"= 56343:TCP:Pando Media Booster
"56343:UDP"= 56343:UDP:Pando Media Booster
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [06.04.2010 17:32 20104]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [09.01.2012 01:30 239168]
R1 GtTdiFltr;GtTdiFltr;c:\windows\system32\drivers\GtTdiFltr.sys [19.01.2009 12:12 4992]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [08.07.2010 12:41 26008]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04.08.2004 11:00 14336]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [23.10.2010 00:32 136360]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [23.10.2010 12:38 29416]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [18.10.2005 16:11 61440]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [13.04.2011 11:00 147563]
R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [30.04.2008 17:52 200704]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [15.04.2011 01:15 6656]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [14.06.2011 17:35 201080]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12.01.2011 17:35 1051968]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\tino\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\tino\LOCALS~1\Temp\ALSysIO.sys [?]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [26.08.2010 20:29 22024]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [06.04.2010 17:33 25864]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [31.10.2011 16:30 24448]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [31.10.2011 16:30 63616]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [06.04.2010 17:32 23048]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24.02.2010 14:41 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02.02.2011 01:55 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 04:46 284016]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [26.08.2010 20:29 25992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [31.10.2011 16:30 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [31.10.2011 16:30 117504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [29.04.2011 16:23 13224]
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\drivers\GRemoteBus.sys [05.08.2009 20:37 23368]
S3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\drivers\GRemoteJoy.sys [05.08.2009 20:37 39112]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [07.11.2008 11:57 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [07.11.2008 11:58 105984]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [07.11.2008 12:01 20352]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [07.11.2008 12:03 8064]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02.02.2011 01:55 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [03.05.2011 22:22 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [03.05.2011 22:22 11104]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [03.05.2011 23:03 27632]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [29.04.2011 16:18 150528]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [26.07.2008 23:30 14416]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ALSYSIO
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 00:54]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 00:54]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2077806209-682003330-1003Core.job
- c:\documents and settings\tino\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-06 22:05]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2077806209-682003330-1003UA.job
- c:\documents and settings\tino\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-06 22:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{2465510E-FE52-4AB8-9180-65C1FCE2D1E8}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\documents and settings\tino\Application Data\Mozilla\Firefox\Profiles\qd8rwgk4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2629906&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - ftp-proxy.t-online.de
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - gopher-proxy.t-online.de
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - sec-proxy.t-online.de
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 24
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-BayReminder - c:\program files\BayWatcher Pro\BayReminder.exe
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-09 18:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1404)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
.
Zeit der Fertigstellung: 2012-01-09  18:49:56
ComboFix-quarantined-files.txt  2012-01-09 17:49
.
Vor Suchlauf: 2.356.686.848 bytes free
Nach Suchlauf: 2.260.111.360 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5BFE01A0BAD350DD02756A9A210229F9
--- --- ---

markusg 09.01.2012 19:48
hi

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

tinot1983 09.01.2012 22:44
so hier ddas logfile von Malwarebytes

Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.09.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
tino :: TINO-D620 [Administrator]

Schutz: Aktiviert

09.01.2012 20:40:39
mbam-log-2012-01-09 (22-44-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 428373
Laufzeit: 2 Stunde(n), 3 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Downloads\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.

(Ende)

markusg 10.01.2012 15:44
sieht gut aus.
- internet explorer 8, auch wenn du nen andern browser nutzt, muss er aktuell sein.
Detail Seite Windows Internet Explorer 8 für Windows XP
- automatische updates so konfigurieren, das sie automatisch geladen/instaliert werden:
Konfigurieren und Verwenden des Features "Automatische Updates" in Windows

lade den CCleaner standard:
CCleaner Download - CCleaner 3.14.1616
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

tinot1983 10.01.2012 16:18
muss nun ma ne dumme frage stellen wozu diese liste
ist ja wie beim arbeitsamt

Code:
7-Zip 9.20        bekannt/benötigt
Acrobat.com        Adobe Systems        bekannt/benötigt
Adobe AIR        bekannt/benötigt
Adobe Creative Suite 4 Master Collection        bekannt/benötigt
Adobe Flash Player 10 ActiveX        Adobe Systems        bekannt/benötigt
Adobe Flash Player 11 Plugin        bekannt/benötigt       
Adobe Media Player        bekannt/benötigt
Adobe Shockwave Player 11.6        bekannt/benötigt
Age of Empires Online                bekannt
AGEIA GAME System Software        bekannt
Akamai NetSession Interface        unbekannt
Akamai NetSession Interface Service                unbekannt
Android SDK Tools        Google        bekannt/benötigt
Avira AntiVir Personal        bekannt/benötigt
Avira UnErase Personal        bekannt/benötigt
BatteryCare        Property.Manufacturer        bekannt/benötigt
BlueSoleil 8.0.356.0        bekannt/benötigt
Bonjour        bekannt
Broadcom ASF Management Applications        bekannt/benötigt
Broadcom Gigabit Integrated Controller        bekannt/benötigt
CCleaner        bekannt/benötigt
Core Temp version 0.99.8        bekannt/benötigt
DAEMON Tools Lite        bekannt/benötigt
DAEMON Tools Toolbar        bekannt/benötigt
Dell Driver Download Manager        Dell Inc.        bekannt/benötigt
Dell Support 3.2.1        bekannt/benötigt
Dell Wireless WLAN Card        Dell Inc.        bekannt/benötigt
Diablo II        Blizzard Entertainment                bekannt/benötigt
Diablo II Lord of Destruction                bekannt/benötigt
DNA        BitTorrent Inc.        bekannt
doubleTwist                bekannt
Download Updater (AOL LLC)        unbekannt
Drift City (EU_DE)        bekannt
Dropbox        bekannt/benötigt
EVEREST Home Edition v2.20        bekannt
EVO - Seperated drivers                bekannt
ffdshow [rev 2527]        unbekannt
FileZilla Client 3.2.8        bekannt/benötigt
Free Download Manager 3.0        bekannt/benötigt
GhostMouse 2.0        bekannt/benötigt
Google Chrome        bekannt/benötigt
High Definition Audio Driver Package – KB835221                bekannt/benötigt       
HUAWEI DataCard Driver 4.05.00.00        bekannt/benötigt       
ICQ7.6        bekannt/benötigt
Intel(R) Graphics Media Accelerator Driver        bekannt/benötigt       
Java DB 10.6.2.1 Oracle                bekannt/benötigt
Java(TM) 6 Update 25 Oracle        bekannt/benötigt
Java(TM) SE Development Kit 6 Update 25 Oracle        bekannt/benötigt
JDownloader 0.9        bekannt/benötigt       
Lexmark 6200 Series        bekannt/benötigt       
Lexmark Fax-Lösungen        bekannt/benötigt
Malwarebytes Anti-Malware Version        bekannt/benötigt
Media Go        bekannt/benötigt
Media Go Video Playback Engine        bekannt/benötigt
Microsoft .NET Framework 1.1        Microsoft        bekannt/benötigt       
Microsoft .NET Framework 2.0 Service Pack 2        bekannt/benötigt       
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU        bekannt/benötigt       
Microsoft .NET Framework 3.0 Service Pack 2        bekannt/benötigt       
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU        bekannt/benötigt       
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        bekannt/benötigt       
Microsoft .NET Framework 3.5 SP1        bekannt/benötigt               
Microsoft Games for Windows - LIVE Redistributable        bekannt/benötigt       
Microsoft Games for Windows Marketplace        bekannt/benötigt       
Microsoft User-Mode Driver Framework Feature Pack        bekannt/benötigt       
Microsoft Visual C++ 2005 Redistributable                bekannt/benötigt
Microsoft Visual C++ 2008 Redistributable – x86                bekannt/benötigt
Microsoft Visual C++ 2008 Redistributable – x86                bekannt/benötigt
Microsoft Web Platform Installer 3.0        bekannt       
Microsoft WinUsb 1.0        unbekannt               
MiniTool Partition Wizard Home Edition 5.2        bekannt
MiniTool Power Data Recovery        bekannt
Mobile Connection Manager        bekannt       
Mobile Partner        bekannt/benötigt       
Mouse Recorder Pro 1.3        bekannt       
Mozilla Firefox 9.0.1 (x86 de)        bekannt/benötigt
Mozilla Thunderbird (3.1.10)        bekannt/benötigt
MyPhoneExplorer        bekannt/benötigt       
MySQL Tools for 5.0        bekannt/benötigt       
Need For Speed™ World        bekannt/benötigt
NVIDIA PhysX        bekannt/benötigt       
OGPlanet Game Launcher        bekannt/benötigt       
OpenAL        bekannt/benötigt                       
OpenOffice.org 3.2        bekannt/benötigt       
Opera 11.51        Opera        bekannt/benötigt
Pando Media Booster                bekannt
Patrizier II Gold                bekannt/benötigt       
PC Connectivity Solution        bekannt/benötigt       
Phase 5 HTML-Editor        bekannt/benötigt       
PKR        bekannt/benötigt       
PokerStars        bekannt/benötigt       
QuickSet        Dell Computer        bekannt/benötigt
Recorder        bekannt/benötigt                       
Red Stone        bekannt/benötigt                       
Rumble FighterDE        bekannt/benötigt               
SigmaTel Audio        bekannt/benötigt       
Skype™ 5.1        Skype        bekannt/benötigt
SNES9x        bekannt/benötigt                       
Sony Ericsson PC Companion        bekannt/benötigt
Sony Ericsson Update Engine        bekannt/benötigt       
Sony Ericsson Update Service        bekannt/benötigt       
Steam        Valve Corporation                bekannt/benötigt
STRATO Outlook Sync 8.2.7        bekannt/benötigt       
TeamSpeak 3 Client        bekannt/benötigt               
TeamViewer 6        bekannt/benötigt       
TmUnitedForever        bekannt/benötigt               
Torchlight        bekannt/benötigt               
Trillian        bekannt/benötigt                       
TuneUp Utilities        bekannt/benötigt       
TV-Browser 3.1        bekannt/benötigt       
Unity Web Player        bekannt/benötigt               
VLC media player 1.1.11                bekannt/benötigt
web'n'walk Manager        bekannt       
Winamp        bekannt/benötigt       
Winamp Erkennungs-Plug-in        bekannt/benötigt       
Winamp Toolbar        bekannt/benötigt                       
Windows Live ID Sign-in Assistant        bekannt/benötigt       
Windows Media Format 11        bekannt/benötigt       
Windows XP Service Pack 3        bekannt/benötigt       
Windows-Treiberpaket - Nokia pccsmcfd        bekannt/benötigt 
WinRAR        bekannt/benötigt                               
Wizard101(DE)        bekannt/benötigt

markusg 10.01.2012 17:26
was ist der unterschied zwischen beaknnt benötigt und nur bekannt.
ich wollte wissen ob sie nötig unnötig oder unbekannt sind, oder ist bekannt auch unnötig.
warum immer so umständlich....

tinot1983 10.01.2012 17:58
mmh und mich würde immer noch intressieren wofür du das überhaupt wissen möchtest

bekannt/ benötigt = brauche ich
bekannt = benutze ich ab und zu

markusg 10.01.2012 18:03
ich benötige die liste um rauszufinden durch welche sicherheitslücken du dir das teil eingefangen hast.
also heißt es in deiner liste sind keine unnötigen programme zu finden?


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:33 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28