Flohbeutel - Sality, DRmIRC, Generic17 und andere

Zuckerbaer · 29.03.2010, 09:54

Hm, die beiden Dateien finde ich nicht mehr

Hier die Logfiles:

OTL.txt

Code:

ATTFilter

OTL logfile created on: 29.03.2010 10:35:35 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = d:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 72,00 Mb Available Physical Memory | 7,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 77,63 Gb Total Space | 63,15 Gb Free Space | 81,35% Space Free | Partition Type: NTFS
Drive D: | 77,63 Gb Total Space | 9,22 Gb Free Space | 11,88% Space Free | Partition Type: NTFS
Drive E: | 77,62 Gb Total Space | 7,44 Gb Free Space | 9,59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXX
Current User Name: XXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - d:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Simply Super Software\Trojan Remover\lvc3.exe (Simply Super Software)
PRC - C:\Programme\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin GmbH)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - d:\Downloads\OTL.exe (OldTimer Tools)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (avg8emc) -- C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1R0GGGL_de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:0.7.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Internet\Mozilla Firefox\components [2010.03.23 23:03:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Internet\Mozilla Firefox\plugins [2010.03.23 23:03:48 | 000,000,000 | ---D | M]
 
[2009.01.02 11:04:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions
[2010.03.28 10:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions
[2009.08.10 23:36:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.30 18:55:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.06.30 23:12:46 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009.04.28 08:00:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.01.21 23:55:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.03.14 13:04:42 | 000,000,000 | ---D | M] (QuickJava) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
[2009.10.04 22:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\exif_viewer@mozilla.doslash.org
[2009.04.21 19:18:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\moveplayer@movenetworks.com
[2010.01.21 23:55:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\piclens@cooliris.com
[2009.12.18 09:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\tineye@ideeinc.com
[2009.01.02 11:04:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\extensions\toolbar_extras@de.yahoo.com
[2009.09.14 18:00:07 | 000,001,340 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\svogqz8a.default\searchplugins\wikipedia-en.xml
 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [msngers] c:\dokumente und einstellungen\XXX\lokale einstellungen\temp\pb13\spoolvsf.exe File not found
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [persons] C:\WINDOWS\System32\mine.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Internet\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [was] C:\DOKUME~1\XXX\LOKALE~1\Temp\msdxx.exe File not found
O4 - HKLM..\Run: [WINDOWS UPDATE]  File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan.lnk = C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file://H:\data\Hidinmon.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file://H:\data\A9.ocx (A9Helper.A9)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230852734030 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\XXX\csrss.exe) - C:\Dokumente und Einstellungen\XXX\csrss.exe File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.02 00:56:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f06a7248-2764-11df-85ed-00040ecc9c4a}\Shell\AutoRun\command - "" = J:\OSMICA\devetka.exe -- File not found
O33 - MountPoints2\{f06a7248-2764-11df-85ed-00040ecc9c4a}\Shell\open\command - "" = J:\OSMICA\devetka.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\OSMICA\devetka.exe -- File not found
O33 - MountPoints2\K\Shell\open\command - "" = K:\OSMICA\devetka.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.03.26 20:41:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2010.03.26 19:21:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\DoctorWeb
[2010.03.26 16:04:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.03.26 15:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.03.26 13:59:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.03.26 13:35:08 | 000,107,520 | ---- | C] ( ZgnG3isI) -- C:\Dokumente und Einstellungen\XXX\csrss.exe.vir
[2010.03.26 13:31:45 | 000,000,000 | ---D | C] -- d:\Simply Super Software
[2010.03.26 13:31:23 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010.03.26 13:31:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Simply Super Software
[2010.03.26 13:31:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software
[2010.03.24 13:12:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Desktop\Fotoclub
[2010.03.22 23:41:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Desktop\Sality
[2010.03.11 10:16:44 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.09 19:23:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.03.08 10:34:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.02 13:12:13 | 000,000,000 | ---D | C] -- C:\Programme\OpenVPN
[2010.03.02 12:51:36 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll
[2010.03.02 12:51:35 | 000,106,609 | ---- | C] ((주) 마크애니, 컨텐츠 사업실) -- C:\WINDOWS\System32\MaJUtilLib.dll
[2010.03.02 12:51:35 | 000,049,152 | R--- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll
[2010.03.02 12:38:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\DataCast
[2010.03.02 12:38:24 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny
[2010.03.02 12:12:04 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2010.03.02 12:11:59 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2010.03.02 11:45:43 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.03.02 11:45:18 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2
[2010.03.02 11:44:30 | 000,000,000 | ---D | C] -- C:\b4d164fc9c393650a89ed0dc94
[2010.03.02 11:43:35 | 000,000,000 | ---D | C] -- C:\8e785e596a6f8e697f52b2ba5bad6f
[2010.03.02 11:43:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010.03.02 11:43:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010.03.02 11:42:36 | 000,000,000 | ---D | C] -- C:\38ba03597ece8ea2f1
[2010.03.01 21:27:21 | 000,000,000 | ---D | C] -- d:\Schmuck
[2009.07.01 07:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.05.08 21:24:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.01.02 01:23:42 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2009.01.02 01:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.03.29 10:19:17 | 000,107,520 | ---- | M] ( ZgnG3isI) -- C:\Dokumente und Einstellungen\XXX\csrss.exe.vir
[2010.03.29 10:10:55 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.03.29 10:10:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.29 10:10:42 | 000,054,376 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.03.29 10:10:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.29 01:08:33 | 008,650,752 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXX\NTUSER.DAT
[2010.03.29 01:08:10 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\XXX\ntuser.ini
[2010.03.29 00:28:33 | 058,189,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.28 21:02:24 | 001,042,118 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 21:02:24 | 000,448,800 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.03.28 21:02:24 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 21:02:24 | 000,080,108 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.03.28 21:02:24 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.27 09:43:36 | 000,003,078 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\DrWeb.csv
[2010.03.26 23:17:28 | 000,002,181 | ---- | M] () -- C:\WINDOWS\Helicon Debug Window.ini
[2010.03.26 20:39:37 | 007,505,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.03.26 19:21:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.03.26 16:05:28 | 000,000,615 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.26 16:05:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.26 16:05:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.03.26 13:31:33 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk
[2010.03.22 23:41:55 | 000,344,064 | ---- | M] () -- C:\WINDOWS\System32\rmsality.nt
[2010.03.22 16:21:26 | 000,010,868 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Casio-Testbericht.odt
[2010.03.17 14:43:44 | 000,120,705 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\IMG_4822.JPG
[2010.03.16 01:00:20 | 000,000,156 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\default.pls
[2010.03.16 00:51:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.15 16:14:38 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\OpenVPN GUI.lnk
[2010.03.14 22:10:15 | 002,224,706 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\miffi_ich_bamberg.JPG
[2010.03.09 19:23:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.03.07 23:44:16 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.03.02 21:55:36 | 000,019,305 | ---- | M] () -- d:\Wettbewerbsliste.ods
[2010.03.02 20:54:53 | 000,041,091 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\fotoclub_header.jpg
[2010.03.02 13:10:11 | 000,000,065 | ---- | M] () -- C:\WINDOWS\FISHUI.INI
[2010.03.02 12:39:18 | 000,001,593 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\EmoDio.lnk
[2010.03.02 12:11:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.02 12:02:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.03.02 12:02:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.03.02 11:44:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.03.02 11:43:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.03.01 10:47:01 | 000,044,417 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\meinvater.jpg
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.03.27 09:43:36 | 000,003,078 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\DrWeb.csv
[2010.03.26 19:04:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.03.26 13:31:33 | 000,000,909 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk
[2010.03.26 13:31:23 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010.03.26 13:31:23 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010.03.26 13:31:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010.03.26 13:31:23 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010.03.26 00:45:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\rmsality.nt
[2010.03.22 16:15:34 | 000,010,868 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Casio-Testbericht.odt
[2010.03.17 14:43:38 | 000,120,705 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\IMG_4822.JPG
[2010.03.15 16:14:38 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\OpenVPN GUI.lnk
[2010.03.14 22:10:14 | 002,224,706 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\miffi_ich_bamberg.JPG
[2010.03.09 19:23:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.03.07 22:49:57 | 000,001,044 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.03.02 20:54:53 | 000,041,091 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\fotoclub_header.jpg
[2010.03.02 13:10:11 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2010.03.02 12:39:16 | 000,001,593 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\EmoDio.lnk
[2010.03.02 11:43:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.03.01 10:46:59 | 000,044,417 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\meinvater.jpg
[2009.10.28 21:56:04 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2009.10.08 15:23:54 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009.10.08 15:23:54 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009.10.08 15:23:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009.10.08 15:23:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2009.03.28 20:41:19 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009.03.12 21:38:25 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.02.05 21:11:16 | 000,002,181 | ---- | C] () -- C:\WINDOWS\Helicon Debug Window.ini
[2009.01.03 21:16:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.01.03 21:13:40 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.03 20:55:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.02 02:14:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.03.02 12:44:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 400 bytes -> C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\desktop.ini:5c43de08f544da0e2ebf87ecd84498e6
@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8E82994
< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 29.03.2010 10:35:35 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = d:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 72,00 Mb Available Physical Memory | 7,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 77,63 Gb Total Space | 63,15 Gb Free Space | 81,35% Space Free | Partition Type: NTFS
Drive D: | 77,63 Gb Total Space | 9,22 Gb Free Space | 11,88% Space Free | Partition Type: NTFS
Drive E: | 77,62 Gb Total Space | 7,44 Gb Free Space | 9,59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXX
Current User Name: XXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" ()
http [open] -- "C:\Programme\Internet\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Internet\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Programme\Grafik\cewe\OnlineFotoservice.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Media\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Media\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Media\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\SecondLife\SLVoice.exe" = C:\Programme\SecondLife\SLVoice.exe:*:Disabled:SLVoice -- File not found
"C:\Programme\Internet\FileZilla FTP\filezilla.exe" = C:\Programme\Internet\FileZilla FTP\filezilla.exe:*:Enabled:FileZilla -- (FileZilla Project)
"C:\Programme\Internet\WS_FTP\WS_FTP95.exe" = C:\Programme\Internet\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- File not found
"C:\Programme\web\xampp\apache\bin\apache.exe" = C:\Programme\web\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\web\xampp\mysql\bin\mysqld.exe" = C:\Programme\web\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\Programme\Internet\Mozilla Firefox\firefox.exe" = C:\Programme\Internet\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Internet\Trillian\trillian.exe" = C:\Programme\Internet\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Programme\OpenVPN\bin\openvpn.exe" = C:\Programme\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn -- ()
"C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Temp\pb13\spoolvsf.exe" = C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Temp\pb13\spoolvsf.exe:*:Disabled:mIRC -- File not found
"C:\WINDOWS\system32\mine.exe" = C:\WINDOWS\system32\mine.exe:*:Enabled:WINDOWS UPDATE -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02AF8333-27BE-35F1-B5B6-EBCD89F846AF}" = Catalyst Control Center Localization Spanish
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A55C24B-5971-4CBE-B4EE-E5E6E2FD1031}" = Nero 7 Essentials
"{0C5AA351-4C6B-8452-0DEB-DD9FFF4DB53F}" = CCC Help Chinese Standard
"{0D94B4A1-E09B-87B8-5FFD-6F720B5430BD}" = CCC Help French
"{0FA8B0C1-CBBD-5348-CA3F-B6EE90B7F186}" = Catalyst Control Center Graphics Light
"{137603DC-0050-D41D-DAEF-9CC1D6899B7B}" = Catalyst Control Center Localization Chinese Traditional
"{1A6570E5-D0C8-CEC5-C8AE-EE6EB1C72286}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4547C5-F62E-BA06-17D7-37EDB842D0FA}" = CCC Help Korean
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2191089C-FCB6-0DE1-8DFA-62481BA15887}" = CCC Help Polish
"{23DBDF71-1070-B12D-DE81-3DE82BD0EE0F}" = Catalyst Control Center Localization Japanese
"{260954A3-6960-C01E-6F40-1CE0A93BF626}" = Catalyst Control Center Localization German
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{2822B2F8-1509-1CCC-D6B4-488085F4DB4F}" = CCC Help Finnish
"{29B36F38-1071-DE31-F13F-AB772EACB520}" = CCC Help Dutch
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{382B1538-6CF7-D096-0943-1CC4697BD96C}" = CCC Help Japanese
"{3972733B-D4D3-D199-94AC-ED8C897A5D77}" = CCC Help Swedish
"{434E3EEC-60B2-F0EF-41F7-2D2D18DC120E}" = CCC Help Norwegian
"{46548E80-0407-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{497C2376-FB2E-C042-7AE0-143AED4D04FB}" = Catalyst Control Center Core Implementation
"{4A6DF1FE-DA7B-9A5B-01AA-091314B3BFEE}" = Catalyst Control Center Graphics Full New
"{534FA2AB-C09D-F3F8-355B-74289B4A25B0}" = CCC Help Spanish
"{5B1172A6-1EF8-55B9-B6D1-E88DAF7461A0}" = Catalyst Control Center Localization Czech
"{5B1F1DF4-BBF7-A78C-8BE5-4F12A1964638}" = Skins
"{5E2A655C-F4C2-CDE8-D463-78865149ABAF}" = Catalyst Control Center Graphics Full Existing
"{626C2AA3-7E89-5A04-F774-C0E016399765}" = Catalyst Control Center Localization Danish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687BE4C6-3F13-BB68-41D0-D2ACBE9657E4}" = Catalyst Control Center Localization Norwegian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{7098EEF7-5B96-F14D-E07D-44169831FE89}" = ccc-core-preinstall
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{79E2005B-4D5D-3C7A-D85A-21E24F693607}" = Catalyst Control Center Localization Greek
"{7D08B393-0FBF-F9D4-1EF0-7088B5A4FFE4}" = Catalyst Control Center Localization Dutch
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{88589E54-FDD1-9333-DED9-BCE0155E9241}" = ccc-utility
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B43AE66-21A4-1534-3804-E2E5B0B1B74B}" = Catalyst Control Center Localization Italian
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{98927BFC-813F-3A04-A75C-6E131E31F34D}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE22123-D4EE-4D3A-BE87-B5B2622537EF}" = Catalyst Control Center - Branding
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4C6B25C-F9C5-3AD8-AF30-260DF75C23D3}" = CCC Help Turkish
"{A8747D14-8760-1A5B-70C9-D30C3DC2E5C8}" = Catalyst Control Center Localization Thai
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B582A79C-312D-3673-5A6C-54F3EE7CDDDA}" = Catalyst Control Center Localization Polish
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BE88C27E-9418-D76D-BA11-D127932DD6A8}" = Catalyst Control Center Localization Russian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C1CA7048-1331-D216-8648-DE0AD1C2D2D2}" = Catalyst Control Center Localization Turkish
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C3020228-A899-0F93-1168-E9D8AFDB3755}" = Catalyst Control Center Localization Chinese Standard
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C67E3460-4EA6-C3B0-DA09-D2613FE52083}" = Catalyst Control Center Localization Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{CEFB064E-A177-1354-ECBE-2F752819F4F3}" = Catalyst Control Center Localization Hungarian
"{CEFFFB30-308B-B39C-E9D5-C804BB35F76D}" = CCC Help Russian
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{CFAF67D2-FD21-D3DE-E095-1CB4AF3D8DE4}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3BE386D-4A1F-D06B-51F3-B9C010FB60B7}" = Catalyst Control Center Localization Portuguese
"{D810B249-16C2-78C4-BC52-04333C4EEED4}" = CCC Help Greek
"{DAF37B83-F3A5-626F-B9E2-9B931B37C653}" = CCC Help Czech
"{E13CDA67-9248-54B4-127A-C1BE8FCF54AA}" = CCC Help Portuguese
"{E6EA750D-733D-5CFB-FE09-FE9D2965870A}" = Catalyst Control Center Localization Finnish
"{E8A6BB83-F875-53E1-6BC4-EDD490B68988}" = CCC Help Chinese Traditional
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{E9D314E9-A0BE-3B0F-7301-86928C6CF336}" = CCC Help Hungarian
"{EA684ACD-4EE8-3ACE-9D2A-19B86C156DC0}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F166954A-2FBD-B21E-D823-C9072424B1B3}" = CCC Help Thai
"{F465A8CB-63C4-56FD-EE07-D176CEB333DA}" = CCC Help Danish
"{F54AD6C3-0E7D-8706-AACE-D42F889FC7FF}" = Catalyst Control Center Localization French
"{F706E9C5-7543-FE75-2B75-B46E56EEF062}" = CCC Help Italian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"AVMWLANCLI" = AVM FRITZ!WLAN
"D-Fend Reloaded" = D-Fend Reloaded 0.6.1 (deinstallieren)
"DVD Shrink_is1" = DVD Shrink 3.2
"fc-prints" = fc-prints 
"Google Updater" = Google Updater
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HijackThis" = HijackThis 2.0.2
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"OnlineFotoservice" = OnlineFotoservice
"OpenVPN" = OpenVPN 2.1.1
"swf2avi_is1" = swf2avi 0.3
"Trillian" = Trillian
"Trojan Remover_is1" = Trojan Remover 6.8.1
"VDMSound" = VDMSound
"VMidi" = vanBasco's Karaoke Player
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.0
"XP Codec Pack" = XP Codec Pack
"YAMP_is1" = YAMP v2.1
"YDKJG2" = YOU DON'T KNOW JACK® 2
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.2
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
 
Error - 07.10.2009 06:48:47 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nerostartsmart.exe, Version 3.2.2.0, fehlgeschlagenes
 Modul mfc71.dll, Version 7.10.3077.0, Fehleradresse 0x000347b8.
 
[ System Events ]
Error - 26.03.2010 17:09:24 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.03.2010 17:09:25 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.03.2010 17:09:25 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.03.2010 17:09:25 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 26.03.2010 17:09:25 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 27.03.2010 11:25:43 | Computer Name = XXX | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
 (0x80072751)
 
Error - 27.03.2010 11:25:43 | Computer Name = XXX | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 28.03.2010 05:13:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst avg8wd.
 
Error - 28.03.2010 05:53:59 | Computer Name = XXX | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst avg8wd.
 
Error - 28.03.2010 19:07:48 | Computer Name = XXX | Source = DCOM | ID = 10010
Description = Der Server "{121BC3CF-7F8A-4CFF-80DB-3853231BE619}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

Flohbeutel - Sality, DRmIRC, Generic17 und andere

Log-Analyse und Auswertung: Flohbeutel - Sality, DRmIRC, Generic17 und andere

Flohbeutel - Sality, DRmIRC, Generic17 und andere

Ähnliche Themen: Flohbeutel - Sality, DRmIRC, Generic17 und andere