Hartnäckiger Trojaner

Sykes · 23.03.2010, 23:09

Gude,

ich hab ein kleines oder auch vielleicht ein großes Trojaner-Problem.

Seit einigen Tagen findet mein Virusscanner avast! bei jeden hochfahren des PC´s einen Virus namens: Win32:VB-ORG[trj]

Der Pfad der infizierten Datei:

C:\DOKUME~1\Marc.Z\LOKALE~1\Temp\setupv.exe

Ich hab schon versucht ihn mit dem Trojan Remover zu entfernen, aber leider erfolglos.

HijackThis habe ich auch schon durchlaufen lassen, hier der Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:40, on 23.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Pando Networks\Media Booster\PMB.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\CTsvcCDA.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Programme\LogMeIn Hamachi\hamachi-2.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\MsPMSPSv.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Steam\Steam.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2427995
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Comoestamos Toolbar - {dffd3710-4709-4976-b713-aebe3550ad82} - C:\Programme\Comoestamos\tbCom1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Comoestamos Toolbar - {dffd3710-4709-4976-b713-aebe3550ad82} - C:\Programme\Comoestamos\tbCom1.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comoestamos Toolbar - {dffd3710-4709-4976-b713-aebe3550ad82} - C:\Programme\Comoestamos\tbCom1.dll
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS.0\system32\winsys2.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] "C:\Programme\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ESL Wire] "C:\Programme\EslWire\wire.exe" --tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: kav7.0.1.325en.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261766515558
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS.0\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 8706 bytes

Hoffe einer von euch kann mir helfen

lg

Chris4You · 24.03.2010, 07:43

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Programme\Comoestamos\tbCom1.dll
kav7.0.1.325en.exe (suchen, ev. zu finden in C:\WINDOWS.0\System32 oder C:\WINDOWS.0)

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

ATTFilter

Files to delete:
C:\DOKUME~1\Marc.Z\LOKALE~1\Temp\setupv.exe

Folders to delete:
C:\DOKUME~1\Marc.Z\LOKALE~1\Temp

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
(Falls vorhanden, Teatimer von Spyboot wie folgt deaktivieren:
Modus-->Erweiterte Modus-->Ja-->Werkzeuge-->Resident-->dHäkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen)->exit)

Code:

ATTFilter

R3 - URLSearchHook: Comoestamos Toolbar - {dffd3710-4709-4976-b713-aebe3550ad82} - C:\Programme\Comoestamos\tbCom1.dll
O2 - BHO: Comoestamos Toolbar - {dffd3710-4709-4976-b713-aebe3550ad82} - C:\Programme\Comoestamos\tbCom1.dll
O3 - Toolbar: Comoestamos Toolbar - {dffd3710-4709-4976-b713-aebe3550ad82} - C:\Programme\Comoestamos\tbCom1.dll

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

Sykes · 24.03.2010, 20:26

Dateien Online überprüfen lassen:

Beim scannen der Datei "C:\Programme\Comoestamos\tbCom1.dll" kam das hier raus:

Code:

ATTFilter

Antivirus  	Version  	letzte aktualisierung  	Ergebnis
a-squared	4.5.0.50	2010.03.24	-
AhnLab-V3	5.0.0.2	2010.03.24	-
AntiVir	8.2.1.196	2010.03.24	-
Antiy-AVL	2.0.3.7	2010.03.24	-
Authentium	5.2.0.5	2010.03.24	-
Avast	4.8.1351.0	2010.03.24	-
Avast5	5.0.332.0	2010.03.24	-
AVG	9.0.0.787	2010.03.24	-
BitDefender	7.2	2010.03.24	-
CAT-QuickHeal	10.00	2010.03.24	-
ClamAV	0.96.0.0-git	2010.03.24	-
Comodo	4370	2010.03.24	-
DrWeb	5.0.1.12222	2010.03.24	-
eSafe	7.0.17.0	2010.03.24	-
eTrust-Vet	35.2.7386	2010.03.24	-
F-Prot	4.5.1.85	2010.03.23	-
F-Secure	9.0.15370.0	2010.03.24	-
Fortinet	4.0.14.0	2010.03.24	-
GData	19	2010.03.24	-
Ikarus	T3.1.1.80.0	2010.03.24	-
Jiangmin	13.0.900	2010.03.24	-
K7AntiVirus	7.10.1004	2010.03.22	-
Kaspersky	7.0.0.125	2010.03.24	-
McAfee	5930	2010.03.24	-
McAfee+Artemis	5930	2010.03.24	-
McAfee-GW-Edition	6.8.5	2010.03.24	-
Microsoft	1.5605	2010.03.24	-
NOD32	4971	2010.03.24	-
Norman	6.04.10	2010.03.24	-
nProtect	2009.1.8.0	2010.03.24	-
Panda	10.0.2.2	2010.03.24	-
PCTools	7.0.3.5	2010.03.24	-
Prevx	3.0	2010.03.24	-
Rising	22.40.02.03	2010.03.24	-
Sophos	4.51.0	2010.03.24	-
Sunbelt	6031	2010.03.22	-
Symantec	20091.2.0.41	2010.03.24	-
TheHacker	6.5.2.0.242	2010.03.24	-
TrendMicro	9.120.0.1004	2010.03.24	-
VBA32	3.12.12.2	2010.03.24	-
ViRobot	2010.3.24.2242	2010.03.24	-
VirusBuster	5.0.27.0	2010.03.24	-
weitere Informationen
File size: 2349080 bytes
MD5...: 455e61a2cf37f7210df685e2b77bfbe3
SHA1..: 4e8bc33c6dfbdd9727988eb0aa95af115c08fa8f
SHA256: 1429bb65815378be477091733036bf346c2030d3cec57b9ce55010c8ff21e3f0
ssdeep: 49152:GYqHRU4WtsufiSkJ9Z9gfU4zG+zWxK7/xrFbAvzVQQiFimvB25:GT0tNiZ
vMfhLzWxKjshB
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1173a0
timedatestamp.....: 0x4b3c74b0 (Thu Dec 31 09:53:52 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1474f3 0x147600 6.60 130952ab5ca68491e3eb9afeb2f72268
.rdata 0x149000 0x74aa7 0x74c00 4.54 63901788510b8530f57c16d50e880945
.data 0x1be000 0x8584 0x6400 4.93 8dfa9c2f6d1b7fd5e0460812beebdaae
.rsrc 0x1c7000 0x5d168 0x5d200 5.97 4efdce3958de3ada93cb3e307af88510
.reloc 0x225000 0x1cfde 0x1d000 5.94 587570a59b7f4d5776c873b3af757d7c

( 20 imports )
> COMCTL32.dll: _TrackMouseEvent, -, InitCommonControlsEx, CreateToolbarEx, PropertySheetW, CreatePropertySheetPageW, ImageList_ReplaceIcon, ImageList_Create
> WININET.dll: InternetCanonicalizeUrlW, InternetCrackUrlW, InternetCloseHandle, InternetSetOptionA, FindFirstUrlCacheEntryA, FindNextUrlCacheEntryA, HttpOpenRequestA, InternetSetOptionExA, DeleteUrlCacheEntry, InternetGetLastResponseInfoA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetCrackUrlA, InternetOpenW, InternetSetOptionW, InternetOpenUrlW, InternetReadFile, InternetGetConnectedState, InternetQueryOptionA, InternetCanonicalizeUrlA, FindCloseUrlCache, InternetConnectA, GetUrlCacheEntryInfoW
> SHLWAPI.dll: SHDeleteKeyA, PathFileExistsW
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> MSIMG32.dll: GradientFill
> RPCRT4.dll: UuidToStringW
> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW
> CRYPT32.dll: CryptProtectData, CryptMsgClose, CertCloseStore, CertFreeCertificateContext, CryptUnprotectData, CertGetNameStringA, CertFindCertificateInStore, CryptQueryObject, CryptMsgGetParam, CertGetNameStringW
> WINMM.dll: PlaySoundA, sndPlaySoundW, PlaySoundW, timeGetTime
> PSAPI.DLL: EnumProcesses, GetModuleFileNameExW, EnumProcessModules, GetModuleBaseNameW, GetProcessMemoryInfo
> KERNEL32.dll: ReadFile, GlobalLock, GlobalAlloc, GetFileSize, CreateFileW, SizeofResource, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetFileTime, RemoveDirectoryW, GetSystemTimeAsFileTime, GetComputerNameW, OutputDebugStringW, HeapFree, GetProcessHeap, LocalAlloc, OpenProcess, Thread32Next, Thread32First, CreateToolhelp32Snapshot, TerminateProcess, SetThreadPriority, GetCurrentThread, SetEvent, CreateSemaphoreW, ReleaseSemaphore, CreateFileMappingW, OpenFileMappingW, UnmapViewOfFile, MapViewOfFile, MulDiv, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, ExitProcess, VirtualAlloc, VirtualFree, HeapDestroy, HeapCreate, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetCommandLineA, ResumeThread, ExitThread, RaiseException, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, HeapReAlloc, HeapAlloc, RtlUnwind, LoadLibraryA, GlobalUnlock, GlobalFree, OpenMutexW, GetCurrentProcess, FlushInstructionCache, VirtualProtect, Sleep, ExpandEnvironmentStringsW, CreateProcessW, GetLocaleInfoW, CreateMutexW, SetEndOfFile, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, LCMapStringW, GetLocaleInfoA, Beep, MultiByteToWideChar, GetLocalTime, GetDateFormatW, GetTimeFormatW, FindResourceW, LoadResource, LockResource, FreeResource, GetFileAttributesW, SetLastError, CreateThread, FindFirstFileW, DeleteFileW, FindNextFileW, FindClose, CopyFileW, lstrcpyW, lstrcpyA, GetCurrentThreadId, LocalFree, GetLongPathNameW, GetShortPathNameW, GetModuleHandleW, GetTickCount, GetVersionExA, LoadLibraryW, FreeLibrary, WideCharToMultiByte, GetModuleFileNameA, MoveFileExW, lstrlenW, CreateEventW, WaitForSingleObject, GetModuleFileNameW, GetModuleHandleA, GetProcAddress, GetLastError, InterlockedDecrement, ReleaseMutex, CloseHandle, GetCurrentProcessId, HeapSize, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, LCMapStringA, GetConsoleCP, GetConsoleMode, InterlockedExchange, FlushFileBuffers, InitializeCriticalSectionAndSpinCount, SetFilePointer
> USER32.dll: GetWindowRgn, MessageBeep, GetActiveWindow, IsDialogMessageA, IsDialogMessageW, MessageBoxA, DialogBoxParamW, DialogBoxParamA, CreateDialogParamA, CreateDialogParamW, SetRectEmpty, GetKeyState, SetDlgItemInt, GetDlgItemTextA, FrameRect, DrawFrameControl, CharLowerBuffA, DrawEdge, MsgWaitForMultipleObjects, PostThreadMessageA, SetParent, GetDlgItemTextW, GetScrollInfo, GetMenuItemRect, InsertMenuItemA, InsertMenuItemW, IsMenu, GetMenuInfo, SetMenuInfo, GetMenuItemID, GetMenuState, SetMenuItemInfoW, CheckMenuItem, EnableMenuItem, DeleteMenu, TrackPopupMenu, GetMonitorInfoW, GetMenuItemCount, GetMenuItemInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, SetForegroundWindow, EnableWindow, IsDlgButtonChecked, CheckDlgButton, SetActiveWindow, TranslateMessage, GetMessageA, ReleaseCapture, GetCapture, DispatchMessageW, DispatchMessageA, SetCapture, GetUpdateRect, BeginPaint, EndPaint, SetWindowRgn, SetRect, OffsetRect, DrawIconEx, GetIconInfo, DestroyIcon, GetSystemMetrics, FillRect, GetSysColor, PeekMessageA, MessageBoxW, DefWindowProcW, GetAsyncKeyState, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, LoadImageW, IsIconic, GetLastInputInfo, CharUpperW, DrawFocusRect, GetWindow, UpdateWindow, GetClassInfoExW, RegisterClassExW, CopyRect, PostMessageW, SetDlgItemTextW, EndDialog, GetWindowTextW, FindWindowW, GetMenuItemInfoA, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, CreateWindowExW, UnregisterClassA, GetClassNameW, DefWindowProcA, GetWindowLongA, SetWindowLongA, GetFocus, IsChild, KillTimer, IsWindowUnicode, CallWindowProcW, FindWindowExW, GetWindowThreadProcessId, SetWindowPos, wsprintfW, SetWindowTextA, SetWindowTextW, GetClientRect, GetDlgCtrlID, CallWindowProcA, InvalidateRect, IsWindow, GetDlgItem, SendMessageA, ClientToScreen, GetParent, GetWindowLongW, SetCursor, LoadCursorA, InflateRect, PostMessageA, ShowWindow, SetWindowLongW, ReleaseDC, MoveWindow, DrawTextW, GetDC, GetWindowRect, RegisterWindowMessageW, IsWindowVisible, PtInRect, ScreenToClient, GetCursorPos, MonitorFromRect, GetMonitorInfoA, GetClassInfoW, RegisterClassW, DestroyWindow, SetTimer, GetDesktopWindow, SetFocus, AllowSetForegroundWindow
> GDI32.dll: GetBkMode, GetBkColor, PtInRegion, SetLayout, PlgBlt, SelectPalette, RealizePalette, GetDeviceCaps, SetRectRgn, OffsetRgn, FrameRgn, SetTextAlign, TextOutW, RoundRect, ExcludeClipRect, GetPixel, CreateCompatibleBitmap, BitBlt, CreateRectRgn, Polygon, GdiFlush, SetPixel, GetObjectA, GetTextAlign, GetTextExtentPoint32W, GetLayout, Rectangle, SetBkColor, CreateCompatibleDC, DeleteDC, CreateSolidBrush, CreateFontIndirectW, CombineRgn, CreatePen, SelectObject, MoveToEx, LineTo, DeleteObject, GetWindowOrgEx, SetWindowOrgEx, SetBkMode, SetTextColor, GetTextColor, GetStockObject
> COMDLG32.dll: GetOpenFileNameW
> ADVAPI32.dll: RegCreateKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetSidSubAuthority, SetSecurityDescriptorSacl, RegDeleteKeyA, RegCloseKey, RegOpenKeyExA, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegSetValueExA, RegCreateKeyExA, GetSidSubAuthorityCount, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptAcquireContextA, CryptReleaseContext, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, GetTokenInformation, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, OpenProcessToken, GetSecurityDescriptorSacl
> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW, SHCreateDirectoryExW, ShellExecuteW
> ole32.dll: CoCreateInstance, IIDFromString, CreateStreamOnHGlobal, CLSIDFromString, CoUninitialize, CoCreateGuid, StringFromGUID2, CoInitialize, CoGetMalloc, StringFromIID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> DNSAPI.dll: DnsQuery_A

( 14 exports )
DllCanUnloadNow, DllConnectToIE, DllConnectionProc, DllGetClassObject, DllGetInstallFileNameExt, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows OCX File (47.6%)
Win64 Executable Generic (33.0%)
Win32 Executable MS Visual C++ (generic) (14.5%)
Win32 Executable Generic (3.2%)
Generic Win/DOS Executable (0.7%)
sigcheck:
publisher....: Conduit Ltd.
copyright....: Copyright (c) Conduit Ltd. 2008
product......: Conduit Toolbar
description..: Conduit Toolbar
original name: n/a
internal name: Conduit Toolbar
file version.: 5, 3, 4, 2
comments.....: Conduit Toolbar ver 1.0
signers......: -
signing date.: -
verified.....: Unsigned

Die Datei "kav7.0.1.325en.exe" konnte ich in keinen der angegebenen Ordner finden.

Avenger:

Code:

ATTFilter

Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\DOKUME~1\Marc.Z\LOKALE~1\Temp\setupv.exe" deleted successfully.
Folder "C:\DOKUME~1\Marc.Z\LOKALE~1\Temp" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Virus wurde beim Neustart trotzdem wieder gefunden.

Malwarebytes Antimalware (MAM)

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3909
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.03.2010 19:34:06
mbam-log-2010-03-24 (19-34-04).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 188229
Laufzeit: 35 minute(s), 2 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\JDdownloader\Serials World\SerialsWorld.exe (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\Marc.Z\Startmenü\Programme\Autostart\kav7.0.1.325en.exe (Trojan.StartPage) -> No action taken.
C:\Programme\Adobe Design Premium CS3\Adobe Photoshop CS3\Msvcrt.dll (Malware.Packer.Gen) -> No action taken.
C:\Programme\Adobe Design Premium CS3\Adobe Photoshop CS3\Shfolder.dll (Malware.Packer.Gen) -> No action taken.
C:\Programme\Alwil Software\Avast4\DATA\moved\setupv.exe.2.vir (Trojan.FakeAlert) -> No action taken.
C:\Programme\Alwil Software\Avast4\DATA\moved\setupv.exe.vir (Trojan.FakeAlert) -> No action taken.

Danach kam keine Virusmeldung mehr.

OTL

Otl-Logfile

Code:

ATTFilter

OTL logfile created on: 24.03.2010 19:42:55 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Dokumente und Einstellungen\Marc.Z\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 118,11 Gb Free Space | 50,72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME-YIIOXJU9J8
Current User Name: Marc.Z
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Marc.Z\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Windows NT\Zubehör\wordpad.exe (Microsoft Corporation)
PRC - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS.0\soundman.exe (Realtek Semiconductor Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Marc.Z\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (npggsvc) -- C:\WINDOWS.0\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\WINDOWS.0\System32\Drivers\sptd.sys ()
DRV - (ESLvnic1) -- C:\WINDOWS.0\system32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (aswMon2) -- C:\WINDOWS.0\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS.0\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS.0\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS.0\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS.0\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS.0\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (hamachi) -- C:\WINDOWS.0\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS.0\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (MSICPL) -- C:\WINDOWS.0\system32\msicpl.dll (MSI)
DRV - (FLASHSYS) -- C:\Programme\MSI\Live Update 4\LU4\FlashSys.sys ()
DRV - (nv) -- C:\WINDOWS.0\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS.0\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (AmdK8) -- C:\WINDOWS.0\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nvata) -- C:\WINDOWS.0\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS.0\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS.0\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS.0\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (ha10kx2k) -- C:\WINDOWS.0\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS.0\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS.0\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS.0\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS.0\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTSBLFX) -- C:\WINDOWS.0\system32\ctsblfx.dll (Creative Technology Ltd)
DRV - (CTAUDFX) -- C:\WINDOWS.0\system32\ctaudfx.dll (Creative Technology Ltd)
DRV - (COMMONFX) -- C:\WINDOWS.0\system32\commonfx.dll (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS.0\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS.0\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS.0\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS.0\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS.0\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2427995
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.12.24 20:08:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.10 01:31:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.03.21 19:09:23 | 000,000,000 | ---D | M]
 
[2010.01.09 23:14:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Extensions
[2010.01.09 23:14:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.03.23 20:04:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\extensions
[2010.01.01 14:11:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.25 20:32:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.03 19:03:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.11 16:08:32 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010.01.02 22:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.10 01:11:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\extensions\ChoiceGuard@Microsoft
[2010.02.03 19:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\extensions\staged-xpis
[2010.01.17 17:09:04 | 000,002,236 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\askcom.xml
[2010.03.10 00:12:18 | 000,001,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\bing.xml
[2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\conduit.xml
[2010.02.12 17:06:52 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\daemon-search.xml
[2010.03.23 08:35:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\icqplugin-1.xml
[2010.02.12 17:07:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\icqplugin-2.xml
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\icqplugin.src
[2010.01.16 12:19:39 | 000,000,955 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\icqplugin.xml
[2010.03.23 20:04:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.25 23:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.31 18:27:28 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.02.11 16:27:51 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.11 16:27:51 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.11 16:27:51 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.11 16:27:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.11 16:27:51 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.22 08:48:44 | 000,000,896 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {dffd3710-4709-4976-b713-aebe3550ad82} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFFD3710-4709-4976-B713-AEBE3550AD82} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTXFIREG]  File not found
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS.0\System32\nwiz.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.0\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS.0\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS.0\system32\WinSys2.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261766515558 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS.0\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.0\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS.0\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS.0\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.24 11:25:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.03.24 19:41:27 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\OTL.exe
[2010.03.24 19:37:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi
[2010.03.24 18:52:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Malwarebytes
[2010.03.24 18:52:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbamswissarmy.sys
[2010.03.24 18:52:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.03.24 18:52:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys
[2010.03.24 18:52:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.03.24 08:54:40 | 009,823,176 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\windows-kb890830-v3.5.exe
[2010.03.23 22:48:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB
[2010.03.23 22:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2010.03.23 22:48:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\PC_Drivers_Headquarters
[2010.03.23 22:48:20 | 000,000,000 | ---D | C] -- C:\Programme\PC Drivers HeadQuarters
[2010.03.23 21:57:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\Drakensang
[2010.03.23 21:39:34 | 000,000,000 | ---D | C] -- C:\Programme\Drakensang
[2010.03.23 20:39:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Delle--Before_I_Grow_Old-2CD-2009-OMA
[2010.03.23 11:28:45 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Recent
[2010.03.23 11:06:18 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\WINDOWS.0\IsUn0407.exe
[2010.03.22 18:30:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Bob Marley & The Wailers - Legend (The Best Of)
[2010.03.22 09:09:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{88078557-37D5-402B-8B75-49F162ECEDBD}
[2010.03.22 09:08:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Fighters
[2010.03.22 09:08:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2010.03.22 00:10:47 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\Prefetch
[2010.03.22 00:04:00 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\ztvcabinet.dll
[2010.03.22 00:03:58 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.03.22 00:03:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\Simply Super Software
[2010.03.22 00:03:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Simply Super Software
[2010.03.22 00:03:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software
[2010.03.21 11:05:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\Nero
[2010.03.21 11:04:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\Nero Collections
[2010.03.21 10:54:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Nero
[2010.03.21 10:45:30 | 000,000,000 | ---D | C] -- C:\Programme\Nero
[2010.03.21 10:45:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nero
[2010.03.21 03:18:28 | 000,000,000 | ---D | C] -- C:\Programme\Windows Sidebar
[2010.03.21 03:10:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
[2010.03.21 00:28:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\Comoestamos
[2010.03.21 00:28:33 | 000,000,000 | ---D | C] -- C:\Programme\Comoestamos
[2010.03.21 00:28:12 | 000,000,000 | ---D | C] -- C:\Programme\Cargar Movil
[2010.03.20 18:05:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\Ascaron Entertainment
[2010.03.20 17:40:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\Sykes
[2010.03.19 15:50:12 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\pss
[2010.03.18 22:33:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\SecuROM
[2010.03.18 22:33:34 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS.0\System32\CmdLineExt.dll
[2010.03.16 07:43:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\LOG
[2010.03.15 20:25:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Aequitas
[2010.03.15 17:29:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\ESL Wire Game Client
[2010.03.15 17:28:34 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\WINDOWS.0\System32\drivers\ESLvnic.sys
[2010.03.15 17:28:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESL Wire
[2010.03.15 17:28:33 | 000,000,000 | ---D | C] -- C:\Programme\EslWire
[2010.03.15 11:58:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\NeroVision
[2010.03.14 18:38:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Leadertech
[2010.03.14 17:59:54 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\data
[2010.03.13 14:03:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\Uniblue
[2010.03.13 13:31:48 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\mucltui.dll.mui
[2010.03.13 13:31:47 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\mucltui.dll
[2010.03.10 19:58:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\assembly
[2010.03.10 19:43:23 | 000,000,000 | ---D | C] -- C:\Programme\NCsoft
[2010.03.10 01:32:29 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.03.10 01:32:27 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.03.10 01:29:18 | 000,413,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\mpg4c32.dll
[2010.03.10 01:29:18 | 000,261,632 | ---- | C] (MainConcept) -- C:\WINDOWS.0\System32\mcdvd_32.dll
[2010.03.10 01:29:18 | 000,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\WINDOWS.0\System32\divxdec.ax
[2010.03.10 01:29:18 | 000,082,944 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS.0\System32\vct3216.acm
[2010.03.10 01:29:18 | 000,081,920 | ---- | C] (fccHandler) -- C:\WINDOWS.0\System32\AC3ACM.acm
[2010.03.10 01:29:18 | 000,038,912 | ---- | C] (NCT Company) -- C:\WINDOWS.0\System32\alf2cd.acm
[2010.03.10 01:29:18 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\WINDOWS.0\System32\Scg726.acm
[2010.03.10 01:13:10 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\nview
[2010.03.10 01:12:50 | 000,000,000 | ---D | C] -- C:\Programme\WinAVI MP4 Converter
[2010.03.10 01:12:48 | 000,000,000 | ---D | C] -- C:\Programme\Ashampoo
[2010.03.10 01:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\DirectX
[2010.03.10 01:11:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.03.10 01:11:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.03.10 01:03:34 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2010.03.09 21:54:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\My Games
[2010.03.09 21:33:32 | 000,000,000 | ---D | C] -- C:\Programme\Flagship Studios
[2010.03.09 11:22:24 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\AGEIA
[2010.03.08 09:00:46 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\nview(3)
[2010.03.08 05:12:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\ErrorLogs
[2010.03.08 04:06:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2010.03.08 03:26:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverScanner
[2010.03.08 03:12:39 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.03.08 02:48:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Uniblue
[2010.03.05 13:46:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\AVS4YOU
[2010.03.04 21:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\South Park Staffel 12
[2010.03.04 17:11:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
[2010.03.02 23:50:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\South Park Staffel 13
[2010.03.01 18:53:56 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\Performance
[2010.03.01 18:53:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation
[2010.02.28 09:43:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\JDdownloader
[2010.02.28 09:35:03 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.02.26 13:27:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Teeworlds
[2010.02.26 13:21:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\teeworlds-0.5.2-win32
[2010.02.26 01:22:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.02.24 21:10:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\Sarah
[2010.02.23 20:58:31 | 000,000,000 | ---D | C] -- C:\Programme\Veetle
[2010.02.23 15:06:36 | 000,000,000 | ---D | C] -- C:\Programme\World of Warcraft
[2010.02.23 14:09:27 | 000,000,000 | ---D | C] -- C:\Programme\PokerStars.NET
[2010.02.23 11:36:05 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2010.02.23 00:42:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\InstallShield
[2010.02.23 00:42:25 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2010.01.27 14:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2009.12.25 13:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.12.24 19:40:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.12.24 11:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.12.24 11:25:27 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2009.12.24 11:25:27 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2009.06.23 11:49:14 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS.0\System32\a3d.dll
[8 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
[4 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.03.24 19:41:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT
[2010.03.24 19:41:34 | 000,013,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\ddd.rtf
[2010.03.24 19:41:28 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\OTL.exe
[2010.03.24 19:38:49 | 000,013,758 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2010.03.24 19:37:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2010.03.24 19:36:22 | 009,699,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\ntuser.dat
[2010.03.24 19:36:14 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\ntuser.ini
[2010.03.24 18:52:40 | 000,000,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.24 08:54:54 | 009,823,176 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\windows-kb890830-v3.5.exe
[2010.03.24 01:29:01 | 000,002,187 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2010.03.23 22:48:30 | 000,002,246 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Driver Detective.lnk
[2010.03.23 21:49:16 | 000,001,564 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Drakensang.lnk
[2010.03.23 17:17:05 | 000,000,212 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\default.rss
[2010.03.23 17:17:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS.0\NeroDigital.ini
[2010.03.23 15:35:01 | 000,077,824 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.22 20:14:35 | 000,001,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Condition Zero Gelöschte Szenen.lnk
[2010.03.22 08:48:44 | 000,000,896 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts
[2010.03.22 04:17:18 | 000,000,425 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\Sykes - SCHLAND.rtf
[2010.03.22 01:32:29 | 000,000,155 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\AVSMediaPlayer.m3u
[2010.03.22 00:11:07 | 000,000,856 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\HOSTS.TRB
[2010.03.22 00:10:47 | 000,000,264 | ---- | M] () -- C:\WINDOWS.0\tasks\Uniblue SpeedUpMyPC Nag.job
[2010.03.22 00:01:21 | 000,002,317 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SeaTools for Windows.lnk
[2010.03.21 19:30:10 | 000,003,510 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\SVCD1.nsd
[2010.03.21 19:08:38 | 000,002,125 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.03.21 19:03:40 | 000,000,746 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\WinAVI MP4 Converter.lnk
[2010.03.21 11:04:42 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\downloads.m3u
[2010.03.21 10:53:18 | 000,004,767 | ---- | M] () -- C:\WINDOWS.0\Irremote.ini
[2010.03.21 10:45:50 | 000,002,363 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero StartSmart.lnk
[2010.03.21 09:49:04 | 000,099,848 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2010.03.21 01:51:48 | 000,014,680 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.03.20 20:27:09 | 000,004,569 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\O.P.F.E.R!!!.rtf
[2010.03.20 17:59:58 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS.0\System32\CmdLineExt.dll
[2010.03.19 16:55:27 | 000,000,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100319_165525.reg
[2010.03.19 16:55:06 | 000,007,716 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100319_165500.reg
[2010.03.19 16:21:10 | 000,379,997 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\HOSTS.TRBAK
[2010.03.19 15:51:45 | 000,000,517 | ---- | M] () -- C:\WINDOWS.0\win.ini
[2010.03.19 15:51:45 | 000,000,297 | RHS- | M] () -- C:\boot.ini
[2010.03.19 15:51:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS.0\system.ini
[2010.03.15 20:39:33 | 000,000,809 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\World of Warcraft.lnk
[2010.03.15 17:28:38 | 000,000,625 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ESL Wire.lnk
[2010.03.15 16:17:19 | 000,164,201 | ---- | M] () -- C:\WINDOWS.0\System32\nvapps.xml
[2010.03.14 18:23:34 | 007,565,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Chakuza - Ikarus (feat. David Asphalt.MP3
[2010.03.14 17:57:03 | 000,386,852 | ---- | M] () -- C:\WINDOWS.0\System32\ctdnlstr.dat
[2010.03.14 17:57:03 | 000,313,207 | ---- | M] () -- C:\WINDOWS.0\System32\ctstatic.dat
[2010.03.14 17:57:03 | 000,274,587 | ---- | M] () -- C:\WINDOWS.0\System32\ctsbas2w.dat
[2010.03.14 17:57:03 | 000,051,787 | ---- | M] () -- C:\WINDOWS.0\System32\ctdlang.dat
[2010.03.14 17:57:02 | 000,149,838 | ---- | M] () -- C:\WINDOWS.0\System32\ctbas2w.dat
[2010.03.14 17:57:02 | 000,053,932 | ---- | M] () -- C:\WINDOWS.0\System32\ctdaught.dat
[2010.03.14 17:57:02 | 000,001,912 | ---- | M] () -- C:\WINDOWS.0\System32\Audigy.bmp
[2010.03.14 17:57:01 | 004,931,577 | ---- | M] () -- C:\WINDOWS.0\CTDVAUDY.CDF
[2010.03.14 17:57:01 | 000,000,059 | ---- | M] () -- C:\WINDOWS.0\System32\default8.sfm
[2010.03.14 17:57:01 | 000,000,059 | ---- | M] () -- C:\WINDOWS.0\System32\default4.sfm
[2010.03.14 17:57:01 | 000,000,059 | ---- | M] () -- C:\WINDOWS.0\System32\default.sfm
[2010.03.14 17:57:00 | 003,735,544 | ---- | M] () -- C:\WINDOWS.0\CTDV10K2.CDF
[2010.03.14 17:57:00 | 002,167,684 | ---- | M] () -- C:\WINDOWS.0\System32\CT2MGM.SF2
[2010.03.14 17:57:00 | 001,048,576 | ---- | M] () -- C:\WINDOWS.0\System32\CT1MGM.ROM
[2010.03.14 17:57:00 | 000,008,022 | ---- | M] () -- C:\WINDOWS.0\System32\UDAAPO32.UDA
[2010.03.14 17:44:31 | 000,141,016 | ---- | M] () -- C:\WINDOWS.0\System32\ALSNDMGR.WAV
[2010.03.13 14:03:28 | 000,000,727 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DriverScanner.lnk
[2010.03.13 13:54:33 | 000,000,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SpeedUpMyPC.lnk
[2010.03.12 16:52:05 | 000,001,752 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Xilisoft PSP Video Converter.lnk
[2010.03.11 02:05:44 | 003,178,374 | -H-- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.03.10 19:50:14 | 000,000,754 | ---- | M] () -- C:\WINDOWS.0\WORDPAD.INI
[2010.03.10 03:30:46 | 000,004,096 | ---- | M] () -- C:\WINDOWS.0\d3dx.dat
[2010.03.10 02:59:59 | 000,691,696 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\sptd.sys
[2010.03.10 02:23:09 | 000,000,378 | ---- | M] () -- C:\WINDOWS.0\tasks\Uniblue SpeedUpMyPC.job
[2010.03.10 01:31:03 | 000,001,598 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.03.10 01:29:32 | 000,000,938 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\AVS4YOU Software Navigator.lnk
[2010.03.10 01:29:24 | 000,000,936 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVS Media Player.lnk
[2010.03.09 16:02:31 | 000,000,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100309_160229.reg
[2010.03.09 16:02:22 | 000,009,034 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100309_160218.reg
[2010.03.08 05:23:04 | 000,000,858 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\CommandDispatchers.xml
[2010.03.08 05:12:44 | 000,001,367 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\cleaner-config.xml
[2010.03.08 03:24:48 | 000,000,739 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk
[2010.03.06 09:54:51 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\AVS Video Converter 6.lnk
[2010.03.05 17:39:25 | 000,000,771 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Player.lnk
[2010.03.05 17:39:18 | 000,000,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Converter.lnk
[2010.03.05 17:38:50 | 000,001,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\DivX Movies.lnk
[2010.03.02 10:53:42 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) -- C:\WINDOWS.0\System32\drivers\ESLvnic.sys
[2010.03.02 04:25:15 | 000,002,562 | ---- | M] () -- C:\WINDOWS.0\diagwrn.xml
[2010.03.02 04:25:15 | 000,001,908 | ---- | M] () -- C:\WINDOWS.0\diagerr.xml
[2010.03.01 15:49:41 | 000,002,429 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\TubeBox! starten.lnk
[2010.02.28 09:35:14 | 000,000,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\JDownloader.lnk
[2010.02.23 20:18:04 | 003,869,515 | R--- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\ComboFix.exe
[2010.02.23 11:41:41 | 000,001,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Counter-Strike.lnk
[2010.02.23 08:19:32 | 000,000,726 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100223_081922.reg
[2010.02.23 08:19:13 | 000,027,420 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100223_081910.reg
[8 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
[4 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.03.24 18:52:40 | 000,000,698 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.24 18:34:04 | 000,013,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\ddd.rtf
[2010.03.23 22:48:30 | 000,002,246 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Driver Detective.lnk
[2010.03.23 21:49:16 | 000,001,564 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Drakensang.lnk
[2010.03.22 20:14:35 | 000,001,521 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Condition Zero Gelöschte Szenen.lnk
[2010.03.22 04:17:16 | 000,000,425 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\Sykes - SCHLAND.rtf
[2010.03.22 00:04:00 | 000,162,304 | ---- | C] () -- C:\WINDOWS.0\System32\ztvunrar36.dll
[2010.03.22 00:04:00 | 000,153,088 | ---- | C] () -- C:\WINDOWS.0\System32\UNRAR3.dll
[2010.03.22 00:04:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS.0\System32\ztvunace26.dll
[2010.03.22 00:04:00 | 000,075,264 | ---- | C] () -- C:\WINDOWS.0\System32\unacev2.dll
[2010.03.21 19:30:10 | 000,003,510 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\SVCD1.nsd
[2010.03.21 19:03:40 | 000,000,746 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\WinAVI MP4 Converter.lnk
[2010.03.21 11:05:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS.0\NeroDigital.ini
[2010.03.21 11:04:42 | 000,000,212 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\default.rss
[2010.03.21 11:04:42 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\downloads.m3u
[2010.03.21 10:45:50 | 000,002,363 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nero StartSmart.lnk
[2010.03.21 03:18:07 | 000,004,767 | ---- | C] () -- C:\WINDOWS.0\Irremote.ini
[2010.03.20 20:27:09 | 000,004,569 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\O.P.F.E.R!!!.rtf
[2010.03.19 16:55:26 | 000,000,744 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100319_165525.reg
[2010.03.19 16:55:01 | 000,007,716 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100319_165500.reg
[2010.03.15 17:28:38 | 000,000,625 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ESL Wire.lnk
[2010.03.14 18:14:46 | 007,565,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Chakuza - Ikarus (feat. David Asphalt.MP3
[2010.03.14 17:57:03 | 000,386,852 | ---- | C] () -- C:\WINDOWS.0\System32\ctdnlstr.dat
[2010.03.14 17:57:01 | 000,000,059 | ---- | C] () -- C:\WINDOWS.0\System32\default8.sfm
[2010.03.14 17:57:01 | 000,000,059 | ---- | C] () -- C:\WINDOWS.0\System32\default4.sfm
[2010.03.14 17:57:01 | 000,000,059 | ---- | C] () -- C:\WINDOWS.0\System32\default.sfm
[2010.03.14 17:57:00 | 004,931,577 | ---- | C] () -- C:\WINDOWS.0\CTDVAUDY.CDF
[2010.03.14 17:57:00 | 003,735,544 | ---- | C] () -- C:\WINDOWS.0\CTDV10K2.CDF
[2010.03.14 17:44:18 | 009,699,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\ntuser.dat
[2010.03.13 14:03:28 | 000,000,727 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DriverScanner.lnk
[2010.03.13 13:54:33 | 000,000,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SpeedUpMyPC.lnk
[2010.03.12 16:52:05 | 000,001,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Xilisoft PSP Video Converter.lnk
[2010.03.10 03:30:46 | 000,004,096 | ---- | C] () -- C:\WINDOWS.0\d3dx.dat
[2010.03.10 02:59:58 | 000,691,696 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\sptd.sys
[2010.03.10 02:23:09 | 000,000,378 | ---- | C] () -- C:\WINDOWS.0\tasks\Uniblue SpeedUpMyPC.job
[2010.03.10 02:23:09 | 000,000,264 | ---- | C] () -- C:\WINDOWS.0\tasks\Uniblue SpeedUpMyPC Nag.job
[2010.03.10 01:32:51 | 000,002,125 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.03.10 01:31:02 | 000,001,598 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.03.10 01:29:18 | 000,524,288 | ---- | C] () -- C:\WINDOWS.0\System32\xvidcore.dll
[2010.03.10 01:29:18 | 000,139,264 | ---- | C] () -- C:\WINDOWS.0\System32\xvidvfw.dll
[2010.03.10 01:29:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\xvid.ax
[2010.03.09 16:02:29 | 000,000,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100309_160229.reg
[2010.03.09 16:02:21 | 000,009,034 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100309_160218.reg
[2010.03.08 09:00:51 | 000,164,201 | ---- | C] () -- C:\WINDOWS.0\System32\nvapps.xml
[2010.03.08 09:00:46 | 000,019,495 | ---- | C] () -- C:\WINDOWS.0\System32\nvdisp.nvu
[2010.03.08 05:15:29 | 000,818,808 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.03.08 05:12:45 | 000,000,858 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\CommandDispatchers.xml
[2010.03.08 05:12:44 | 000,001,367 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\cleaner-config.xml
[2010.03.08 03:24:48 | 000,000,739 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk
[2010.03.06 09:54:51 | 000,000,873 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\AVS Video Converter 6.lnk
[2010.03.01 18:15:19 | 000,002,562 | ---- | C] () -- C:\WINDOWS.0\diagwrn.xml
[2010.03.01 18:15:19 | 000,001,908 | ---- | C] () -- C:\WINDOWS.0\diagerr.xml
[2010.02.28 09:35:14 | 000,000,736 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\JDownloader.lnk
[2010.02.23 15:52:09 | 000,000,809 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\World of Warcraft.lnk
[2010.02.23 11:41:41 | 000,001,519 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Desktop\Counter-Strike.lnk
[2010.02.23 11:36:05 | 000,002,187 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2010.02.23 08:19:23 | 000,000,726 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100223_081922.reg
[2010.02.23 08:19:11 | 000,027,420 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Eigene Dateien\cc_20100223_081910.reg
[2010.02.11 23:03:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS.0\WORDPAD.INI
[2010.01.01 15:41:52 | 000,000,155 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\AVSMediaPlayer.m3u
[2009.12.26 14:11:24 | 000,077,824 | ---- | C] () -- C:\Dokumente und Einstellungen\Marc.Z\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.25 17:52:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS.0\System32\RtlCPAPI.dll
[2009.12.24 19:11:53 | 000,004,940 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe
[2009.12.24 19:10:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS.0\System32\psisdecd.dll
[2009.12.24 11:43:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\SBWIN.INI
[2009.12.24 11:43:14 | 000,000,231 | ---- | C] () -- C:\WINDOWS.0\AC3API.INI
[2009.12.24 11:32:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\msicpl.ini
[2009.12.24 11:31:31 | 000,131,072 | R--- | C] () -- C:\WINDOWS.0\System32\smdll.dll
[2009.12.24 11:31:30 | 000,032,768 | R--- | C] () -- C:\WINDOWS.0\System32\Auxiliary.dll
[2009.12.24 11:31:29 | 000,266,240 | R--- | C] () -- C:\WINDOWS.0\System32\HookShield.dll
[2009.12.24 11:31:29 | 000,262,144 | R--- | C] () -- C:\WINDOWS.0\System32\HookMAp.dll
[2009.06.23 12:29:50 | 000,049,719 | ---- | C] () -- C:\WINDOWS.0\System32\instwdm.ini
[2009.06.23 12:29:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS.0\System32\ctzapxx.ini
[2007.12.05 08:11:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS.0\System32\nvwdmcpl.dll
[2007.12.05 08:11:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS.0\System32\nview.dll
[2007.12.05 08:11:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS.0\System32\nvwimg.dll
[2007.12.05 08:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS.0\System32\nvshell.dll
[2007.12.05 08:11:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS.0\System32\nvnt4cpl.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelFrench.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D06A4C76
< End of report >

Sykes · 24.03.2010, 20:27

OTL Extras Logfile

Code:

ATTFilter

OTL Extras logfile created on: 24.03.2010 19:42:55 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Dokumente und Einstellungen\Marc.Z\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 118,11 Gb Free Space | 50,72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME-YIIOXJU9J8
Current User Name: Marc.Z
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57520:TCP" = 57520:TCP:*:Enabled:Pando Media Booster
"57520:UDP" = 57520:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HLSW\hlsw.exe" = C:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW Application -- (Stripf Software)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ -- (ICQ, LLC.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\Steam\steamapps\mjay217\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\mjay217\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Dokumente und Einstellungen\Marc.Z\Desktop\teeworlds-0.5.2-win32\teeworlds_srv.exe" = C:\Dokumente und Einstellungen\Marc.Z\Desktop\teeworlds-0.5.2-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv -- ()
"C:\Programme\Steam\steamapps\mjay217\condition zero\hl.exe" = C:\Programme\Steam\steamapps\mjay217\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\EslWire\wire.exe" = C:\Programme\EslWire\wire.exe:*:Enabled:ESL Wire Client -- (Turtle Entertainment GmbH)
"C:\Programme\Steam\steamapps\mjay217\condition zero deleted scenes\hl.exe" = C:\Programme\Steam\steamapps\mjay217\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{588d8d73-dcc7-4733-ab7a-cd04ca675da2}" = Nero 9 Trial
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner 2010
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECB9B3D-E681-4458-85F8-8D182941AF1D}" = Sound Blaster Audigy 2
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D761C5D2-E727-415A-BC4E-52642CEA1A1C}" = TubeBox!
"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F744201B-8229-4FBF-AF10-13BAFD02AF7C}" = STORM
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative-Audiokonsole
"avast!" = avast! Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"Comoestamos Toolbar" = Comoestamos Toolbar
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dragonica(DE)" = Dragonica(DE)
"Drakensang_is1" = Drakensang
"ESL Wire_is1" = ESL Wire 1.4
"FileZilla Client" = FileZilla Client 3.3.1
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"ie8" = Windows Internet Explorer 8
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Liveupdate4_is1" = Liveupdate4
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"SysInfo" = Creative-Systeminformationen
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Veetle TV" = Veetle TV 0.9.16
"WaveStudio 7" = Creative WaveStudio 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft PSP Video Converter" = Xilisoft PSP Video Converter
"xp-AntiSpy" = xp-AntiSpy 3.97-6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 01.03.2010 23:22:17 | Computer Name = HOME-YIIOXJU9J8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 D:\Sources\WinSetup.dll failed, 0000001E.  
 
Error - 23.03.2010 08:29:13 | Computer Name = HOME-YIIOXJU9J8 | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_RestoreFile Error 32.  
 
Error - 23.03.2010 08:29:13 | Computer Name = HOME-YIIOXJU9J8 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestRestoreFile Error 32.  
 
Error - 23.03.2010 08:29:13 | Computer Name = HOME-YIIOXJU9J8 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestGetFile Error 32.  
 
Error - 23.03.2010 08:29:13 | Computer Name = HOME-YIIOXJU9J8 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::ExtractSelectedFiles()
 chestGetFile() failed: 32.  
 
[ Application Events ]
Error - 19.02.2010 00:04:43 | Computer Name = HOME-YIIOXJU9J8 | Source = Windows Live Messenger | ID = 1000
Description = 
 
Error - 19.02.2010 14:26:22 | Computer Name = HOME-YIIOXJU9J8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mmc.exe, Version 5.2.3790.4136, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 16:29:33 | Computer Name = HOME-YIIOXJU9J8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AVSMediaPlayer.exe, Version 3.1.1.172, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 17:37:35 | Computer Name = HOME-YIIOXJU9J8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AVSMediaPlayer.exe, Version 3.1.1.172, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 17:38:02 | Computer Name = HOME-YIIOXJU9J8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AVSMediaPlayer.exe, Version 3.1.1.172, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 17:38:31 | Computer Name = HOME-YIIOXJU9J8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AVSMediaPlayer.exe, Version 3.1.1.172, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 17:38:47 | Computer Name = HOME-YIIOXJU9J8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AVSMediaPlayer.exe, Version 3.1.1.172, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.02.2010 20:59:16 | Computer Name = HOME-YIIOXJU9J8 | Source = Windows Live Messenger | ID = 1000
Description = 
 
Error - 20.02.2010 09:13:18 | Computer Name = HOME-YIIOXJU9J8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung hl.exe, Version 1.1.1.1, Stillstandmodul hungapp,
 Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.02.2010 03:14:57 | Computer Name = HOME-YIIOXJU9J8 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _is3.exe, Version 12.0.0.49974, fehlgeschlagenes
 Modul _is3.exe, Version 12.0.0.49974, Fehleradresse 0x0001e48b.
 
[ System Events ]
Error - 21.03.2010 22:07:09 | Computer Name = HOME-YIIOXJU9J8 | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die  Netzwerkkarte mit der Netzwerkadresse 0023C3866165 zugeteilt werden. Der
 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 23.03.2010 06:02:24 | Computer Name = HOME-YIIOXJU9J8 | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 23.03.2010 06:02:29 | Computer Name = HOME-YIIOXJU9J8 | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 24.03.2010 04:28:58 | Computer Name = HOME-YIIOXJU9J8 | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{BE76E6F5-021B-4BA9-BDEB-99B93D9A3F25} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 24.03.2010 13:37:03 | Computer Name = HOME-YIIOXJU9J8 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 24.03.2010 13:37:57 | Computer Name = HOME-YIIOXJU9J8 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   atapi  PCIIde
 
Error - 24.03.2010 13:42:36 | Computer Name = HOME-YIIOXJU9J8 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 24.03.2010 13:43:33 | Computer Name = HOME-YIIOXJU9J8 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   atapi  PCIIde
 
Error - 24.03.2010 14:37:17 | Computer Name = HOME-YIIOXJU9J8 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 24.03.2010 14:37:55 | Computer Name = HOME-YIIOXJU9J8 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   atapi  PCIIde
 
 
< End of report >

Gmer:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-03-24 20:11:42
Windows 5.1.2600 Service Pack 3
Running: czc3xtgm.exe; Driver: C:\DOKUME~1\Marc.Z\LOKALE~1\Temp\kxliykob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwClose [0xB4A716B8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwCreateKey [0xB4A71574]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwDeleteValueKey [0xB4A71A52]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwDuplicateObject [0xB4A7114C]
SSDT            spqu.sys                                                                                                            ZwEnumerateKey [0xB7ECDDA4]
SSDT            spqu.sys                                                                                                            ZwEnumerateValueKey [0xB7ECE132]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenKey [0xB4A7164E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenProcess [0xB4A7108C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenThread [0xB4A710F0]
SSDT            spqu.sys                                                                                                            ZwQueryKey [0xB7ECE20A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwQueryValueKey [0xB4A7176E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwRestoreKey [0xB4A7172E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwSetValueKey [0xB4A718AE]

INT 0x62        ?                                                                                                                   8A7CFBF8
INT 0x73        ?                                                                                                                   8A761BF8
INT 0x82        ?                                                                                                                   8A7CFBF8
INT 0x83        ?                                                                                                                   8A761BF8

---- Kernel code sections - GMER 1.0.15 ----

?               wyqaw.sys                                                                                                           Das System kann die angegebene Datei nicht finden. !
?               spqu.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                               B7C618AC 5 Bytes  JMP 8A7D01D8 
.text           C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys                                                                          section is writeable [0xB70A0380, 0x346307, 0xE8000020]
.text           awrq85k1.SYS                                                                                                        B7053386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           awrq85k1.SYS                                                                                                        B70533AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           awrq85k1.SYS                                                                                                        B70533C4 3 Bytes  [00, 80, 02]
.text           awrq85k1.SYS                                                                                                        B70533C9 1 Byte  [30]
.text           awrq85k1.SYS                                                                                                        B70533C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                 

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Pando Networks\Media Booster\PMB.exe[2416] kernel32.dll!SetUnhandledExceptionFilter                    7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!KfLowerIrql]                                                      0E798366
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!HalTranslateBusAddress]                                           8986C636
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C9686
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CB2
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C
IAT             \SystemRoot\System32\Drivers\awrq85k1.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS.0\system32\services.exe[948] @ C:\WINDOWS.0\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]    00380002
IAT             C:\WINDOWS.0\system32\services.exe[948] @ C:\WINDOWS.0\system32\services.exe [KERNEL32.dll!CreateProcessW]          00380000
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress]                           [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                  [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                    [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                     [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                    [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                    [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                     [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]                  [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]                  [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                    [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[4024] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              8A7CE1F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{49D587F2-4BC6-4E05-B0FF-31A8EF08E41D}                                            89B811F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{41A50749-6E96-4E03-9FF6-530B908BD652}                                            89B811F8
Device          \Driver\sptd \Device\4122454636                                                                                     spqu.sys
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    8A6FB500
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           8A7621F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                             8A7621F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                8A7621F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                               8A7621F8
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    8A6A51F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{BE76E6F5-021B-4BA9-BDEB-99B93D9A3F25}                                            89B811F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\PCI_PNP9636 \Device\00000057                                                                                spqu.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A7D11F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        8A6BE1F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                        8A6BE1F8
Device          \Driver\Cdrom \Device\CdRom2                                                                                        8A6BE1F8
Device          \Driver\Cdrom \Device\CdRom3                                                                                        8A6BE1F8
Device          \Driver\Cdrom \Device\CdRom4                                                                                        8A6BE1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             89B811F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    89B811F8
Device          \Driver\nvata \Device\00000079                                                                                      8A7611F8

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                    8A6FB500
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    8A6A51F8
Device          \Driver\nvata \Device\NvAta0                                                                                        8A7611F8
Device          \Driver\nvatabus \Device\0000007b                                                                                   8A7CF1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   89B201F8
Device          \Driver\nvata \Device\NvAta1                                                                                        8A7611F8
Device          \Driver\nvatabus \Device\0000007c                                                                                   8A7CF1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         89B201F8
Device          \Driver\nvatabus \Device\NvAta2                                                                                     8A7CF1F8
Device          \Driver\nvatabus \Device\0000007d                                                                                   8A7CF1F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                    8A7D11F8
Device          \Driver\awrq85k1 \Device\Scsi\awrq85k11Port3Path0Target1Lun0                                                        8A5D71F8
Device          \Driver\awrq85k1 \Device\Scsi\awrq85k11Port3Path0Target0Lun0                                                        8A5D71F8
Device          \Driver\awrq85k1 \Device\Scsi\awrq85k11                                                                             8A5D71F8
Device          \FileSystem\Cdfs \Cdfs                                                                                              8A6D51F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xEE 0x63 0x12 0x55 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xA4 0x53 0x0A 0x56 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x25 0xAB 0x45 0x97 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xE5 0x3E 0xF1 0xDC ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x39 0xF0 0x7A 0xF6 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xC1 0xD0 0xB3 0x13 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x87 0x4D 0x29 0x7B ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xEE 0x63 0x12 0x55 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xA4 0x53 0x0A 0x56 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x25 0xAB 0x45 0x97 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xE5 0x3E 0xF1 0xDC ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                               
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODLED02.00.00.02WSSV                                         A07468142E3F16FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D67945D575E7D6A3B980898A4B8DB711ED3AB624DC24C184F131F83D26F413A8B12BFA9B0210720EBA9186DFE7F66AC0940E065A1548E9EBD09B81413BA939F729B60193C9871247ED811C154EC2D1C929CDB5A5E6A7DF5BBC3225EAC6681EBED8390E776151326280838800013992B99ED2B33D044F61FE8063379F9810655806692F2EB129E32EA53596B5EF9B3D8406F41B4C59700ACA9C5A7D15A8C3B24ED190CE9AC7D68640B0A2297D11D2D37EC8DF6F9900BC1C7A4AD21A3317BE435BCA20550CFB7EAEF9232A4EC3F6BD76F496907EF083B85AD449CA38367B8E5FABA3E6B7E6B19C49BCE04D82811C629BC445911580738BDADB8A49757E82048F9F65C911F9C6B374150EB97DAB507BEEC8FE51749EB06FBACF48CC8DAA484374C4620AB32056AA8CF6C0A1FEA9CF6556321CE032C199B7AA12F4E681B8C29069E4060D38C484AA2C7BB34938EBCD6D019B2829EBFF467141BE2998A7D9B4728B2C12A0755903053401C717AD290D7389744291B946B474737CFCFA7364B0CB65C6B3C278888370B642E7EBC9A93A1B500951B0911E98F3A2B79099B511B996E069F09F8F4E1EB4272584DAA98C9CE18832F65616

---- EOF - GMER 1.0.15 ----

Schonmal vielen vielen dank für die Hilfe Chris

Chris4You · 25.03.2010, 08:01

Hi,

Du schon mit comboFix etc. experimentiert?

Es sind noch Reste der Askbar da:

Code:

ATTFilter

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2427995
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010.01.17 17:09:04 | 000,002,236 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\askcom.xml

Sonst nicht auffälliges zu finden, das Gmer-Log wird durch die Daemon-Tools unübersichtlich und verfällscht, daher ggf. deinstallieren und erneut durchführen...

Prevx:
http://www.prevx.com/freescan.asp
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

chris

Sykes · 25.03.2010, 18:12

ComboFix habe ich mir mal vor paar Monaten geladen, aber nicht wirklich mit beschäftigt.

Gmer-Log, nach der Deinstallation:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-03-25 18:09:41
Windows 5.1.2600 Service Pack 3
Running: gpjlud1g.exe; Driver: C:\DOKUME~1\Marc.Z\LOKALE~1\Temp\kxliykob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwClose [0xB4AEB6B8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwCreateKey [0xB4AEB574]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwDeleteValueKey [0xB4AEBA52]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwDuplicateObject [0xB4AEB14C]
SSDT            spfe.sys                                                                                                            ZwEnumerateKey [0xB7ECDDA4]
SSDT            spfe.sys                                                                                                            ZwEnumerateValueKey [0xB7ECE132]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenKey [0xB4AEB64E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenProcess [0xB4AEB08C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenThread [0xB4AEB0F0]
SSDT            spfe.sys                                                                                                            ZwQueryKey [0xB7ECE20A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwQueryValueKey [0xB4AEB76E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwRestoreKey [0xB4AEB72E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwSetValueKey [0xB4AEB8AE]

INT 0x62        ?                                                                                                                   8A7CFBF8
INT 0x73        ?                                                                                                                   8A761BF8
INT 0x82        ?                                                                                                                   8A7CFBF8
INT 0x83        ?                                                                                                                   8A761BF8

---- Kernel code sections - GMER 1.0.15 ----

?               spfe.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                               B7C618AC 5 Bytes  JMP 8A6D11D8 
.text           C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys                                                                          section is writeable [0xB70A0380, 0x346307, 0xE8000020]
.text           C:\WINDOWS.0\system32\drivers\ACEDRV05.sys                                                                          section is writeable [0xB4CC4000, 0x30A4A, 0xE8000020]
.pklstb         C:\WINDOWS.0\system32\drivers\ACEDRV05.sys                                                                          entry point in ".pklstb" section [0xB4D06000]
.relo2          C:\WINDOWS.0\system32\drivers\ACEDRV05.sys                                                                          unknown last section [0xB4D21000, 0x8E, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Pando Networks\Media Booster\PMB.exe[1708] kernel32.dll!SetUnhandledExceptionFilter                    7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B7EB6042] spfe.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B7EB613E] spfe.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [B7EB60C0] spfe.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [B7EB6800] spfe.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [B7EB66D6] spfe.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS.0\system32\services.exe[948] @ C:\WINDOWS.0\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]    00380002
IAT             C:\WINDOWS.0\system32\services.exe[948] @ C:\WINDOWS.0\system32\services.exe [KERNEL32.dll!CreateProcessW]          00380000
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress]                           [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                  [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                    [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                     [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                    [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                    [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                     [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]                  [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]                  [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                    [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT             C:\WINDOWS.0\Explorer.EXE[1292] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                   [5CF07774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              8A7CE1F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{49D587F2-4BC6-4E05-B0FF-31A8EF08E41D}                                            89C491F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{41A50749-6E96-4E03-9FF6-530B908BD652}                                            89C491F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    8A6A81F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           8A7621F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                             8A7621F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                8A7621F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                               8A7621F8
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    8A6A71F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{BE76E6F5-021B-4BA9-BDEB-99B93D9A3F25}                                            89C491F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A7D11F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        8A7191F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                        8A7191F8
Device          \Driver\Cdrom \Device\CdRom2                                                                                        8A7191F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             89C491F8
Device          \Driver\nvata \Device\00000079                                                                                      8A7611F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    89C491F8

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                    8A6A81F8
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    8A6A71F8
Device          \Driver\nvata \Device\NvAta0                                                                                        8A7611F8
Device          \Driver\nvatabus \Device\0000007b                                                                                   8A7CF1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   89BEB1F8
Device          \Driver\nvata \Device\NvAta1                                                                                        8A7611F8
Device          \Driver\nvatabus \Device\0000007c                                                                                   8A7CF1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         89BEB1F8
Device          \Driver\nvatabus \Device\NvAta2                                                                                     8A7CF1F8
Device          \Driver\nvatabus \Device\0000007d                                                                                   8A7CF1F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                    8A7D11F8
Device          \FileSystem\Cdfs \Cdfs                                                                                              89C391F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xEE 0x63 0x12 0x55 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x39 0xF0 0x7A 0xF6 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xC1 0xD0 0xB3 0x13 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x87 0x4D 0x29 0x7B ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xEE 0x63 0x12 0x55 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                               
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODLED02.00.00.02WSSV                                         A07468142E3F16FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D67945D575E7D6A3B980898A4B8DB711ED3AB624DC24C184F131F83D26F413A8B12BFA9B0210720EBA9186DFE7F66AC0940E065A1548E9EBD09B81413BA939F729B60193C9871247ED811C154EC2D1C929CDB5A5E6A7DF5BBC3225EAC6681EBED8390E776151326280838800013992B99ED2B33D044F61FE8063379F9810655806692F2EB129E32EA53596B5EF9B3D8406F41B4C59700ACA9C5A7D15A8C3B24ED190CE9AC7D68640B0A2297D11D2D37EC8DF6F9900BC1C7A4AD21A3317BE435BCA20550CFB7EAEF9232A4EC3F6BD76F496907EF083B85AD449CA38367B8E5FABA3E6B7E6B19C49BCE04D82811C629BC445911580738BDADB8A49757E82048F9F65C911F9C6B374150EB97DAB507BEEC8FE51749EB06FBACF48CC8DAA484374C4620AB32056AA8CF6C0A1FEA9CF6556321CE032C199B7AA12F4E681B8C29069E4060D38C484AA2C7BB34938EBCD6D019B2829EBFF467141BE2998A7D9B4728B2C12A0755903053401C717AD290D7389744291B946B474737CFCFA7364B0CB65C6B3C278888370B642E7EBC9A93A1B500951B0911E98F3A2B79099B511B996E069F09F8F4E1EB4272584DAA98C9CE18832F65616

---- EOF - GMER 1.0.15 ----

Prevx hat keine Infektionen gefunden.

lg

Chris4You · 26.03.2010, 07:37

Hi,

sieht gut aus...
Entferne die Askbar noch, ggf. noch mal melden, dann gibts eine OTL-Script...

chris

Sykes · 26.03.2010, 08:38

Mit wlechen Programm soll ich die Reste entfernen?

Da sie bei HijackThis nicht mehr angezeigt werden.

lg

Chris4You · 26.03.2010, 08:46

Hi,

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2427995
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010.01.17 17:09:04 | 000,002,236 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\askcom.xml
:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

chris

Sykes · 26.03.2010, 11:56

Code:

ATTFilter

All processes killed
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2427995> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultengine: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Ask.com"> in the current context!
Error: Unable to interpret <[2010.01.17 17:09:04 | 000,002,236 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\askcom.xml> in the current context!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Marc.Z
->Temp folder emptied: 252957 bytes
->Temporary Internet Files folder emptied: 4143835 bytes
->Java cache emptied: 12694384 bytes
->FireFox cache emptied: 208641591 bytes
->Google Chrome cache emptied: 6363821 bytes
->Flash cache emptied: 7703 bytes
 
User: Marc~Z
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
 
%systemdrive% .tmp files removed: 3962 bytes
%systemroot% .tmp files removed: 46028927 bytes
%systemroot%\System32 .tmp files removed: 961415 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 266,00 mb
 
 
OTL by OldTimer - Version 3.1.37.3 log created on 03262010_103328

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS.0\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS.0\temp\Perflib_Perfdata_720.dat moved successfully.

Registry entries deleted on Reboot...

lg

Chris4You · 26.03.2010, 16:00

Hi,

hab das :OTL am Anfang des Scriptes vergessen ...

chris

Sykes · 27.03.2010, 17:23

Zitat:

Zitat von Chris4You

Hi,

hab das :OTL am Anfang des Scriptes vergessen ...

chris

Wie jetzt? Bin was so Sachen am PC betrifft bin ich nicht so top

Meinst du das so ?

Code:

ATTFilter

OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2427995
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010.01.17 17:09:04 | 000,002,236 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\askcom.xml
:Commands
[emptytemp]
[Reboot]

Oder noch mit dem Doppelpunkt davor?

lg

Chris4You · 29.03.2010, 06:47

Hi,

mit Doppelpunkt davor

:OTL

chris

Sykes · 29.03.2010, 22:16

Ok nach dem OTL-Script :

Code:

ATTFilter

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2427995
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010.01.17 17:09:04 | 000,002,236 | ---- | M] () -- C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\askcom.xml
:Commands
[emptytemp]
[Reboot]

sieht der Log so aus :

Code:

ATTFilter

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Dokumente und Einstellungen\Marc.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\a4cui1ez.default\searchplugins\askcom.xml moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Marc.Z
->Temp folder emptied: 616661 bytes
->Temporary Internet Files folder emptied: 7046258 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 157186847 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3794 bytes
 
User: Marc~Z
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84417 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 157,00 mb
 
 
OTL by OldTimer - Version 3.1.37.3 log created on 03292010_231050

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS.0\temp\Perflib_Perfdata_72c.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Danke dir vielmals Chris

Hartnäckiger Trojaner

Log-Analyse und Auswertung: Hartnäckiger Trojaner