Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und...

+max+ · 18.06.2010, 21:00

So,

Hallo erstmal an alle,
bin ganz neu hier, also bitte nicht steinigen wenn ich etwas falsch mache...

Also ich habe folgendes Problem: (an dem ich wahrscheinlich selber schuld bin)

Ich war gestern in MSN online, bekam einen Link von einem "bekannten"...
(...der Link endete auf .jpg)
Natürlich völlig vertieft in die Musik klickte ich auf den link...

Es kam mir nur komisch vor, das darauf nichts passierte...

Kurz darauf öffneten sich immer wieder einzelne Internetexplorer-Seiten, teils mit Inhalt (Werbung ...), teils auch völlig leer...

Und dann fing das Schauspiel an: Avira schmiss mir eine Trojaner-Meldung nach der anderen vor die Füße...

Ich nenne mal ein Paar:

tr/dropper
tr/downloader
tr/fraudpack
tr/bho
tr/fakeallert
...... usw.

Hab mal bissl was an Programmen laufen lassen (Hijack, Malwarebytes, SUPERAntiSpyware)

Hier die dazugehörigen Logfiles:

Hijackthis - Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:38, on 18.06.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrator\Application Data\winscdnr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Windows Firewall Service] C:\Documents and Settings\Administrator\Application Data\winscdnr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cz2.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205436973119
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205437178203
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8357 bytes

Malwarebytes - Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4210

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18.06.2010 05:33:33
mbam-log-2010-06-18 (05-33-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 183593
Laufzeit: 5 Stunde(n), 18 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 15

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v71iql7hi7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Documents and Settings\Administrator\Local Settings\Temp\4991.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOZPMWTO\ee[1].exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cz3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\uuauc_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\uuauc_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\Czx.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/18/2010 at 08:18 AM

Application Version : 4.39.1002

Core Rules Database Version : 5057
Trace Rules Database Version: 2869

Scan type : Complete Scan
Total Scan Time : 01:31:39

Memory items scanned : 447
Memory threats detected : 0
Registry items scanned : 7984
Registry threats detected : 9
File items scanned : 24133
File threats detected : 180

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@go.dynamic-tracking[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads4.net2day[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@euros4click[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@game-advertising-online[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@300002139009955[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1069647890[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.adtechus[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@condor[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver1.interwall[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hamburg[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@groupmtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.etracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.hbv[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@myroitracking[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@komtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@webmasterplan[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a3.adserver01[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.quisma[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zbox.zanox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.mitfahrzentrale[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mbb[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1047393847[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.71i[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.admediate[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.king[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adfarm1.adition[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracknet.twyn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adshopping[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sport1[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.medienhaus[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@im.banner.t-online[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads3.net2day[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.teleint[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hamburg[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adsrv.admediate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eas.apm.emediate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sixtgmbh.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.71i[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adition[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.mindshare[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@traffictrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a6.adserver01[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.moveco[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zanox-affiliate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a7.adserver01[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sevenoneintermedia.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.zanox-affiliate[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.heias[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.gamershell[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads2.net2day[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ak[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.easyad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.beepworld[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.3gnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@html[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sport1-de[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicks.pangora[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@smartadserver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071817748[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.cpmstar[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tcook[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tto2.traffictrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicksor[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@77tracking[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.creative-serving[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1065944648[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.easy-forex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserving.claxon[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.sexsuche[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xml.trafficengine[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@de2.komtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@exoclick[2].txt
bc.youporn.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
cdn5.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
hs.interpolls.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
imagesrv.adition.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
m.de.2mdn.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
media.mtvnservices.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
media.rofl.to [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
oddcast.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
pornoprinzen.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
s0.2mdn.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
spe.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
static.youporn.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
vidii.hardsextube.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.alphaporno.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.fucktube.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.naiadsystems.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.pornhub.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.sexkiste.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.sextube.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.teenist.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
youporn.videobox.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
youporncams.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.ehg-upcchellomedia.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
www.etracker.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.account.live.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.account.live.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
www.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
C:\Documents and Settings\Administrator\Cookies\administrator@counterservice[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@accounts[5].txt
C:\Documents and Settings\Administrator\Cookies\administrator@accounts[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@accounts[1].txt

Adware.Flash Tracking Cookie
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\BC.YOUPORN.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\STATIC.YOUPORN.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\MEDIA.ROFL.TO
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\WWW.SEXTUBE.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\SPE.ATDMT.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\WWW.NAIADSYSTEMS.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\M.DE.2MDN.NET
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\HS.INTERPOLLS.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\IMAGESRV.ADITION.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\ODDCAST.COM

Trojan.Agent/Gen-SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#DeviceDesc

Trojan.Agent/Gen-CDesc[Broad]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0F.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0B.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0C.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0E.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0H.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0I.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ2.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ4.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ5.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ6.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ8.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ9.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZW.EXE
C:\WINDOWS\CRUMYA.EXE
C:\WINDOWS\CRUMYB.EXE
C:\WINDOWS\CRUMYC.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8DFDD5E5-3DA1-4B56-8585-83D038B6F1A4}\RP346\A0179264.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8DFDD5E5-3DA1-4B56-8585-83D038B6F1A4}\RP346\A0179267.DLL

So das wärs dann mal vorerst von meiner Seite gewesen...

Hoffe das ihr mit diesen Infos arbeiten könnt und bedanke mich schonmal im Voraus für Hilfe.

Grüße,
Max

(und nein, ich weiß nicht wo diese ganzen Schmuddel- Links aus den Logfiles herkommen..................)

Larusso · 18.06.2010, 21:05

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Schritt 2

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

Schritt 3

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
COmbofix.txt
OTL.txt
Gmer.txt

+max+ · 18.06.2010, 21:13

Hallo Larusso,
ich danke dir für deine Schnelle Antwort...

Ich habe diese Logfiles von einem "Sicheren System" aus gepostet...

Auf dem Befallenen Laptop läuft Windows XP... (soll mir das mittlerweile peinlich sein...???)

Und in der Anleitung steht "...für Vista und Windows 7".

Kann ich das trotzdem anwenden???

Grüße,
Max

Larusso · 18.06.2010, 21:18

Kwasi du sitzt auf hinter einem zweiten Rechner ?

Ja das mit vista und win7 ist ne spezialanleitung nur für diese beiden Betriebssysteme. (als admin ausführen braucht man mit XP nicht)

Ich nutze selber XP

Entweder du gehst mit dem Infizierten Rechner online und ladest dir die Tools herunter oder du machst es via USB.

Solltest Du dich für den USB weg entscheiden bitte noch folgendes. (auf den sauberen Rechner ausführen)

Desinfizierung/Absicherung externer Medien

Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab.
Gehe nun wie folgt vor:

Trenne den Rechner physikalisch vom Netz.
Deaktiviere den Hintergrundwächter deines AVP.
Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
Wenn der Scan zuende ist, kannst du das Programm schließen.
Starte Deinen Rechner neu.

Hinweis:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist.
Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.

+max+ · 18.06.2010, 21:26

OK Alles klar,

Ich werde mit dem Infizierten Laptop vorgehen...
... den mehr als kaputt gehen kann dieser ja nicht...

Wird nur etwas dauern, der schnellste ist er nichtmehr...

+max+ · 18.06.2010, 22:04

Combo-Fix sagt bei mir, dass es nur mit Windows 2000 un XP kompatibel ist... (wie gesagt, ich habe XP)...

Dann kamen ein paar Fehlermeldungen, dass diese und jene Datei nicht gefunden werden konnte...

Und jetzt hat er einen Neustart gemacht...

Ist das Normal ???

Larusso · 18.06.2010, 22:06

Poste mal die OTL Logfiles

+max+ · 18.06.2010, 22:10

Eben hat sich ein Fenster mit blauen Hiintergrund geöffnet: "Combofix wird vorbereitet, um ausgeführt zu werden.
The System cannot find the FileCFVersionOld.
Versuche, einen neuen Systemwiederherstellungspunkt zu erstellen"

Soll ich das tun ?

€dit: Ich besitze keine Microsoft-Wiederherstellungskonsole... oO
Combofix sagt, ich soll sie runterladen...
dann werde ich das tun...

Larusso · 18.06.2010, 22:11

folge den anweisungen am desktop

+max+ · 18.06.2010, 23:34

So hier mal die Logfiles:

Combo-Fix:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-06-17.03 - Administrator 18.06.2010  23:23:11.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.254.112 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Administrator\Desktop\ComboFix.exe.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\winscdnr.exe
c:\documents and settings\All Users\Start Menu\Programs\WebMediaPlayer
c:\documents and settings\All Users\Start Menu\Programs\WebMediaPlayer\Datenschutzrichtlinien.url
c:\documents and settings\All Users\Start Menu\Programs\WebMediaPlayer\Geschäftsbedingungen.url
c:\documents and settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.url
c:\windows\system32\sshnas21.dll
c:\windows\system32\win.com
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SSHNAS


(((((((((((((((((((((((   Dateien erstellt von 2010-05-18 bis 2010-06-18  ))))))))))))))))))))))))))))))
.

2010-06-17 21:44 . 2010-06-17 21:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-17 21:44 . 2010-06-17 21:44	--------	d-----w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-17 21:43 . 2010-06-17 21:43	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-17 21:40 . 2010-06-17 21:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 21:51 . 2008-12-05 15:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2010-06-18 05:44 . 2010-06-17 21:46	63488	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-18 05:44 . 2010-06-17 21:46	117760	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-17 21:46 . 2010-06-17 21:46	52224	----a-w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-17 21:43 . 2010-06-17 21:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-17 21:42 . 2010-06-17 21:41	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-06-13 21:37 . 2008-03-13 20:17	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ICQ
2010-06-13 21:12 . 2010-05-19 18:00	--------	d-----w-	c:\program files\ICQ7.1
2010-06-13 20:31 . 2009-10-17 13:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-20 16:10 . 2010-04-28 16:35	--------	d-----w-	c:\program files\ANNO1602
2010-05-19 18:02 . 2008-03-13 20:19	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-05-18 15:55 . 2010-05-18 15:55	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Avira
2010-05-18 15:49 . 2009-03-13 21:12	--------	d-----w-	c:\program files\Avira
2010-05-18 15:41 . 2010-05-18 15:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2010-05-17 17:38 . 2010-04-06 20:48	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Winamp
2010-05-17 13:55 . 2010-05-17 13:55	604488	----a-w-	c:\windows\system32\TUProgSt.exe
2010-05-17 13:55 . 2010-05-17 13:55	361288	----a-w-	c:\windows\system32\TuneUpDefragService.exe
2010-05-17 13:55 . 2010-05-17 13:55	--------	d-----w-	c:\documents and settings\Administrator\Application Data\TuneUp Software
2010-05-17 13:54 . 2010-05-17 13:53	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2010-05-17 13:53 . 2010-05-17 13:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-17 13:50 . 2010-05-17 13:50	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2010-05-02 05:22 . 2004-08-04 12:00	1851264	----a-w-	c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-06-17 21:41	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-06-17 21:40	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-28 19:50 . 2008-03-20 20:05	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-04-28 19:44 . 2010-04-28 19:24	--------	d-----w-	c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2010-04-28 19:32 . 2010-04-28 19:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-04-28 19:31 . 2010-04-28 19:31	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2010-04-28 19:31 . 2010-04-28 19:31	--------	d-----w-	c:\program files\DAEMON Tools Lite
2010-04-28 19:24 . 2010-04-28 19:24	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-04-20 05:30 . 2004-08-04 12:00	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-04 12:00	667136	----a-w-	c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-04-14 18:01 . 2010-04-14 18:01	362	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\fw_start.bat
2010-04-14 17:57 . 2010-04-14 18:01	176210	----a-w-	c:\windows\callAPI.exe
2008-05-01 12:31 . 2008-05-01 12:31	0	-c--a-w-	c:\program files\temp01
.

	Code: 

 ATTFilter

  
	<pre>
c:\windows\WECO Feuerwerk .exe
</pre>
         
 ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]
"Windows Firewall Service"="c:\documents and settings\Administrator\Application Data\winscdnr.exe" [N/A]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"PCTVOICE"="pctspk.exe" [2003-02-24 163840]
"Conceptronic Conceptronic 54Mbps Wireless Utility"="c:\program files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe" [2007-01-19 950272]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-03-01 11:35	327680	----a-w-	c:\program files\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16	141608	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 08:42	2156368	------w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-05-20 14:11	111928	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44	37888	----a-w-	c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-02-23 264704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-28 721904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-06-18 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 17:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.feuerwerk-forum.de/cms.php?p=home
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-18 23:43
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spkp.sys hal.dll >>UNKNOWN [0x81B1F938]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf92a5f28
\Driver\ACPI -> ACPI.sys @ 0xf90ffcb8
\Driver\atapi -> atapi.sys @ 0xf909cb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Conceptronic 54g Wireless PC-Card -> SendCompleteHandler -> NDIS.sys @ 0xf8fa7b0a
 PacketIndicateHandler -> NDIS.sys @ 0xf8fb2a21
 SendHandler -> NDIS.sys @ 0xf8fa7949
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-436374069-706699826-1957994488-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,42,e5,e5,9a,13,5a,58,59,b3,38,57,cf,28,63,b1,49,6d,1e,6d,01,25,be,
   ea,30,66,12,14,9c,3d,4c,34,8a,58,14,83,f7,5c,57,60,5d,ed,20,17,73,15,82,96,\
"??"=hex:c4,8a,f6,63,3a,cc,81,12,7e,50,4c,f3,5a,84,99,8d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1204)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TUProgSt.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-18  23:57:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-18 22:57

Vor Suchlauf: 10.891.530.240 bytes free
Nach Suchlauf: 12 Verzeichnis(se), 10.765.344.768 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5331DD50531AB83504572CBE8EB68C2E

--- --- ---

OTL - Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.06.2010 00:04:42 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
254,00 Mb Total Physical Memory | 89,00 Mb Available Physical Memory | 35,00% Memory free
1.008,00 Mb Paging File | 702,00 Mb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 10,05 Gb Free Space | 35,96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WALTERMOBIL
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010.06.07 18:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.03.29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2003.02.24 15:35:12 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\pctspk.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008.04.14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.05.17 14:55:27 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005.10.19 18:19:10 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.04.28 20:24:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.26 16:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 16:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 16:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.07.26 16:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007.09.12 09:56:50 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.09.05 20:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006.09.05 20:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.05 19:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006.09.05 19:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006.09.05 19:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006.09.05 19:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006.09.05 19:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2006.02.23 17:16:36 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.01.19 22:10:50 | 000,363,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003.05.30 18:45:16 | 000,477,403 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2003.05.30 17:50:46 | 000,690,973 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2003.05.28 12:08:12 | 000,066,111 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2003.02.24 15:30:02 | 000,135,292 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001.08.17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.feuerwerk-forum.de/cms.php?p=home"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 21:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.06 21:48:20 | 000,000,000 | ---D | M]
 
[2010.04.06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2010.06.18 01:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions
[2010.04.06 23:04:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.17 18:39:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.29 17:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\youtube2mp3@mondayx.de
[2010.06.18 01:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.14 19:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.18 23:37:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WlanMon.exe (Conceptronic )
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Windows Firewall Service] C:\Documents and Settings\Administrator\Application Data\winscdnr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205436973119 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205437178203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.13 05:09:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.03.13 05:08:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.18 23:19:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.18 23:06:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.18 23:06:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.18 23:06:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.18 23:06:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.18 23:04:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.18 23:00:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.18 22:41:17 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.06.18 22:41:15 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010.06.17 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.06.17 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010.06.17 22:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010.06.17 22:41:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.17 22:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.06.17 22:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.06.17 22:40:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.17 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.17 22:37:12 | 008,776,240 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010.06.17 22:35:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010.05.19 19:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2010.05.19 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.05.18 16:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.18 16:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2010.05.18 16:41:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.05.18 16:41:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.05.18 16:41:14 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.05.18 16:41:14 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.05.18 16:41:14 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.05.18 16:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010.05.17 14:55:35 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010.05.17 14:55:30 | 000,029,000 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.05.17 14:55:26 | 000,361,288 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010.05.17 14:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010.05.17 14:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.05.17 14:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2010.05.17 14:50:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.05.13 18:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.05.06 20:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\IDoser v4.5
[2010.04.28 20:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.04.28 20:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010.04.28 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.04.28 20:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010.04.28 20:13:46 | 007,658,952 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Administrator\Desktop\daemon4304-lite.exe
[2010.04.28 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO1602
[2010.04.28 16:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Musik
[2010.04.11 17:17:52 | 000,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\WECO Feuerwerk .exe
[2010.04.11 17:17:51 | 000,903,168 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\WECO Feuerwerk .scr
[2010.04.11 17:17:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WECO Feuerwerk  Uninstaller
[2010.04.11 00:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Feuerwerk Bilder und Videos
[2010.04.10 22:41:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Neu Aktenkoffer
[2010.04.07 19:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\KAMERA
[2010.04.07 18:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.04.07 18:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FW-Sim
[2010.04.06 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.04.06 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010.04.06 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010.04.06 21:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2010.04.06 21:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Programme
[2010.04.06 21:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Office 2007
[2010.03.22 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.19 00:01:10 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.06.18 23:41:50 | 000,013,728 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.18 23:38:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.18 23:38:00 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.06.18 23:37:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.18 23:37:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.18 23:37:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.18 23:35:46 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.06.18 23:35:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.06.18 23:20:01 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.06.18 22:29:28 | 003,714,766 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe.exe
[2010.06.18 22:28:38 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010.06.17 22:43:10 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:42:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.17 22:38:11 | 008,776,240 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010.06.17 22:36:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010.06.17 14:17:14 | 000,011,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner Neu.docx
[2010.06.17 00:44:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$brenner Neu.docx
[2010.06.16 19:54:01 | 000,074,747 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk neu.docx
[2010.06.16 00:44:57 | 004,811,836 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010.06.13 22:08:21 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.13 21:38:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.13 20:42:23 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.13 20:42:23 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.13 20:42:22 | 000,505,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.08 22:32:20 | 000,054,183 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrennplan Vorschlag 1.docx
[2010.06.07 19:24:54 | 000,093,190 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\opelcorsab.JPG
[2010.06.06 23:43:48 | 000,011,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner aus dem Forum.docx
[2010.05.24 15:36:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.05.19 19:03:10 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.1.lnk
[2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010.05.17 14:55:27 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010.05.17 14:54:34 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.17 14:54:32 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010.05.16 21:15:07 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$brennplan Vorschlag 1.docx
[2010.05.13 18:26:01 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.13 18:26:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.05.09 14:32:56 | 000,000,370 | ---- | M] () -- C:\content_update_notification.xml
[2010.05.06 20:45:47 | 000,020,480 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\photothumb.db
[2010.05.06 19:45:34 | 000,484,516 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Du hast es gefunden.JPG
[2010.04.29 20:19:07 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 20:24:26 | 000,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.27 22:32:01 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Eigene Dateien.lnk
[2010.04.27 21:44:03 | 000,310,191 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ich (10).JPG
[2010.04.27 18:22:35 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$eder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.25 22:17:04 | 000,054,652 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 14:45:11 | 000,096,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BLOCKPLAN-KFZ-2009-2010.pdf
[2010.04.21 22:32:56 | 000,068,643 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk bestellvorschlag 1.docx
[2010.04.20 20:23:56 | 000,012,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ipanema.jpg
[2010.04.14 19:03:21 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.properties
[2010.04.14 19:01:10 | 000,000,140 | ---- | M] () -- C:\WINDOWS\CallAPI.ini
[2010.04.14 19:01:00 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fw_start.bat
[2010.04.14 18:57:14 | 000,176,210 | ---- | M] () -- C:\WINDOWS\callAPI.exe
[2010.04.11 17:32:31 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Die Tomate ausarbeitung präsentation.doc
[2010.04.07 19:33:16 | 000,207,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fehlerfwsim.BMP
[2010.04.06 21:48:21 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010.04.06 21:26:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010.04.06 20:31:57 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
 
========== Files Created - No Company Name ==========
 
[2010.06.18 23:20:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.06.18 23:19:51 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.18 23:06:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.18 23:06:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.18 23:06:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.18 23:06:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.18 23:06:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.18 22:41:21 | 003,714,766 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe.exe
[2010.06.17 22:43:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:42:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.17 00:44:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$brenner Neu.docx
[2010.06.16 20:08:22 | 000,011,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner Neu.docx
[2010.06.16 19:51:23 | 000,074,747 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk neu.docx
[2010.06.07 19:24:53 | 000,093,190 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\opelcorsab.JPG
[2010.06.06 21:55:28 | 000,011,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner aus dem Forum.docx
[2010.05.19 19:03:10 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.1.lnk
[2010.05.17 14:55:25 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.05.17 14:54:34 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.17 14:54:32 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010.05.16 21:15:07 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$brennplan Vorschlag 1.docx
[2010.05.06 19:45:02 | 000,484,516 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Du hast es gefunden.JPG
[2010.04.28 20:24:24 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.28 20:13:57 | 558,018,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\An.603.iso
[2010.04.27 22:32:01 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Eigene Dateien.lnk
[2010.04.27 21:43:44 | 000,310,191 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ich (10).JPG
[2010.04.27 18:22:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$eder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 22:15:41 | 000,054,652 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 14:45:11 | 000,096,440 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BLOCKPLAN-KFZ-2009-2010.pdf
[2010.04.22 21:40:28 | 000,054,183 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrennplan Vorschlag 1.docx
[2010.04.21 22:23:42 | 000,068,643 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk bestellvorschlag 1.docx
[2010.04.20 20:23:54 | 000,012,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ipanema.jpg
[2010.04.14 19:01:10 | 000,000,140 | ---- | C] () -- C:\WINDOWS\CallAPI.ini
[2010.04.14 19:01:08 | 000,176,210 | ---- | C] () -- C:\WINDOWS\callAPI.exe
[2010.04.14 19:01:00 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fw_start.bat
[2010.04.14 18:50:55 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.properties
[2010.04.14 18:50:51 | 000,088,986 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.log
[2010.04.11 17:32:28 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Die Tomate ausarbeitung präsentation.doc
[2010.04.11 17:17:53 | 000,000,639 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c4
[2010.04.11 17:17:52 | 000,825,646 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .swf
[2010.04.11 17:17:52 | 000,161,078 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .bmp
[2010.04.11 17:17:52 | 000,023,558 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .ico
[2010.04.11 17:17:52 | 000,000,767 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c3
[2010.04.11 17:17:52 | 000,000,767 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c1
[2010.04.11 17:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .ini
[2010.04.07 19:33:16 | 000,207,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fehlerfwsim.BMP
[2010.04.07 19:30:41 | 000,031,744 | ---- | C] () -- C:\WINDOWS\UNISTB32.EXE
[2010.04.06 21:48:21 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010.04.06 21:26:14 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009.09.19 15:17:36 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.13 21:32:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008.06.22 20:33:32 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.10.12 01:11:58 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2003.02.13 17:40:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmmoh.dll
 
========== LOP Check ==========
 
[2008.11.16 13:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alawar
[2009.03.14 13:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ashampoo
[2009.11.21 21:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2008.12.03 13:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
[2009.01.05 23:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cerasus.media
[2010.04.06 21:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\concept design
[2010.04.28 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009.09.03 18:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EleFun Games
[2008.06.09 18:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gaijin Ent
[2008.12.03 18:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gemsweeperextractedgfx
[2008.11.15 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gogii Games
[2010.06.13 22:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2008.03.20 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
[2008.03.20 21:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2008.10.13 15:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009.09.01 23:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lost in the City
[2008.06.09 17:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Meridian93
[2008.03.20 20:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2008.05.22 14:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oberon Games
[2009.09.03 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\panoramik
[2008.10.29 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\phonostar-Player
[2009.09.25 16:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2009.09.03 12:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
[2008.08.13 16:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SultansLabyrinth
[2010.04.06 21:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
[2008.08.14 14:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TheScruffs
[2010.05.17 14:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008.05.31 14:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Turtle Odyssey II
[2008.06.09 19:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Valusoft
[2008.05.31 16:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VeniceMysteryData
[2009.03.19 17:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Live Writer
[2009.07.01 11:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YoudaGames
[2008.06.02 14:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cerasus.media
[2010.04.28 20:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008.09.01 15:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2008.12.17 16:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Global Software Publishing
[2008.08.20 18:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008.11.15 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2008.06.01 09:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008.05.31 13:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2008.06.10 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009.03.14 19:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.08.31 16:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008.12.03 18:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meine Spiele
[2009.04.10 02:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age
[2008.06.09 19:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009.09.25 16:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008.12.01 21:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2008.09.02 16:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010.04.19 20:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2010.01.05 17:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.05.17 14:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008.06.09 19:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009.03.23 16:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.05.17 14:50:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.09.14 16:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.20 15:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.06.19 00:01:10 | 000,000,516 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2008.03.13 05:09:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.05.13 18:26:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.06.18 23:20:01 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004.08.03 23:00:10 | 000,262,448 | ---- | M] () -- C:\cmldr
[2010.06.18 23:57:38 | 000,017,590 | ---- | M] () -- C:\ComboFix.txt
[2008.03.13 05:09:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.05.09 14:32:56 | 000,000,370 | ---- | M] () -- C:\content_update_notification.xml
[2008.03.21 11:38:35 | 000,000,830 | ---- | M] () -- C:\CreatePrinter.log
[2008.03.13 05:09:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.03.13 05:09:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.08.04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.10.30 15:44:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010.06.18 23:37:12 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008.05.18 20:20:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008.05.18 22:09:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008.05.19 11:12:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008.05.19 11:12:38 | 000,000,208 | -H-- | M] () -- C:\sqmdata03.sqm
[2008.06.04 15:08:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008.07.20 20:06:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008.07.26 00:38:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008.07.27 13:34:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008.08.18 12:08:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008.11.10 20:41:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008.11.12 16:49:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008.11.29 07:40:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008.05.18 20:20:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008.05.18 22:09:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008.05.19 11:12:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008.05.19 11:12:38 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008.06.04 15:08:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008.07.20 20:06:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008.07.26 00:38:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008.07.27 13:34:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008.08.18 12:08:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008.11.10 20:41:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008.11.12 16:49:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008.11.29 07:40:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.01.11 10:49:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.01.11 10:49:21 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.01.11 10:49:21 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010.04.28 20:24:26 | 000,721,904 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507AEDA
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B3AE54
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46700142
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E6616C
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49FF93
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0DD063D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09867A8B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8776F88E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8F2382B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F264BECE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B268A25C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77F07255
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A109A3D0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0207B271
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB3187E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12A8EFF7
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5BCA2A0
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01
< End of report >

--- --- ---

+max+ · 18.06.2010, 23:36

Und dann noch Extra.txt:

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 19.06.2010 00:04:42 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
254,00 Mb Total Physical Memory | 89,00 Mb Available Physical Memory | 35,00% Memory free
1.008,00 Mb Paging File | 702,00 Mb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 10,05 Gb Free Space | 35,96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WALTERMOBIL
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [oneclickpdf] -- "C:\Program Files\Sowedoo Software\One Click PDF 2\OneClickPDF.exe" %l (Sowedoo Software)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\concept design\onlineTV 4\onlineTV.exe" = C:\Program Files\concept design\onlineTV 4\onlineTV.exe:*:Enabled:onlineTV -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EBA4A9-25D7-4F86-AB6D-0848C74CC3F8}" = Conceptronic 54Mbps Wireless Utility
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" = 
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94C1A41C-2A2D-4AF0-858E-924288245621}" = SlimDX Redistributable (August 2009)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E32D85B0-1B37-4192-81F1-46804EE760E3}" = One Click PDF 2.0
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo PowerUp 2009_is1" = Ashampoo PowerUp 2009
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Audio Editor_is1" = AVS Audio Editor version 4.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BFG-Hidden Secrets - The Nightmare" = Hidden Secrets: The Nightmare
"BitComet FLV Converter" = BitComet FLV Converter 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gehirnjogging - Special Edition" = Gehirnjogging - Special Edition
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"Installing HSP56 MicroModem Drivers" = PCTEL 2304WT V.9x MDC Modem Drivers
"InstallShield_{72EBA4A9-25D7-4F86-AB6D-0848C74CC3F8}" = Conceptronic 54Mbps Wireless Utility
"KAMERA v1.1" = KAMERA v1.1
"lvdrivers_11.80" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenAL" = OpenAL
"PDFzuWord Professional_is1" = PDFzuWord Professional
"PhotoScape" = PhotoScape
"Solitaire Quest 450_is1" = Solitaire Quest 450
"WECO Feuerwerk_is1" = WECO Feuerwerk
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeepChat" = BeepChat
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2010 13:35:15 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung avscan.exe, Version 8.1.4.10, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:16 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:16 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:20 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:21 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:21 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:22 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 18.05.2010 11:43:19 | Computer Name = WALTERMOBIL | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 18.05.2010 11:43:19 | Computer Name = WALTERMOBIL | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 25.05.2010 12:57:42 | Computer Name = WALTERMOBIL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
[ System Events ]
Error - 18.06.2010 17:52:18 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Parallel port driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 18.06.2010 17:54:35 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 18.06.2010 17:57:24 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Application
 Layer Gateway Service.
 
Error - 18.06.2010 17:57:25 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Layer Gateway Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 18.06.2010 18:05:21 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Parallel port driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 18.06.2010 18:07:29 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 18.06.2010 18:38:30 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Parallel port driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 18.06.2010 18:40:08 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 18.06.2010 18:42:49 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Application
 Layer Gateway Service.
 
Error - 18.06.2010 18:42:49 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Layer Gateway Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
[ TuneUp Events ]
Error - 17.06.2010 17:42:03 | Computer Name = WALTERMOBIL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-17 22:42:00', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamgui.exe','4004',0)
 
Error - 17.06.2010 17:43:27 | Computer Name = WALTERMOBIL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-17 22:43:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3392',0)
 
Error - 17.06.2010 18:01:09 | Computer Name = WALTERMOBIL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-17 23:01:09', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','1100',0)
 
Error - 18.06.2010 00:38:20 | Computer Name = WALTERMOBIL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-18 05:38:20', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','1824',0)
 
 
< End of report >

--- --- ---

+max+ · 19.06.2010, 10:55

Das Problem mit den Explorer-Seiten hat sich mitlerweile (anscheinend) gelöst...

Larusso · 19.06.2010, 11:04

Sieht eigentlich gut aus.

Was kannst Du mir dazu sagen ? Dir bekannt

C:\WINDOWS\WECO Feuerwerk.exe

+max+ · 19.06.2010, 11:09

Ja ist bekannt...
Ist ein Bildschirmschoner ....

Larusso · 19.06.2010, 11:21

Okay, dann reparieren wir das ganze mal. Ist nämlich infiziert worden

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.

Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
Danach wieder anstellen nicht vergessen!
Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.

Anwendung

Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:

Code:

ATTFilter

KillAll::
RenV::
c:\windows\WECO Feuerwerk .exe
C:\WINDOWS\WECO Feuerwerk .scr
C:\WINDOWS\WECO Feuerwerk .ini
C:\WINDOWS\WECO Feuerwerk .c1
C:\WINDOWS\WECO Feuerwerk .c3
C:\WINDOWS\WECO Feuerwerk .ico
C:\WINDOWS\WECO Feuerwerk .bmp
C:\WINDOWS\WECO Feuerwerk .swf
C:\WINDOWS\WECO Feuerwerk .c4

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Firewall Service"=-

Speichere dies als CFScript.txt auf Deinem Desktop
.

.
In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507AEDA
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B3AE54
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46700142
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E6616C
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49FF93
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0DD063D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09867A8B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8776F88E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8F2382B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F264BECE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B268A25C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77F07255
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A109A3D0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0207B271
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB3187E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12A8EFF7
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5BCA2A0
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01
:services
:files
C:\sqmnoopt*.sqm
C:\sqmdata*.sqm
:reg
:Commands
[purity]
[emptytemp]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Bitte poste in Deiner nächsten Antwort
COmbofix.txt
OTLfix.txt
OTL.txt

18.06.2010, 22:06	#7
Larusso /// Selecta Jahrusso	Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und... Poste mal die OTL Logfiles __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

18.06.2010, 22:11	#9
Larusso /// Selecta Jahrusso	Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und... folge den anweisungen am desktop __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und...

Plagegeister aller Art und deren Bekämpfung: Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und...