Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mIRC bot

Started by jeffreys DJ , May 15 2011 06:28 AM

  • This topic is locked This topic is locked

#1
jeffreys DJ
Posted 15 May 2011 - 06:28 AM

jeffreys DJ

    New Member

  • Member
  • Pip
  • 3 posts
Dear geeks,

thanks in advance for your help!
We got the following issue:

A mIRC bot showed up after a system restore. This is probably how it was aquired.
We are not sure though, it could also have come through a Download.
A mIRC chat was never installed on the system before and it was never intended.

It disables the firewall and somehow seems to download other viruses and worms.
Avira found 120 issues during a filescan. After three scans those issues were resolved.

We tried Windows Defender, Avira AntiVir 10 and Glary Utilities which all couldn't solve the problem.
We found a file that represents the bot and deleted it. However it reinstalls upon restart.

Currently we sneak around the problem by not shutting down and staying in hibernation mode which of course is not a long term solution.
Through this the bot is not currently active on the system.
edit: (see post below for log #2 with active bot)

Your help would be much appreciated, the ORT report follows:

OTL logfile created on: 15.05.2011 14:00:15 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Familie Braun\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

510,00 Mb Total Physical Memory | 55,00 Mb Available Physical Memory | 11,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,95 Gb Total Space | 109,96 Gb Free Space | 75,34% Space Free | Partition Type: NTFS

Computer Name: BRAUN | User Name: Familie Braun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.15 13:57:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Familie Braun\Eigene Dateien\Downloads\OTL.exe
PRC - [2011.04.14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.01.12 12:07:02 | 002,729,800 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodtray.exe
PRC - [2011.01.12 12:06:58 | 002,335,560 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodag.exe
PRC - [2009.01.13 12:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.11.13 09:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008.09.03 09:52:12 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.11.03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MsMpEng.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac7302\Monitor.exe
PRC - [2006.08.16 18:53:58 | 000,031,232 | R--- | M] (Mindjet) -- C:\Programme\Mindjet\MindManager 6\MmReminderService.exe
PRC - [2006.03.30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2005.09.19 09:42:06 | 001,159,168 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\Creative\VoiceCenter\AndreaVC.exe
PRC - [2005.04.28 11:39:46 | 000,696,418 | ---- | M] (T-Online) -- C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\profilemgr.exe
PRC - [2005.04.28 11:39:46 | 000,536,666 | ---- | M] (T-Online) -- C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
PRC - [2005.04.28 11:39:46 | 000,081,920 | ---- | M] (T-Online) -- C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
PRC - [2005.03.23 02:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005.01.27 03:02:00 | 000,086,016 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe
PRC - [2004.12.02 20:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004.07.27 18:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
PRC - [2003.11.19 19:48:14 | 000,032,881 | ---- | M] () -- C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe


========== Modules (SafeList) ==========

MOD - [2011.05.15 13:57:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Familie Braun\Eigene Dateien\Downloads\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.01.12 12:06:58 | 002,335,560 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2009.01.13 12:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006.03.30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.12.19 13:05:31 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.13 12:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.08.28 18:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.01.10 03:34:57 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.07.23 07:58:02 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007.06.14 15:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.08.04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.06.06 23:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005.05.26 00:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005.03.25 18:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005.01.11 02:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005.01.11 02:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.web.de/"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2269050&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.08 14:15:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.08 14:15:24 | 000,000,000 | ---D | M]

[2010.08.30 13:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Extensions
[2011.05.09 14:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions
[2010.08.28 19:41:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.09 14:21:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.15 15:48:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 14:21:45 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions\[email protected]
[2010.08.30 13:37:50 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\searchplugins\conduit.xml
[2011.05.08 14:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.10.18 20:33:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) --
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 16:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HP Software Update] File not found
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [System] File not found
O4 - HKLM..\Run: [VoiceCenter] C:\Programme\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinXPService] C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\mIRC\DriverUpdate.exe ()
O4 - HKCU..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [System] File not found
O4 - HKCU..\Run: [winlogon.exe] C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\winlogon\winlogon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.18 15:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{593efa48-15b5-11db-987f-00123fb63305}\Shell\AutoRun\command - "" = dll32.exe
O33 - MountPoints2\{593efa48-15b5-11db-987f-00123fb63305}\Shell\open\command - "" = dll32.exe
O33 - MountPoints2\{5c00aece-6ac5-11de-9be9-00123fb63305}\Shell - "" = AutoRun
O33 - MountPoints2\{5c00aece-6ac5-11de-9be9-00123fb63305}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c00aece-6ac5-11de-9be9-00123fb63305}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \lsass.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.10 18:02:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Familie Braun\IECompatCache
[2011.05.08 12:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.05.06 09:27:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Avira
[2011.05.04 21:43:59 | 000,000,000 | ---D | C] -- C:\Programme\Windows Defender
[2011.05.04 21:42:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2011.05.02 11:48:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\ArcSoft
[2011.05.02 11:40:13 | 000,000,000 | ---D | C] -- C:\Programme\ArcSoft
[2011.05.02 11:40:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ArcSoft
[2011.04.29 21:48:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\winlogon
[2011.04.26 22:40:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.04.26 22:07:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.04.26 22:07:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.04.26 22:07:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.04.26 22:01:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.04.26 21:56:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.04.26 21:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011.04.24 20:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\mIRC
[2011.04.21 21:42:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\GlarySoft
[2011.04.21 21:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Glary Utilities
[2011.04.21 21:05:42 | 000,000,000 | ---D | C] -- C:\Programme\Glary Utilities
[2011.04.21 19:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag
[2011.04.21 19:56:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\O&O
[2011.04.21 19:56:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\O&O Software
[2011.04.21 19:56:15 | 000,000,000 | ---D | C] -- C:\Programme\OO Software
[2011.04.21 18:51:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2011.04.21 18:16:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.04.21 16:04:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Debugging Tools for Windows (x86)
[2011.04.21 16:03:33 | 000,000,000 | ---D | C] -- C:\Programme\Debugging Tools for Windows (x86)
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Familie Braun\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Familie Braun\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.15 13:59:08 | 000,000,678 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Verknüpfung mit OTL.lnk
[2011.05.15 11:27:52 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\VPN Client.lnk
[2011.05.15 11:23:35 | 000,142,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.14 19:47:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.05.14 13:07:10 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.08 14:15:34 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.05.08 12:26:52 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011.05.08 12:26:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.08 12:26:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.08 12:26:42 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.05 09:34:25 | 000,002,601 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\O&O Defrag.lnk
[2011.05.04 21:07:02 | 000,002,715 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\data.dat
[2011.05.01 14:54:22 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Windows Media Player.lnk
[2011.04.29 09:41:36 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.29 08:55:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.29 08:41:18 | 000,464,254 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.29 08:41:18 | 000,445,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.29 08:41:18 | 000,086,652 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.29 08:41:18 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.26 22:44:13 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.04.26 22:01:16 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011.04.25 10:19:29 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.24 21:04:49 | 001,299,580 | -H-- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\I.exe
[2011.04.24 20:23:32 | 000,002,984 | -H-- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\I.attacker.exe
[2011.04.21 21:06:15 | 000,000,713 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Glary Utilities.lnk
[2011.04.21 15:38:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Familie Braun\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Familie Braun\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.15 13:59:08 | 000,000,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Verknüpfung mit OTL.lnk
[2011.05.08 14:15:34 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2011.05.04 21:47:29 | 000,000,322 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.04 21:44:13 | 000,000,927 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Defender.lnk
[2011.05.04 19:10:54 | 000,002,715 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\data.dat
[2011.04.27 13:13:09 | 000,002,373 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft PowerPoint Viewer .lnk
[2011.04.26 22:40:59 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011.04.24 20:30:33 | 001,299,580 | -H-- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\I.exe
[2011.04.24 20:23:32 | 000,002,984 | -H-- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\I.attacker.exe
[2011.04.21 22:10:56 | 000,002,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\VPN Client.lnk
[2011.04.21 21:07:04 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011.04.21 21:06:15 | 000,000,713 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Glary Utilities.lnk
[2011.04.21 19:56:19 | 000,002,601 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\O&O Defrag.lnk
[2011.04.21 15:58:12 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.21 15:38:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.03.30 14:27:47 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2010.03.30 14:27:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2010.02.18 11:27:37 | 000,000,266 | ---- | C] () -- C:\WINDOWS\hpqgrcpy.INI
[2009.10.31 11:57:47 | 034,119,048 | ---- | C] () -- C:\Programme\avira_antivir_personal408_de.exe
[2009.10.28 12:53:40 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009.10.28 12:43:40 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp2ml3.dll
[2009.10.23 09:25:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.08 15:22:19 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2009.04.28 18:23:35 | 000,085,268 | ---- | C] () -- C:\WINDOWS\hpgins01.dat.temp
[2009.04.28 18:23:35 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat.temp
[2009.03.20 11:52:51 | 001,697,763 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\mdbu.bin
[2009.03.01 13:18:50 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.02.23 13:17:15 | 000,000,617 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\burnaware.ini
[2009.01.13 12:29:00 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009.01.13 12:28:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008.02.25 23:40:56 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.07.23 07:56:14 | 000,004,585 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2007.07.23 07:53:38 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007.05.31 15:08:29 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.03.18 15:12:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2007.03.18 15:12:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2006.06.02 16:53:59 | 000,085,268 | ---- | C] () -- C:\WINDOWS\hpgins01.dat
[2006.06.02 16:53:59 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat
[2006.02.13 16:35:59 | 000,142,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.02.10 11:42:18 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\SOS9503.DLL
[2006.02.10 11:42:10 | 000,432,128 | ---- | C] () -- C:\WINDOWS\System32\SCRIPT32.DLL
[2006.01.21 22:59:58 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.12.24 00:21:14 | 000,000,505 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005.12.23 23:27:53 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2005.12.23 23:27:47 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2005.12.23 23:27:47 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2005.12.23 23:27:47 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2005.12.23 23:22:57 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.12.19 13:16:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.12.19 13:14:05 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.12.19 13:01:23 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005.12.19 13:01:23 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2005.12.19 12:48:16 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2005.12.19 12:48:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005.12.19 12:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005.12.19 12:47:50 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.12.19 12:47:34 | 000,000,413 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.12 23:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.04.09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004.08.18 15:26:49 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.18 15:22:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.18 15:16:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 15:15:48 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.18 15:12:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.18 15:11:35 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.18 15:05:50 | 000,464,254 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.18 15:05:50 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.18 15:05:50 | 000,086,652 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.18 15:05:50 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.18 15:05:37 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 15:05:35 | 000,445,772 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 15:05:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 15:05:35 | 000,072,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 15:05:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 15:05:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.18 15:05:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.18 15:05:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.18 15:05:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 15:05:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 15:05:18 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 15:05:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.02.10 22:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.11.13 22:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

========== LOP Check ==========

[2009.03.01 13:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice
[2006.12.21 18:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
[2005.12.23 23:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010.10.16 10:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.08.27 11:24:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.30 14:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.08.04 22:32:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Amazon
[2009.04.08 18:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\digital publishing
[2011.03.25 17:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.04.21 21:42:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\GlarySoft
[2010.05.14 13:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\HTML Executable
[2010.07.14 19:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\ICQ Toolbar
[2006.01.27 22:21:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\ICQLite
[2011.03.26 10:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Leadertech
[2011.05.10 18:00:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\PriceGong
[2005.12.23 23:28:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\T-Online
[2005.12.24 00:11:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Template
[2011.04.29 21:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\winlogon
[2011.05.08 12:26:52 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2005.12.24 15:30:03 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job
[2011.05.14 13:07:10 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

Edited by jeffreys DJ, 15 May 2011 - 11:32 AM.

  • 0

Advertisements

#2
jeffreys DJ
Posted 15 May 2011 - 11:26 AM

jeffreys DJ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi,
here is some additional information:

We now did restart the system. As expected, the mIRC bot reinstalls itself.
Upon startup there is an error message which I attach as a jpg file. Alas it is in German but I hope the error code would help. errormessage.JPG

With the mIRC bot active (but no internet connection) we get the following OTL log:

OTL logfile created on: 15.05.2011 18:36:07 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Familie Braun\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

510,00 Mb Total Physical Memory | 44,00 Mb Available Physical Memory | 9,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,95 Gb Total Space | 110,26 Gb Free Space | 75,55% Space Free | Partition Type: NTFS

Computer Name: BRAUN | User Name: Familie Braun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.15 13:57:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Familie Braun\Eigene Dateien\Downloads\OTL.exe
PRC - [2011.04.24 13:30:23 | 001,213,016 | ---- | M] (mIRC Co. Ltd.) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\mIRC\mircdriver.exe
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.01.12 12:07:02 | 002,729,800 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodtray.exe
PRC - [2011.01.12 12:06:58 | 002,335,560 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodag.exe
PRC - [2009.01.13 12:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.09.03 09:52:12 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008.04.14 04:22:55 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netsh.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.11.03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MsMpEng.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac7302\Monitor.exe
PRC - [2006.08.16 18:53:58 | 000,031,232 | R--- | M] (Mindjet) -- C:\Programme\Mindjet\MindManager 6\MmReminderService.exe
PRC - [2005.09.19 09:42:06 | 001,159,168 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\Creative\VoiceCenter\AndreaVC.exe
PRC - [2005.03.23 02:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005.01.27 03:02:00 | 000,086,016 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe
PRC - [2004.12.02 20:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004.07.27 18:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
PRC - [2003.11.19 19:48:14 | 000,032,881 | ---- | M] () -- C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe


========== Modules (SafeList) ==========

MOD - [2011.05.15 13:57:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Familie Braun\Eigene Dateien\Downloads\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Start_Pending] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.01.12 12:06:58 | 002,335,560 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2009.01.13 12:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006.03.30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.12.19 13:05:31 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.13 12:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.08.28 18:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.01.10 03:34:57 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.07.23 07:58:02 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007.06.14 15:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.08.04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.06.06 23:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005.05.26 00:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005.03.25 18:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005.01.11 02:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005.01.11 02:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.web.de/"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2269050&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.08 14:15:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.08 14:15:24 | 000,000,000 | ---D | M]

[2010.08.30 13:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Extensions
[2011.05.09 14:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions
[2010.08.28 19:41:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.09 14:21:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.15 15:48:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 14:21:45 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\extensions\[email protected]
[2010.08.30 13:37:50 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Mozilla\Firefox\Profiles\98arat3v.default\searchplugins\conduit.xml
[2011.05.08 14:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.10.18 20:33:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) --
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 16:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HP Software Update] File not found
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [System] File not found
O4 - HKLM..\Run: [VoiceCenter] C:\Programme\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinXPService] C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\mIRC\DriverUpdate.exe ()
O4 - HKCU..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [System] File not found
O4 - HKCU..\Run: [winlogon.exe] C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\winlogon\winlogon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.18 15:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{593efa48-15b5-11db-987f-00123fb63305}\Shell\AutoRun\command - "" = dll32.exe
O33 - MountPoints2\{593efa48-15b5-11db-987f-00123fb63305}\Shell\open\command - "" = dll32.exe
O33 - MountPoints2\{5c00aece-6ac5-11de-9be9-00123fb63305}\Shell - "" = AutoRun
O33 - MountPoints2\{5c00aece-6ac5-11de-9be9-00123fb63305}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c00aece-6ac5-11de-9be9-00123fb63305}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \lsass.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.10 18:02:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Familie Braun\IECompatCache
[2011.05.08 12:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.05.06 09:27:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Avira
[2011.05.04 21:43:59 | 000,000,000 | ---D | C] -- C:\Programme\Windows Defender
[2011.05.04 21:42:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2011.05.02 11:48:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\ArcSoft
[2011.05.02 11:40:13 | 000,000,000 | ---D | C] -- C:\Programme\ArcSoft
[2011.05.02 11:40:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ArcSoft
[2011.04.29 21:48:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\winlogon
[2011.04.26 22:40:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.04.26 22:07:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.04.26 22:07:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.04.26 22:07:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.04.26 22:01:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.04.26 21:56:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.04.26 21:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011.04.24 20:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\mIRC
[2011.04.21 21:42:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\GlarySoft
[2011.04.21 21:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Glary Utilities
[2011.04.21 21:05:42 | 000,000,000 | ---D | C] -- C:\Programme\Glary Utilities
[2011.04.21 19:59:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag
[2011.04.21 19:56:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\O&O
[2011.04.21 19:56:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\O&O Software
[2011.04.21 19:56:15 | 000,000,000 | ---D | C] -- C:\Programme\OO Software
[2011.04.21 18:51:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2011.04.21 18:16:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.04.21 16:04:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Debugging Tools for Windows (x86)
[2011.04.21 16:03:33 | 000,000,000 | ---D | C] -- C:\Programme\Debugging Tools for Windows (x86)
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Familie Braun\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Familie Braun\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.15 18:38:11 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.15 18:34:52 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011.05.15 18:34:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.15 18:34:43 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.15 13:59:08 | 000,000,678 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Verknüpfung mit OTL.lnk
[2011.05.15 11:27:52 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\VPN Client.lnk
[2011.05.15 11:23:35 | 000,142,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.14 19:47:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.05.08 14:15:34 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.05.08 12:26:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.05 09:34:25 | 000,002,601 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\O&O Defrag.lnk
[2011.05.04 21:07:02 | 000,002,715 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\data.dat
[2011.05.01 14:54:22 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Windows Media Player.lnk
[2011.04.29 09:41:36 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.29 08:55:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.29 08:41:18 | 000,464,254 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.29 08:41:18 | 000,445,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.29 08:41:18 | 000,086,652 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.29 08:41:18 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.26 22:44:13 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.04.26 22:01:16 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011.04.25 10:19:29 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.24 21:04:49 | 001,299,580 | -H-- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\I.exe
[2011.04.24 20:23:32 | 000,002,984 | -H-- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\I.attacker.exe
[2011.04.21 21:06:15 | 000,000,713 | ---- | M] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Glary Utilities.lnk
[2011.04.21 15:38:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Familie Braun\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Familie Braun\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.15 13:59:08 | 000,000,678 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Verknüpfung mit OTL.lnk
[2011.05.08 14:15:34 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2011.05.04 21:47:29 | 000,000,322 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.04 21:44:13 | 000,000,927 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Defender.lnk
[2011.05.04 19:10:54 | 000,002,715 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\data.dat
[2011.04.27 13:13:09 | 000,002,373 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft PowerPoint Viewer .lnk
[2011.04.26 22:40:59 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011.04.24 20:30:33 | 001,299,580 | -H-- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\I.exe
[2011.04.24 20:23:32 | 000,002,984 | -H-- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\I.attacker.exe
[2011.04.21 22:10:56 | 000,002,409 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\VPN Client.lnk
[2011.04.21 21:07:04 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011.04.21 21:06:15 | 000,000,713 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Desktop\Glary Utilities.lnk
[2011.04.21 19:56:19 | 000,002,601 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\O&O Defrag.lnk
[2011.04.21 15:58:12 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.21 15:38:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.03.30 14:27:47 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2010.03.30 14:27:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2010.02.18 11:27:37 | 000,000,266 | ---- | C] () -- C:\WINDOWS\hpqgrcpy.INI
[2009.10.31 11:57:47 | 034,119,048 | ---- | C] () -- C:\Programme\avira_antivir_personal408_de.exe
[2009.10.28 12:53:40 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009.10.28 12:43:40 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp2ml3.dll
[2009.10.23 09:25:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.08 15:22:19 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2009.04.28 18:23:35 | 000,085,268 | ---- | C] () -- C:\WINDOWS\hpgins01.dat.temp
[2009.04.28 18:23:35 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat.temp
[2009.03.20 11:52:51 | 001,697,763 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\mdbu.bin
[2009.03.01 13:18:50 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.02.23 13:17:15 | 000,000,617 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\burnaware.ini
[2009.01.13 12:29:00 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009.01.13 12:28:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008.02.25 23:40:56 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.07.23 07:56:14 | 000,004,585 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2007.07.23 07:53:38 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007.05.31 15:08:29 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.03.18 15:12:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2007.03.18 15:12:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2006.06.02 16:53:59 | 000,085,268 | ---- | C] () -- C:\WINDOWS\hpgins01.dat
[2006.06.02 16:53:59 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat
[2006.02.13 16:35:59 | 000,142,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.02.10 11:42:18 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\SOS9503.DLL
[2006.02.10 11:42:10 | 000,432,128 | ---- | C] () -- C:\WINDOWS\System32\SCRIPT32.DLL
[2006.01.21 22:59:58 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.12.24 00:21:14 | 000,000,505 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005.12.23 23:27:53 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2005.12.23 23:27:47 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2005.12.23 23:27:47 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2005.12.23 23:27:47 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2005.12.23 23:22:57 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Familie Braun\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.12.19 13:16:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.12.19 13:14:05 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.12.19 13:01:23 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005.12.19 13:01:23 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2005.12.19 12:48:16 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2005.12.19 12:48:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005.12.19 12:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005.12.19 12:47:50 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.12.19 12:47:34 | 000,000,413 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.12 23:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.04.09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004.08.18 15:26:49 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.18 15:22:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.18 15:16:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.18 15:15:48 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.18 15:12:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.18 15:11:35 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.18 15:05:50 | 000,464,254 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.18 15:05:50 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.18 15:05:50 | 000,086,652 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.18 15:05:50 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.18 15:05:37 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 15:05:35 | 000,445,772 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 15:05:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 15:05:35 | 000,072,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 15:05:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 15:05:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.18 15:05:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.18 15:05:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.18 15:05:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 15:05:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 15:05:18 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 15:05:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.02.10 22:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.11.13 22:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

========== LOP Check ==========

[2009.03.01 13:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice
[2006.12.21 18:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
[2005.12.23 23:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010.10.16 10:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.08.27 11:24:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.30 14:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.08.04 22:32:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Amazon
[2009.04.08 18:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\digital publishing
[2011.03.25 17:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.04.21 21:42:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\GlarySoft
[2010.05.14 13:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\HTML Executable
[2010.07.14 19:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\ICQ Toolbar
[2006.01.27 22:21:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\ICQLite
[2011.03.26 10:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Leadertech
[2011.05.10 18:00:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\PriceGong
[2005.12.23 23:28:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\T-Online
[2005.12.24 00:11:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\Template
[2011.04.29 21:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Familie Braun\Anwendungsdaten\winlogon
[2011.05.15 18:34:52 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2005.12.24 15:30:03 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job
[2011.05.15 18:38:11 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
errormessage.JPG

Edited by jeffreys DJ, 15 May 2011 - 11:29 AM.

  • 0

#3
jeffreys DJ
Posted 01 June 2011 - 09:31 AM

jeffreys DJ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
The problem has been solved by activities of Avira AntiVir 10 and by deleting a hidden folder named mIRC.

There was no response to our problem in 17 days
  • 0

#4
Gammo
Posted 02 June 2011 - 07:37 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP