Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.07.2010, 10:24   #1
mindflay
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



Habe heute einen richtigen Kampf gegen Trojaner hinter mir. Bin mir leider nicht mehr sicher welche Datei wohl der Auslöser war, auf jeden Fall hatte Sophos Antivirus zuerst einen Trojaner vom Typ Bredolab und Agent2!K entdeckt, später dann in 4 versch. exe in system32 den Virus zbot-memA die ich aber alle unter Quarantäne stellen konnte (zbotkiller hat auch keine Funde mehr angezeigt nach einem scan)

3 Maleware Viren wurden auch noch von Malewarebytes erkannt und in Quarantäne verschoben, ich werde nachfolgend noch logs einfügen. Da es sich bei Bredolab wohl um einem ziemlich bösen Backdoortrojaner handelt, der sich noch Unterstützung holt bin ich jetzt nicht sicher ob ich alles erwischt habe.

Habe vorher noch CCleaner drüber laufen lassen, wie in der Beschreibung verlangt.

Wär super wenn jemand mal kurz drüberschaut :-) Vielen dank schon mal im voraus!

Hier der vollständige Scan von Malwarebytes

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4347

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.07.2010 11:03:31
mbam-log-2010-07-26 (11-03-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|Q:\|)
Durchsuchte Objekte: 207872
Laufzeit: 43 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und hier OTL Scan:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/26/2010 11:07:07 AM - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\mozzquito\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 72.76 Gb Free Space | 48.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 71.80 Mb Free Space | 71.80% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mozzquito\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\mozzquito\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3725.dll ()
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (cvhsvc) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva337) -- C:\Windows\System32\XDva337.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 81 7C 6A 55 B9 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 22:32:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 22:32:40 | 000,000,000 | ---D | M]
 
[2010/03/06 10:42:37 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\extensions
[2010/03/06 10:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/07/25 22:32:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/07/23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/07/23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/07/23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/07/23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/26 10:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/26 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/26 00:22:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 23:01:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/25 22:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/25 14:03:12 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\Sophos
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 12:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2010/07/25 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\Malwarebytes
[2010/07/25 11:08:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:08:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/25 10:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/18 20:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2010/07/18 13:04:19 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/07/18 13:04:19 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/07/18 13:04:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/07/18 13:04:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/07/18 13:04:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/07/18 13:04:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/07/18 13:04:19 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/07/18 13:04:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/07/18 13:04:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/07/18 13:04:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/07/18 13:04:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/07/18 13:04:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/07/18 13:04:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/07/18 13:04:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/07/18 13:04:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/07/18 12:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Headup Games
[2010/07/18 10:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/07/18 08:36:10 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/07/18 08:36:09 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/07/18 08:36:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/07/18 08:36:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/07/18 08:36:09 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/07/18 08:36:06 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/07/18 08:36:06 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/07/18 08:36:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/07/18 08:36:06 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/07/18 08:36:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/07/18 08:36:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/07/18 08:36:04 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/07/18 08:36:04 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/07/17 23:17:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/17 22:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/26 11:06:51 | 000,786,432 | -HS- | M] () -- C:\Users\Sternchen\NTUSER.DAT
[2010/07/26 10:16:41 | 000,000,965 | ---- | M] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 10:03:30 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 10:03:30 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 09:55:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/26 09:55:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/26 09:55:05 | 1583,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 00:22:12 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | M] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:03:21 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/25 11:03:20 | 000,730,268 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/25 11:03:20 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/19 08:13:14 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/18 20:14:17 | 000,001,238 | ---- | M] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
 
========== Files Created - No Company Name ==========
 
[2010/07/26 10:16:41 | 000,000,965 | ---- | C] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 00:22:12 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | C] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 20:14:17 | 000,001,238 | ---- | C] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
[2010/06/05 10:46:37 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010/06/05 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\DAEMON Tools Lite
[2010/06/05 10:45:42 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\DAEMON Tools Pro
[2010/03/17 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\EVEMon
[2010/03/06 10:42:30 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Foxit
[2010/03/01 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\OpenOffice.org
[2010/07/25 22:50:46 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---



Teil 2 von OTL

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/26/2010 11:07:07 AM - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\mozzquito\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 72.76 Gb Free Space | 48.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 71.80 Mb Free Space | 71.80% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ******
Current User Name: ******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{744DD571-3D2B-4BC8-B129-BF6929020CD3}" = Yu-Gi-Oh! ONLINE 3
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C6866249-495A-4ED7-AD69-99336B5E86E4}" = GUILTY GEAR XX #RELOAD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"487C950AA9A6E2CC1EEEB1B475A4B24F64A14598" = Windows Driver Package - Intel Corporation (igfx) Display  (06/03/2009 8.15.10.1808)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Ask Toolbar_is1" = Foxit Toolbar
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"EVE" = EVE Online (remove only)
"FE343B236C75B9B2EAF76AAF216635CB92B42196" = Windows Driver Package - Intel(R) Corporation (IntcHdmiAddService) MEDIA  (05/26/2009 6.10.01.2073)
"Foxit Reader" = Foxit Reader
"GREED - Black Border_is1" = GREED - Black Border
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Sacred Underworld_is1" = Sacred Underworld
"Street Gears_is1" = Street Gears
"SystemRequirementsLab" = System Requirements Lab
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 7/24/2010 8:25:42 AM | Computer Name = *** | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3828 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: eac    Start
 Time: 01cb2b2b34865083    Termination Time: 140    Application Path: C:\Program Files\Mozilla
 Firefox\firefox.exe    Report Id: 9181bbaf-971e-11df-b3aa-00248c64ce1e  
 
Error - 7/24/2010 8:29:20 AM | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 7/25/2010 4:51:32 AM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 7/25/2010 6:55:04 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: tc6.exe, version: 6.0.0.0, time stamp: 
0x2a425e19  Faulting module name: tc6.exe, version: 6.0.0.0, time stamp: 0x2a425e19
Exception
 code: 0xc0000005  Fault offset: 0x00001f6c  Faulting process id: 0x134  Faulting application
 start time: 0x01cb2be7ba5345c2  Faulting application path: C:\Program Files\Trojancheck
 6\tc6.exe  Faulting module path: C:\Program Files\Trojancheck 6\tc6.exe  Report Id:
 13cf1942-97db-11df-85c3-00248c64ce1e
 
Error - 7/25/2010 6:56:04 AM | Computer Name = **** | Source = Application Error | ID = 1000
Description = Faulting application name: tc6.exe, version: 6.0.0.0, time stamp: 
0x2a425e19  Faulting module name: tc6.exe, version: 6.0.0.0, time stamp: 0x2a425e19
Exception
 code: 0xc0000005  Fault offset: 0x00001f6c  Faulting process id: 0x11e4  Faulting application
 start time: 0x01cb2be7e7977189  Faulting application path: C:\Program Files\Trojancheck
 6\tc6.exe  Faulting module path: C:\Program Files\Trojancheck 6\tc6.exe  Report Id:
 37865d4a-97db-11df-85c3-00248c64ce1e
 
Error - 7/25/2010 7:22:52 AM | Computer Name = **** | Source = Application Error | ID = 1000
Description = Faulting application name: a2emergencykit.exe, version: 1.0.0.10, 
time stamp: 0x4c43c2d3  Faulting module name: ntdll.dll, version: 6.1.7600.16559, 
time stamp: 0x4ba9b21e  Exception code: 0xc0000005  Fault offset: 0x000555ea  Faulting
 process id: 0x1154  Faulting application start time: 0x01cb2beaec7b4407  Faulting application
 path: C:\Users\mozzquito\Documents\TROJANERTOD\run\a2emergencykit.exe  Faulting module
 path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: f6381371-97de-11df-85c3-00248c64ce1e
 
Error - 7/25/2010 7:35:10 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: a2emergencykit.exe, version: 1.0.0.10, 
time stamp: 0x4c43c2d3  Faulting module name: ntdll.dll, version: 6.1.7600.16559, 
time stamp: 0x4ba9b21e  Exception code: 0xc0000005  Fault offset: 0x000555ea  Faulting
 process id: 0x12ac  Faulting application start time: 0x01cb2bec5fa15f24  Faulting application
 path: C:\Users\mozzquito\Documents\TROJANERTOD\run\a2emergencykit.exe  Faulting module
 path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: ae690735-97e0-11df-85c3-00248c64ce1e
 
Error - 7/25/2010 12:35:41 PM | Computer Name = **** | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
 cannot be returned.
 
Error - 7/25/2010 12:35:41 PM | Computer Name = **** | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
 cannot be returned.
 
Error - 7/26/2010 3:36:57 AM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://***.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
[ System Events ]
Error - 7/25/2010 4:50:14 PM | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.  
It has done this 1 time(s).  The following corrective action will be taken in 1000
 milliseconds: Restart the service.
 
Error - 7/25/2010 4:53:54 PM | Computer Name = *** | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:50:08 on ?25.?07.?2010 was unexpected.
 
Error - 7/25/2010 4:54:33 PM | Computer Name = *** | Source = BugCheck | ID = 1001
Description = 
 
Error - 7/25/2010 5:29:37 PM | Computer Name = *** | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{867F2A12-9895-45D2-937E-B1BCB503662A}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 7/26/2010 3:47:43 AM | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.  
It has done this 1 time(s).  The following corrective action will be taken in 1000
 milliseconds: Restart the service.
 
Error - 7/26/2010 3:49:33 AM | Computer Name = **** | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:47:44 on ?26.?07.?2010 was unexpected.
 
Error - 7/26/2010 3:50:09 AM | Computer Name = *** | Source = BugCheck | ID = 1001
Description = 
 
Error - 7/26/2010 3:52:55 AM | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.  
It has done this 1 time(s).  The following corrective action will be taken in 1000
 milliseconds: Restart the service.
 
Error - 7/26/2010 3:55:22 AM | Computer Name = **** | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:54:20 on ?26.?07.?2010 was unexpected.
 
Error - 7/26/2010 3:55:46 AM | Computer Name = *** | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von mindflay (26.07.2010 um 10:39 Uhr)

Alt 26.07.2010, 10:46   #2
Larusso
/// Selecta Jahrusso
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?





Da fehlen dann noch die Logs von ESET und Combofix
__________________

__________________

Alt 26.07.2010, 15:55   #3
mindflay
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



ESET hängt nach ca 17% und läuft nicht weiter, habe vorher Sophos und die Windows Firewall deaktiviert, habe es auch als Admin ausgeführt. Combofix hat mir ein unvollständiges Log ausgespuckt

ComboFix 10-07-24.06 - *** 26.07.2010 16:39:13.2.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1033.18.2013.1255 [GMT 2:00]
ausgeführt von:: C:\Users\mozzquito\Desktop\CoFi.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
C:\Install.exe
C:\Users\mozzquito\AppData\Roaming\Agki\kuoql.exe

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_osppsvc

Nachdem sich das Programm geschlosse hat, habe ich auch kein Log angezeigt bekommen. Dieses hier hab ich aus einem Ordner mit dem geänderten Programmnamen (CoFi15991C) Die kuoql.exe hatte ich auch schon in Verdacht. Ist bei Total Virus aber nur 3 Scannern aufgefallen.
__________________

Geändert von mindflay (26.07.2010 um 16:01 Uhr)

Alt 26.07.2010, 16:07   #4
Larusso
/// Selecta Jahrusso
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Doppelklick auf die load.exe
  • Belasse die Häckchen wie sie sind.
  • Schließe nun alle offenen Programme.
  • Klicke auf Download
  • Bitte während dem Download nicht in das Fenster klicken.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 26.07.2010, 17:01   #5
mindflay
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



Hab am Ende des Scans nur eine OTL bekommen, keine Extras.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/26/2010 5:50:43 PM - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\mozzquito\Desktop\MFTools
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 92.84 Gb Free Space | 62.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 71.75 Mb Free Space | 71.76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mozzquito\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\mozzquito\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Internet Explorer\ieproxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\System32\StructuredQuery.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\slc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SearchFolder.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\fms.dll (Windows (R) Codename Longhorn DDK provider)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3725.dll ()
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (cvhsvc) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva337) -- C:\Windows\System32\XDva337.sys File not found
DRV - (catchme) -- C:\Users\STERNC~1\AppData\Local\Temp\catchme.sys File not found
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 81 7C 6A 55 B9 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 16:01:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 22:32:40 | 000,000,000 | ---D | M]
 
[2010/07/26 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Extensions
[2010/03/06 10:42:37 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\extensions
[2010/03/06 10:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/07/26 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\Profiles\j4u0je23.default\extensions
[2010/07/25 22:32:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/07/23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/07/23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/07/23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/07/23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/07/26 16:26:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/07/26 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\WinRAR
[2010/07/26 17:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/26 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\Desktop\MFTools
[2010/07/26 16:50:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/26 16:46:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/26 16:38:37 | 000,000,000 | ---D | C] -- C:\CoFi15991C
[2010/07/26 16:38:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/26 16:38:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/26 16:24:26 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\temp
[2010/07/26 16:16:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/26 16:16:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/26 16:16:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/26 16:16:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/26 16:12:43 | 000,000,000 | ---D | C] -- C:\CoFi
[2010/07/26 16:01:19 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\Mozilla
[2010/07/26 10:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/26 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/26 00:22:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 23:01:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/25 22:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/25 14:03:12 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\Sophos
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 12:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2010/07/25 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\Malwarebytes
[2010/07/25 11:08:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:08:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/25 10:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/18 20:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2010/07/18 17:55:28 | 000,000,000 | ---D | C] -- C:\Sacred Gold
[2010/07/18 12:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Headup Games
[2010/07/18 10:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/07/17 23:17:28 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/07/17 22:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/07/04 16:11:57 | 000,000,000 | ---D | C] -- C:\Torchlight
[2010/06/15 09:34:28 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\Documents\Yu-Gi-Oh! ONLINE 3
[2010/06/15 09:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Konami
[2010/06/11 22:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/05 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/05 22:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\CAPCOM
[2010/06/05 22:08:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010/06/05 22:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010/06/05 22:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/06/05 22:05:25 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\DAEMON Tools Lite
[2010/06/05 21:57:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010/06/05 21:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/06/05 10:46:37 | 000,697,328 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/06/05 10:45:42 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\DAEMON Tools Pro
[2010/06/05 10:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010/06/02 20:33:41 | 000,093,688 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2010/05/23 11:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/05/22 08:45:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
 
========== Files - Modified Within 90 Days ==========
 
[2010/07/26 17:50:46 | 000,786,432 | -HS- | M] () -- C:\Users\Sternchen\NTUSER.DAT
[2010/07/26 17:22:30 | 000,000,894 | ---- | M] () -- C:\Users\Sternchen\Desktop\NTREGOPT.lnk
[2010/07/26 17:22:30 | 000,000,875 | ---- | M] () -- C:\Users\Sternchen\Desktop\ERUNT.lnk
[2010/07/26 17:15:56 | 000,284,915 | ---- | M] () -- C:\Users\Sternchen\Desktop\Gmer.zip
[2010/07/26 16:47:12 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 16:47:12 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 16:46:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/26 16:37:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/26 16:37:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/26 16:37:11 | 1583,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 16:36:28 | 001,704,712 | -H-- | M] () -- C:\Users\Sternchen\AppData\Local\IconCache.db
[2010/07/26 16:26:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/26 16:01:21 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/07/26 10:16:41 | 000,000,965 | ---- | M] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 00:22:12 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | M] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:03:21 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/25 11:03:20 | 000,730,268 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/25 11:03:20 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/19 08:13:14 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/18 20:14:17 | 000,001,238 | ---- | M] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
[2010/06/15 09:31:30 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Yu-Gi-Oh! ONLINE 3.lnk
[2010/06/05 22:05:43 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/06/05 10:46:37 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/06/02 20:35:40 | 000,000,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2010/06/02 20:33:53 | 000,130,088 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2010/06/02 20:33:41 | 000,093,688 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010/07/26 17:34:07 | 000,293,376 | ---- | C] () -- C:\Users\Sternchen\Desktop\gmer.exe
[2010/07/26 17:22:30 | 000,000,894 | ---- | C] () -- C:\Users\Sternchen\Desktop\NTREGOPT.lnk
[2010/07/26 17:22:30 | 000,000,875 | ---- | C] () -- C:\Users\Sternchen\Desktop\ERUNT.lnk
[2010/07/26 17:14:34 | 000,284,915 | ---- | C] () -- C:\Users\Sternchen\Desktop\Gmer.zip
[2010/07/26 16:16:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/26 16:16:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/26 16:16:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/26 16:16:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/26 16:16:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/26 16:01:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/26 10:16:41 | 000,000,965 | ---- | C] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 00:22:12 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | C] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 20:14:17 | 000,001,238 | ---- | C] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
[2010/06/15 09:31:30 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Yu-Gi-Oh! ONLINE 3.lnk
[2010/06/05 22:05:43 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010/06/05 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\DAEMON Tools Lite
[2010/06/05 10:45:42 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\DAEMON Tools Pro
[2010/03/17 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\EVEMon
[2010/03/06 10:42:30 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Foxit
[2010/03/01 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\OpenOffice.org
[2010/07/25 22:50:46 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/07/26 16:37:11 | 1583,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/12/20 17:22:08 | 000,001,083 | ---- | M] () -- C:\Musik - Verknüpfung.lnk
[2010/07/26 16:37:14 | 2111,033,344 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-25 09:03:34
< End of report >
         
--- --- ---

GMER Logfile:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://wxw.gmer.net
Rootkit scan 2010-07-26 17:41:34
Windows 6.1.7600 
Running: gmer.exe; Driver: C:\Users\STERNC~1\AppData\Local\Temp\awlcrfob.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E3AAF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E3A104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E3A3F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E22634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E22898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E3A1DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E3A958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E3A6F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E3AF2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                             82E3B1A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                      82A53599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                               82A77F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           peauth.sys                                                                                                           A9283C9D 28 Bytes  CALL F11A2F7B 
.text           peauth.sys                                                                                                           A9283CC1 28 Bytes  CALL F11A2F9F 
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                           The system cannot find the file specified. !
?               C:\Users\STERNC~1\AppData\Local\Temp\catchme.sys                                                                     The system cannot find the file specified. !
?               C:\Users\STERNC~1\AppData\Local\Temp\mbr.sys                                                                         The system cannot find the file specified. !
.text           autochk.exe                                                                                                          007411E0 1 Byte  [18]
.text           autochk.exe                                                                                                          007411E0 3 Bytes  [18, 00, 01]
.text           autochk.exe                                                                                                          007411E4 1 Byte  [06]
.text           autochk.exe                                                                                                          007411E7 2 Bytes  [0C, F6] {OR AL, 0xf6}
.text           autochk.exe                                                                                                          007411EA 1 Byte  [1B]
.text           ...                                                                                                                  

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2248] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [74E45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2248] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [74E45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [74E45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [74E45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2248] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [74E45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2248] @ C:\Windows\system32\WinInet.dll [KERNEL32.dll!GetProcAddress]   [74E45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                                    halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                  0x2A 0x38 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                               0x5D 0x9D 0x5D 0x43 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                      0xCA 0xD9 0x4D 0x2A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                 0x2C 0x92 0x18 0x90 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                      0x2A 0x38 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                   0x5D 0x9D 0x5D 0x43 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0xCA 0xD9 0x4D 0x2A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                     0x2C 0x92 0x18 0x90 ...

---- EOF - GMER 1.0.15 ----
         
[/CODE]
--- --- ---
--- --- ---

--- --- ---

--- --- ---


Zitat:
Malwarebytes' Anti-Malware 1.46
wxw.malwarebytes.org

Datenbank Version: 4352

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.07.2010 17:33:16
mbam-log-2010-07-26 (17-33-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133247
Laufzeit: 8 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alt 26.07.2010, 17:33   #6
Larusso
/// Selecta Jahrusso
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button drücken.
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User: müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.


Schritt 2

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
__________________
--> Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?

Alt 27.07.2010, 09:28   #7
mindflay
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



Hallo, erstmal danke nochmal für deine Hilfe. ESET Online Scanner hängt leider immer noch. Hab es gestern einige male versucht. Bei 20% bei der letzten Winrar Datei im Format Ordner (egal welche Datei, hab mal die letzte rausgenommen, dann hängt er bei der vorletzten).

Hatte Firewall und Virenscanner aus und hab IE als Admin ausgeführt. Auch als Download in Firefox hab ich dasselbe Problem. Hab jetzt ne Adware Meldung bekommen über NirCMD.exe.

Vielleicht hilft die OTL schon weiter.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/27/2010 10:16:06 AM - Run 4
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\mozzquito\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 90.63 Gb Free Space | 60.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 71.75 Mb Free Space | 71.76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: Sternchen
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mozzquito\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\mozzquito\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3725.dll ()
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (cvhsvc) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva337) -- C:\Windows\System32\XDva337.sys File not found
DRV - (catchme) -- C:\Users\STERNC~1\AppData\Local\Temp\catchme.sys File not found
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD BC 1A EE EB 2C CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 16:01:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 22:32:40 | 000,000,000 | ---D | M]
 
[2010/07/26 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Extensions
[2010/03/06 10:42:37 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\extensions
[2010/03/06 10:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/07/26 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\Profiles\j4u0je23.default\extensions
[2010/07/25 22:32:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/07/23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/07/23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/07/23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/07/23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/07/26 16:26:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/26 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\WinRAR
[2010/07/26 17:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/26 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\Desktop\MFTools
[2010/07/26 16:50:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/26 16:46:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/26 16:38:37 | 000,000,000 | ---D | C] -- C:\CoFi15991C
[2010/07/26 16:38:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/26 16:38:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/26 16:24:26 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\temp
[2010/07/26 16:16:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/26 16:16:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/26 16:16:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/26 16:12:43 | 000,000,000 | ---D | C] -- C:\CoFi
[2010/07/26 16:01:19 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\Mozilla
[2010/07/26 10:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/26 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/26 00:22:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 23:01:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/25 22:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/25 14:03:12 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\Sophos
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 12:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2010/07/25 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\Malwarebytes
[2010/07/25 11:08:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:08:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/25 10:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/18 20:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2010/07/18 17:55:28 | 000,000,000 | ---D | C] -- C:\Sacred Gold
[2010/07/18 13:04:19 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/07/18 13:04:19 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/07/18 13:04:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/07/18 13:04:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/07/18 13:04:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/07/18 13:04:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/07/18 13:04:19 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/07/18 13:04:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/07/18 13:04:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/07/18 13:04:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/07/18 13:04:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/07/18 13:04:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/07/18 13:04:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/07/18 13:04:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/07/18 13:04:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/07/18 12:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Headup Games
[2010/07/18 10:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/07/18 08:36:10 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/07/18 08:36:09 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/07/18 08:36:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/07/18 08:36:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/07/18 08:36:09 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/07/18 08:36:06 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/07/18 08:36:06 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/07/18 08:36:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/07/18 08:36:06 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/07/18 08:36:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/07/18 08:36:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/07/18 08:36:04 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/07/18 08:36:04 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/07/17 23:17:28 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/07/17 22:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/07/04 16:11:57 | 000,000,000 | ---D | C] -- C:\Torchlight
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/27 10:20:20 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 10:20:20 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 10:18:17 | 000,786,432 | -HS- | M] () -- C:\Users\Sternchen\NTUSER.DAT
[2010/07/27 10:12:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/27 10:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/27 10:12:01 | 1583,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 19:23:11 | 002,672,312 | ---- | M] () -- C:\Users\Sternchen\Desktop\esetsmartinstaller_enu.exe
[2010/07/26 18:10:52 | 001,735,522 | -H-- | M] () -- C:\Users\Sternchen\AppData\Local\IconCache.db
[2010/07/26 17:22:30 | 000,000,894 | ---- | M] () -- C:\Users\Sternchen\Desktop\NTREGOPT.lnk
[2010/07/26 17:22:30 | 000,000,875 | ---- | M] () -- C:\Users\Sternchen\Desktop\ERUNT.lnk
[2010/07/26 17:15:56 | 000,284,915 | ---- | M] () -- C:\Users\Sternchen\Desktop\Gmer.zip
[2010/07/26 16:46:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/26 16:26:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/26 16:01:21 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/07/26 10:16:41 | 000,000,965 | ---- | M] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 00:22:12 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | M] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:03:21 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/25 11:03:20 | 000,730,268 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/25 11:03:20 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/19 08:13:14 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/18 20:14:17 | 000,001,238 | ---- | M] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
 
========== Files Created - No Company Name ==========
 
[2010/07/26 19:22:59 | 002,672,312 | ---- | C] () -- C:\Users\Sternchen\Desktop\esetsmartinstaller_enu.exe
[2010/07/26 17:34:07 | 000,293,376 | ---- | C] () -- C:\Users\Sternchen\Desktop\gmer.exe
[2010/07/26 17:22:30 | 000,000,894 | ---- | C] () -- C:\Users\Sternchen\Desktop\NTREGOPT.lnk
[2010/07/26 17:22:30 | 000,000,875 | ---- | C] () -- C:\Users\Sternchen\Desktop\ERUNT.lnk
[2010/07/26 17:14:34 | 000,284,915 | ---- | C] () -- C:\Users\Sternchen\Desktop\Gmer.zip
[2010/07/26 16:16:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/26 16:16:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/26 16:16:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/26 16:16:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/26 16:16:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/26 16:16:36 | 000,031,232 | ---- | C] () -- C:\Windows\NIRCMD.exe
[2010/07/26 16:01:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/26 10:16:41 | 000,000,965 | ---- | C] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 00:22:12 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | C] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 20:14:17 | 000,001,238 | ---- | C] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/27/2010 10:16:06 AM - Run 4
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\mozzquito\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 90.63 Gb Free Space | 60.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 71.75 Mb Free Space | 71.76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: Sternchen
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{744DD571-3D2B-4BC8-B129-BF6929020CD3}" = Yu-Gi-Oh! ONLINE 3
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C6866249-495A-4ED7-AD69-99336B5E86E4}" = GUILTY GEAR XX #RELOAD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"487C950AA9A6E2CC1EEEB1B475A4B24F64A14598" = Windows Driver Package - Intel Corporation (igfx) Display  (06/03/2009 8.15.10.1808)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Ask Toolbar_is1" = Foxit Toolbar
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVE" = EVE Online (remove only)
"FE343B236C75B9B2EAF76AAF216635CB92B42196" = Windows Driver Package - Intel(R) Corporation (IntcHdmiAddService) MEDIA  (05/26/2009 6.10.01.2073)
"Foxit Reader" = Foxit Reader
"GREED - Black Border_is1" = GREED - Black Border
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Sacred Underworld_is1" = Sacred Underworld
"Street Gears_is1" = Street Gears
"SystemRequirementsLab" = System Requirements Lab
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 7/25/2010 12:35:41 PM | Computer Name = SterndiePC | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
 cannot be returned.
 
Error - 7/25/2010 12:35:41 PM | Computer Name = SterndiePC | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
 cannot be returned.
 
Error - 7/26/2010 3:36:57 AM | Computer Name = SterndiePC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 7/26/2010 5:50:15 AM | Computer Name = SterndiePC | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
 cannot be returned.
 
Error - 7/26/2010 5:50:15 AM | Computer Name = SterndiePC | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
 cannot be returned.
 
Error - 7/26/2010 10:21:09 AM | Computer Name = SterndiePC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 7/26/2010 10:42:49 AM | Computer Name = SterndiePC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 7/26/2010 10:47:50 AM | Computer Name = SterndiePC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0061-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: The server name or address could not be resolved  
 
Error - 7/26/2010 1:23:20 PM | Computer Name = SterndiePC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 7/26/2010 1:23:20 PM | Computer Name = SterndiePC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
[ System Events ]
Error - 7/26/2010 3:53:24 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...00248C64CE1E}.dat]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 iexplore.exe, (start check timestamp [ 1cb2cfc352d8b6b]).  
 
Error - 7/26/2010 3:53:24 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...stem32\tquery.dll]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 iexplore.exe, (start check timestamp [ 1cb2cfc353bd3ac]).  
 
Error - 7/26/2010 3:53:24 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...2\NLSData0007.dll]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 SearchIndexer., (start check timestamp [ 1cb2cfc3540966d]).  
 
Error - 7/26/2010 3:53:24 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...SLexicons0007.dll]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 SearchIndexer., (start check timestamp [ 1cb2cfc3542f7cd]).  
 
Error - 7/26/2010 3:53:24 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...\System32\Wpc.dll]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 iexplore.exe, (start check timestamp [ 1cb2cfc354a1bee]).  
 
Error - 7/26/2010 3:53:24 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...tem32\wevtapi.dll]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 iexplore.exe, (start check timestamp [ 1cb2cfc354edeaf]).  
 
Error - 7/26/2010 3:53:24 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...Files\desktop.ini]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 iexplore.exe, (start check timestamp [ 1cb2cfc3551400f]).  
 
Error - 7/26/2010 3:53:29 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...\Desktop\CoFi.exe]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 explorer.exe, (start check timestamp [ 1cb2cfc384af866]).  
 
Error - 7/26/2010 3:53:29 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...esktop\Sacred.lnk]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 explorer.exe, (start check timestamp [ 1cb2cfc386788ea]).  
 
Error - 7/27/2010 4:13:12 AM | Computer Name = SterndiePC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
 
< End of report >
         
--- --- ---

Alt 27.07.2010, 10:01   #8
Larusso
/// Selecta Jahrusso
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



Schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Schritt 2

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
  • Schließe alle Browserfenster.
  • Doppelklicke die JavaRa.exe, um das Programm zu starten.
  • Die Sprache auswählen, nimm Englisch und klicke "Select".
  • Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
  • Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
  • Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
  • Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
  • Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
  • Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
  • Rechner neu starten.
Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.


Schritt 3

Deinstalliere
Foxit Toolbar



Schritt 4

Peer to peer oder filesharing software

Deine Logfile(s) zeigen mir das Du sogenannte Peer to Peer oder Filesharing Programme verwendest ( Bei Dir BitTorrent ). Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Heutzutage bekommt Cyber Crime einen immer höher werdenden Status und die Ausmaße sind enorm. Leider ist auch p2p oder Filesharing davon nicht ausgenommen. Es dient auch dazu, infizierte Dateien zu verbreiten und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äusserster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Du setzt Dich also selbst dem Risiko einer Anklage durch Orginastionen ( oder dem Author der "Datei" selbst ) die diese Rechte überwachen
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere (falls vorhanden) BitTorrent

Bitte sag bescheid wenn Du eines der gelisteten Software nicht finden kannst.


Schritt 5
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
  • Java muss installiert, aktiv und erlaubt sein.
  • Bebilderte Anleitung von sundavis.
  • Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.
  • Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
  • Die Datenschutzerklärung akzeptieren.
  • Programm installieren lassen.
  • Update der Signaturen installieren lassen.
  • Wenn der Status "Complete" ist,
  • Scan-Einstellungen (Settings) Standard lassen
  • Links den Link "My Computer" anklicken.
  • Scan beginnt automatisch.
  • Wenn der Scan fertig ist, auf "View scan report" klicken,
  • "Save report as" und Dateityp auf .txt umstellen,
  • und auf dem Desktop als Kaspersky.txt speichern.
  • Logdatei hier posten.
  • Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.


Schritt 6

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
Kaspersky.txt
OTL.txt
Extras.txt
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 28.07.2010, 12:52   #9
mindflay
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



Zitat:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, July 28, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, July 27, 2010 08:05:37
Records in database: 4196059
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
F:\
G:\
Q:\

Scan statistics:
Objects scanned: 81912
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:52:36

No threats found. Scanned area is clean.

Selected area has been scanned.
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/28/2010 1:44:41 PM - Run 5
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Sternchen\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 86.03 Gb Free Space | 57.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 71.75 Mb Free Space | 71.76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: Sternchen
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sternchen\AppData\Local\temp\jkos-Sternchen\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Users\Sternchen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Sternchen\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3725.dll ()
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (cvhsvc) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva337) -- C:\Windows\System32\XDva337.sys File not found
DRV - (catchme) -- C:\Users\STERNC~1\AppData\Local\Temp\catchme.sys File not found
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD BC 1A EE EB 2C CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 16:01:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 10:21:44 | 000,000,000 | ---D | M]
 
[2010/07/26 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Extensions
[2010/07/26 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Sternchen\AppData\Roaming\Mozilla\Firefox\Profiles\j4u0je23.default\extensions
[2010/07/28 11:00:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 10:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 11:00:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/28 11:00:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/07/23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/07/23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/07/23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/07/23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/07/26 16:26:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/28 13:44:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Sternchen\Desktop\OTL.exe
[2010/07/28 10:59:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/28 10:59:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/28 10:59:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/28 10:58:40 | 016,299,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Sternchen\Desktop\jre-6u21-windows-i586-s.exe
[2010/07/28 10:58:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/28 10:54:22 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\Opera
[2010/07/28 10:54:22 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\Opera
[2010/07/28 10:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/07/28 10:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Sternchen\Desktop\%APPDATA%
[2010/07/28 10:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/28 10:21:44 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/28 10:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/28 10:16:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/07/28 10:09:40 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Sternchen\Desktop\JavaRa.exe
[2010/07/26 17:34:07 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\WinRAR
[2010/07/26 17:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/26 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\Desktop\MFTools
[2010/07/26 16:50:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/26 16:46:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/26 16:38:37 | 000,000,000 | ---D | C] -- C:\CoFi15991C
[2010/07/26 16:38:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/26 16:38:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/26 16:24:26 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\temp
[2010/07/26 16:16:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/26 16:16:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/26 16:16:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/26 16:16:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/26 16:12:43 | 000,000,000 | ---D | C] -- C:\CoFi
[2010/07/26 16:01:19 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\Mozilla
[2010/07/26 10:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/26 00:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/26 00:22:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 23:01:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/25 22:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/25 14:03:12 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Local\Sophos
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/25 13:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/25 12:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2010/07/25 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\Sternchen\AppData\Roaming\Malwarebytes
[2010/07/25 11:08:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:08:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 11:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/25 10:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/18 20:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2010/07/18 17:55:28 | 000,000,000 | ---D | C] -- C:\Sacred Gold
[2010/07/18 13:04:19 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/07/18 13:04:19 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/07/18 13:04:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/07/18 13:04:19 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/07/18 13:04:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/07/18 13:04:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/07/18 13:04:19 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/07/18 13:04:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/07/18 13:04:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/07/18 13:04:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/07/18 13:04:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/07/18 13:04:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/07/18 13:04:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/07/18 13:04:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/07/18 13:04:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/07/18 12:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Headup Games
[2010/07/18 10:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/07/18 08:36:10 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/07/18 08:36:09 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/07/18 08:36:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/07/18 08:36:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/07/18 08:36:09 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/07/18 08:36:06 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/07/18 08:36:06 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/07/18 08:36:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/07/18 08:36:06 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/07/18 08:36:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/07/18 08:36:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/07/18 08:36:04 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/07/18 08:36:04 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/07/17 23:17:28 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/07/17 22:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/17 22:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/07/04 16:11:57 | 000,000,000 | ---D | C] -- C:\Torchlight
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/28 13:44:48 | 000,786,432 | -HS- | M] () -- C:\Users\Sternchen\NTUSER.DAT
[2010/07/28 11:00:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/28 11:00:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/28 11:00:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/28 11:00:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/28 10:59:21 | 016,299,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Sternchen\Desktop\jre-6u21-windows-i586-s.exe
[2010/07/28 10:54:19 | 000,000,827 | ---- | M] () -- C:\Users\Sternchen\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/28 10:54:19 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/07/28 10:44:26 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/28 10:44:26 | 000,017,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/28 09:59:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/28 09:59:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/28 09:59:07 | 1583,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 18:10:52 | 001,735,522 | -H-- | M] () -- C:\Users\Sternchen\AppData\Local\IconCache.db
[2010/07/26 17:22:30 | 000,000,894 | ---- | M] () -- C:\Users\Sternchen\Desktop\NTREGOPT.lnk
[2010/07/26 17:22:30 | 000,000,875 | ---- | M] () -- C:\Users\Sternchen\Desktop\ERUNT.lnk
[2010/07/26 17:15:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sternchen\Desktop\OTL.exe
[2010/07/26 17:15:56 | 000,284,915 | ---- | M] () -- C:\Users\Sternchen\Desktop\Gmer.zip
[2010/07/26 16:46:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/26 16:26:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/26 16:01:21 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/07/26 10:16:41 | 000,000,965 | ---- | M] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 00:22:12 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | M] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:03:21 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/25 11:03:20 | 000,730,268 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/25 11:03:20 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/19 08:13:14 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/18 20:14:17 | 000,001,238 | ---- | M] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/07/28 10:54:19 | 000,000,827 | ---- | C] () -- C:\Users\Sternchen\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/28 10:54:19 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/07/28 10:09:40 | 000,245,103 | ---- | C] () -- C:\Users\Sternchen\Desktop\JavaRa.def
[2010/07/26 17:34:07 | 000,293,376 | ---- | C] () -- C:\Users\Sternchen\Desktop\gmer.exe
[2010/07/26 17:22:30 | 000,000,894 | ---- | C] () -- C:\Users\Sternchen\Desktop\NTREGOPT.lnk
[2010/07/26 17:22:30 | 000,000,875 | ---- | C] () -- C:\Users\Sternchen\Desktop\ERUNT.lnk
[2010/07/26 17:14:34 | 000,284,915 | ---- | C] () -- C:\Users\Sternchen\Desktop\Gmer.zip
[2010/07/26 16:16:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/26 16:16:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/26 16:16:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/26 16:16:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/26 16:16:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/26 16:01:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/26 10:16:41 | 000,000,965 | ---- | C] () -- C:\Users\Sternchen\Desktop\CCleaner.lnk
[2010/07/26 00:22:12 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/07/25 22:32:42 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/25 13:43:39 | 000,001,216 | ---- | C] () -- C:\Users\Sternchen\Desktop\Spybot - Search & Destroy.lnk
[2010/07/25 11:08:43 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 20:14:17 | 000,001,238 | ---- | C] () -- C:\Users\Sternchen\Desktop\Sacred.lnk
[2010/07/18 13:02:11 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\GREED - Black Border.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/28/2010 1:44:41 PM - Run 5
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Sternchen\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 86.03 Gb Free Space | 57.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 100.00 Mb Total Space | 71.75 Mb Free Space | 71.76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: Sternchen
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{744DD571-3D2B-4BC8-B129-BF6929020CD3}" = Yu-Gi-Oh! ONLINE 3
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C6866249-495A-4ED7-AD69-99336B5E86E4}" = GUILTY GEAR XX #RELOAD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"487C950AA9A6E2CC1EEEB1B475A4B24F64A14598" = Windows Driver Package - Intel Corporation (igfx) Display  (06/03/2009 8.15.10.1808)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVE" = EVE Online (remove only)
"FE343B236C75B9B2EAF76AAF216635CB92B42196" = Windows Driver Package - Intel(R) Corporation (IntcHdmiAddService) MEDIA  (05/26/2009 6.10.01.2073)
"Foxit Reader" = Foxit Reader
"GREED - Black Border_is1" = GREED - Black Border
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Sacred Underworld_is1" = Sacred Underworld
"Street Gears_is1" = Street Gears
"SystemRequirementsLab" = System Requirements Lab
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 7/28/2010 4:16:52 AM | Computer Name = SterndiePC | Source = MsiInstaller | ID = 11723
Description = 
 
Error - 7/28/2010 4:19:02 AM | Computer Name = SterndiePC | Source = Application Error | ID = 1000
Description = Faulting application name: JavaRa.exe, version: 1.15.0.1745, time 
stamp: 0x4a5f7278  Faulting module name: ntdll.dll, version: 6.1.7600.16559, time 
stamp: 0x4ba9b21e  Exception code: 0xc0000005  Fault offset: 0x00052b58  Faulting process
 id: 0xa60  Faulting application start time: 0x01cb2e2d7d9ecde1  Faulting application
 path: C:\Users\Sternchen\Desktop\JavaRa.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: c704fffb-9a20-11df-89a8-00248c64ce1e
 
Error - 7/28/2010 4:29:05 AM | Computer Name = SterndiePC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, 
time stamp: 0x4a5bc69e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0xb18  Faulting application start time: 0x01cb2e2eeacbfdfc  Faulting application path:
 C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: unknown  Report
 Id: 2e7753fe-9a22-11df-89a8-00248c64ce1e
 
Error - 7/28/2010 4:29:13 AM | Computer Name = SterndiePC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, 
time stamp: 0x4a5bc69e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0xb94  Faulting application start time: 0x01cb2e2ef27c0390  Faulting application path:
 C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: unknown  Report
 Id: 3394c7a4-9a22-11df-89a8-00248c64ce1e
 
Error - 7/28/2010 4:29:22 AM | Computer Name = SterndiePC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, 
time stamp: 0x4a5bc69e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0xdf4  Faulting application start time: 0x01cb2e2ef8b97db7  Faulting application path:
 C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: unknown  Report
 Id: 386f755f-9a22-11df-89a8-00248c64ce1e
 
Error - 7/28/2010 4:34:49 AM | Computer Name = SterndiePC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, 
time stamp: 0x4a5bc69e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0xcc8  Faulting application start time: 0x01cb2e2fbc4abcfc  Faulting application path:
 C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: unknown  Report
 Id: fb71c2a7-9a22-11df-89a8-00248c64ce1e
 
Error - 7/28/2010 4:35:07 AM | Computer Name = SterndiePC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, 
time stamp: 0x4a5bc69e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0xf18  Faulting application start time: 0x01cb2e2fc4f39272  Faulting application path:
 C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: unknown  Report
 Id: 0674f3c0-9a23-11df-89a8-00248c64ce1e
 
Error - 7/28/2010 4:38:41 AM | Computer Name = SterndiePC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, 
time stamp: 0x4a5bc69e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0xc2c  Faulting application start time: 0x01cb2e2fc9a82a39  Faulting application path:
 C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: unknown  Report
 Id: 85b99e21-9a23-11df-89a8-00248c64ce1e
 
Error - 7/28/2010 4:38:49 AM | Computer Name = SterndiePC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385, 
time stamp: 0x4a5bc69e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0xc18  Faulting application start time: 0x01cb2e3048e5b079  Faulting application path:
 C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: unknown  Report
 Id: 8a95b341-9a23-11df-89a8-00248c64ce1e
 
Error - 7/28/2010 5:18:51 AM | Computer Name = SterndiePC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
[ System Events ]
Error - 7/26/2010 3:53:24 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...tem32\wevtapi.dll]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 iexplore.exe, (start check timestamp [ 1cb2cfc354edeaf]).  
 
Error - 7/26/2010 3:53:24 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...Files\desktop.ini]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 iexplore.exe, (start check timestamp [ 1cb2cfc3551400f]).  
 
Error - 7/26/2010 3:53:29 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...\Desktop\CoFi.exe]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 explorer.exe, (start check timestamp [ 1cb2cfc384af866]).  
 
Error - 7/26/2010 3:53:29 PM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997781
Description =   File [...esktop\Sacred.lnk]'s scan succeeded following a timeout/busy
 condition - it is being logged in case it contributed to that condition. Process
 explorer.exe, (start check timestamp [ 1cb2cfc386788ea]).  
 
Error - 7/27/2010 4:13:12 AM | Computer Name = SterndiePC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 7/27/2010 12:36:05 PM | Computer Name = SterndiePC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 7/27/2010 3:55:06 PM | Computer Name = SterndiePC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 7/28/2010 4:00:04 AM | Computer Name = SterndiePC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 7/28/2010 4:04:28 AM | Computer Name = SterndiePC | Source = SAVOnAccess | ID = 3997733
Description = Driver threads still active when driver is being shutdown.
 
Error - 7/28/2010 4:04:28 AM | Computer Name = SterndiePC | Source = Service Control Manager | ID = 7034
Description = The Sophos Anti-Virus service terminated unexpectedly.  It has done
 this 1 time(s).
 
 
< End of report >
         
--- --- ---


Hatte zuerst etwas Probleme Kaspersky Online Scanner zum laufen zu bringen. Konnte mit IE nicht auf die Seite zugreifen. Nach dem dritten Versuch ging es dann doch.
Er hat auf jeden Fall nichts gefunden. Musste Java manuell installieren. Hab mir leider die Update 20 irgendwie raufgehaun werde ich aber mit dem Java Remove Old Files nochmal ändern.
Ansonsten habe ich keine Probleme mehr feststellen können.

Alt 28.07.2010, 14:13   #10
Larusso
/// Selecta Jahrusso
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



Logfile ist sauber

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 29.07.2010, 20:58   #11
mindflay
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



Danke für die ganzen Tipps. Vor allem die Host File ist ein super Tool. Hab mir auch eine Linux Partition gemacht, falls ich mal an empfindliche Dateien ran muss. Ist einfach sicherer

Alt 29.07.2010, 21:07   #12
Larusso
/// Selecta Jahrusso
 
Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Standard

Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?



Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich.

Jeder andere möge bitte einen eigenen Thread starten.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?
action center, akamai, antivirus, ask toolbar, autorun, backdoor, bho, black, browser, components, corp./icp, error, exe, failed, firefox, firefox.exe, flash player, fontcache, format, install.exe, keine funde, langs, location, logfile, maleware, mozilla, nicht sicher, ntdll.dll, nvstor.sys, oldtimer, otl scan, otl.exe, port, problem, programdata, realtek, registry, required, rundll, saver, scan, searchplugins, security, shell32.dll, sptd.sys, super, system, taskhost.exe, trojaner, viren, webcheck, xdva337




Ähnliche Themen: Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?


  1. Win8.1: Trojaner gefunden, nicht sicher ob entfernt
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (17)
  2. System care antivirus entfernt - PC sicher und sauber?
    Log-Analyse und Auswertung - 28.08.2013 (4)
  3. Mehrere Trojaner (bublik.I.9 und 10, PWS.Zbot, Ransom.Blocker) von Avira entdeckt!
    Log-Analyse und Auswertung - 12.05.2013 (11)
  4. File Restore Trojaner - ist er sicher entfernt?
    Log-Analyse und Auswertung - 16.11.2012 (2)
  5. Spyware.zbot von malwarebytes gefunden und angeblich entfernt - bin ich sicher oder versteckt es sich nur?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (5)
  6. Mehrere Trojaner (Zbot) nach Live Security Platimun-Befall gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (9)
  7. war mit Verschlüsselungs-Trojaner infiziert - sicher entfernt?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (3)
  8. Trojaner Security Shield sicher vom System entfernt?
    Log-Analyse und Auswertung - 06.04.2012 (12)
  9. Mehrere Malware plus appconf32.exe gelöscht. System sicher?
    Log-Analyse und Auswertung - 20.03.2012 (8)
  10. Trojaner sicher entfernt? oder recovery cd starten?
    Alles rund um Windows - 10.03.2012 (2)
  11. Trojan:Win32/Bublik.b vom MSEssentials entfernt. Ist das System jetzt sicher?
    Log-Analyse und Auswertung - 17.02.2012 (4)
  12. mehrere Trojaner (Spy Banker, Stolen Data, Malware Gen/Trace, Trojan Passwords, Zbot)
    Log-Analyse und Auswertung - 20.12.2011 (21)
  13. Personal Shield Pro v2.2 entfernt. Ist das System wieder sicher?
    Log-Analyse und Auswertung - 10.07.2011 (1)
  14. Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-(
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (0)
  15. virtumonde.dll und mehrere Trojaner - Pc jetzt sicher?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (13)
  16. Security Master AV entfernt. System nun sicher?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2010 (11)
  17. Trojaner sicher entfernt? - HJT-Logfile
    Log-Analyse und Auswertung - 04.04.2008 (3)

Zum Thema Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? - Habe heute einen richtigen Kampf gegen Trojaner hinter mir. Bin mir leider nicht mehr sicher welche Datei wohl der Auslöser war, auf jeden Fall hatte Sophos Antivirus zuerst einen Trojaner - Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?...
Archiv
Du betrachtest: Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.