winlogon-taskman-trojaner gefunden. Combofix ausführen oder nicht?

koma83 · 12.09.2010, 09:42

Hallo,

ich bin neu hier, und zur zeit von trojanern etc. auf meinen beiden rechnern geplagt. viel ahnung von alle dem habe ich leider nicht, und würde mich deshalb sehr über hilfe freuen.

Zu einem Rechner:
Also gestern habe ich bei einem check mit Malwarebytes folgendes gefunden:

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Nun bin ich mir nicht sicher ob der rechner wieder sauber ist. ich habe im forum ein thema gefunden, dass sich mit dem selben problem beschäftigt unter dem titel "Kann winlogon\taskman trojaner nicht entfernen, was tun?

bin also die ersten schritte genau so durchgegangen. bis ich zu dem schritt des combofix kam.

da ist mir die warnung ins auge gesprungen, dass man combofix nie ohne professionelle hilfe ausführen sollte. deshalb bin ich nun hier.

meine bisherigen logfiles:

malewarebytes erster check mit fund:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4595

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/09/2010 4:08:55 AM
mbam-log-2010-09-12 (04-08-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 181142
Laufzeit: 33 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL check:

OTL logfile created on: 12/09/2010 4:24:40 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,015.00 Mb Total Physical Memory | 608.00 Mb Available Physical Memory | 60.00% Memory free
918.00 Mb Paging File | 623.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.00 Gb Total Space | 1.29 Gb Free Space | 8.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OKEEEPC
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Vpn Client Sydney\cvpnd.exe (Cisco Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Program Files\Vpn Client Sydney\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (RMWPService) -- C:\Program Files\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe (Apache Software Foundation)

========== Driver Services (SafeList) ==========

DRV - (SBRE) -- C:\WINDOWS\System32\drivers\SBREdrv.sys File not found
DRV - (ndfs) -- C:\Program Files\Netdrive\ndfs.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Ktp) -- C:\WINDOWS\system32\drivers\ETD.sys (ELANTECH Devices Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\WINDOWS\system32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\WINDOWS\system32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\WINDOWS\system32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\WINDOWS\system32\drivers\s115bus.sys (MCCI Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eeepc.asus.com/global
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.20.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.usyd.edu.au/proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "www-cache5.usyd.edu.au"
FF - prefs.js..network.proxy.backup.ftp_port: 8085
FF - prefs.js..network.proxy.backup.gopher: "www-cache5.usyd.edu.au"
FF - prefs.js..network.proxy.backup.gopher_port: 8085
FF - prefs.js..network.proxy.backup.socks: "www-cache5.usyd.edu.au"
FF - prefs.js..network.proxy.backup.socks_port: 8085
FF - prefs.js..network.proxy.backup.ssl: "www-cache5.usyd.edu.au"
FF - prefs.js..network.proxy.backup.ssl_port: 8085
FF - prefs.js..network.proxy.ftp: "www-cache5.usyd.edu.au"
FF - prefs.js..network.proxy.ftp_port: 8085
FF - prefs.js..network.proxy.gopher: "www-cache5.usyd.edu.au"
FF - prefs.js..network.proxy.gopher_port: 8085
FF - prefs.js..network.proxy.http: "www-cache5.usyd.edu.au"
FF - prefs.js..network.proxy.http_port: 8085
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "www-cache5.usyd.edu.au"
FF - prefs.js..network.proxy.socks_port: 8085
FF - prefs.js..network.proxy.ssl: "www-cache5.usyd.edu.au"
FF - prefs.js..network.proxy.ssl_port: 8085

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/12 02:19:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/12 02:18:58 | 000,000,000 | ---D | M]

[2010/02/02 09:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Mozilla\Extensions
[2010/09/11 23:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\2dgrnluf.default\extensions
[2010/02/15 19:43:22 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\2dgrnluf.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/03/03 20:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\2dgrnluf.default\extensions\yetanothersmoothscrolling@kataho
[2010/09/11 23:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 23:18:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/12 02:17:46 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/12 02:17:46 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/12 02:17:46 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/12 02:17:46 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/12 02:17:46 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008/04/14 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 03:59:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{14ed215a-10c3-11df-bc8e-002215fa5909}\Shell\AutoRun\command - "" = tmp.folder/restore.exe
O33 - MountPoints2\{14ed215a-10c3-11df-bc8e-002215fa5909}\Shell\ExploRE\CoMmaNd - "" = tmp.folder/restore.exe
O33 - MountPoints2\{14ed215a-10c3-11df-bc8e-002215fa5909}\Shell\OPeN\commAnd - "" = tmp.folder/restore.exe
O33 - MountPoints2\{a7e3b152-109d-11df-bc8a-002215fa5909}\Shell\AutoRun\command - "" = tmp.folder/restore.exe
O33 - MountPoints2\{a7e3b152-109d-11df-bc8a-002215fa5909}\Shell\ExploRE\CoMmaNd - "" = tmp.folder/restore.exe
O33 - MountPoints2\{a7e3b152-109d-11df-bc8a-002215fa5909}\Shell\OPeN\commAnd - "" = tmp.folder/restore.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/12 04:20:09 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe
[2010/09/12 03:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Malwarebytes
[2010/09/12 03:34:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/12 03:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/12 03:33:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/12 03:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/08 01:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\foobar2000
[2010/09/07 23:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2010/09/07 23:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/07 23:18:28 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/07 23:18:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/07 23:18:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/07 23:18:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/07 22:21:15 | 000,000,000 | ---D | C] -- C:\rwc
[2008/08/23 15:59:30 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\U1 Setup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/12 04:20:12 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe
[2010/09/12 04:17:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/09/12 04:15:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 04:14:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 04:13:27 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\***\NTUSER.DAT
[2010/09/12 04:13:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\***\ntuser.ini
[2010/09/12 03:34:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 23:04:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/08 03:15:24 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Word 2007.lnk
[2010/09/07 23:47:41 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\foobar2000.lnk
[2010/09/07 23:47:41 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\foobar2000.lnk
[2010/09/07 23:04:33 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/07 22:51:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/12 03:34:05 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 23:47:41 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\foobar2000.lnk
[2010/09/07 23:47:41 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\foobar2000.lnk
[2010/02/03 21:26:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/03 16:34:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\fusioncache.dat
[2009/09/04 14:59:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/07 11:57:59 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/06 11:41:45 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2009/04/06 09:21:14 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/04 06:08:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Application Data\wklnhst.dat
[2009/04/04 05:54:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/04/04 05:54:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/04/04 05:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/04/04 05:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2009/04/04 05:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2009/04/04 05:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2009/04/04 05:52:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/04/04 05:52:18 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/04/03 20:24:02 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009/04/03 20:22:25 | 000,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/03 20:22:25 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3789.sys
[2009/04/03 20:08:15 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\fusioncache.dat
[2008/08/23 17:12:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/23 12:51:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/07/23 02:57:33 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/18 06:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2007/10/26 12:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 12:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/10/14 18:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 18:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 18:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 18:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 18:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 18:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 18:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 18:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 18:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/01/03 08:10:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\DLXAPI32.DLL

========== LOP Check ==========

[2009/04/11 12:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISI ResearchSoft
[2009/04/03 20:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2010/09/12 04:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/11 12:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2010/09/08 03:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\EndNote
[2010/09/08 01:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\foobar2000
[2009/04/06 11:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ICQ
[2009/04/06 11:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ICQLite
[2009/04/11 12:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ISI ResearchSoft
[2010/02/06 23:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\MPEG Streamclip
[2010/05/24 02:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\NetDrive
[2009/04/13 12:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Snapfish
[2009/04/05 18:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\StarOffice8
[2009/04/03 20:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Stata10
[2009/04/03 19:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Teleca
[2010/09/12 04:17:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

UND:

OTL Extras logfile created on: 12/09/2010 4:24:40 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,015.00 Mb Total Physical Memory | 608.00 Mb Available Physical Memory | 60.00% Memory free
918.00 Mb Paging File | 623.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.00 Gb Total Space | 1.29 Gb Free Space | 8.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OKEEEPC
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"C:\Program Files\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe" = C:\Program Files\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe:*:Enabled:RMWP_Apache_Admin.exe -- (Apache Software Foundation)
"C:\Program Files\Netdrive\ndsvc.exe" = C:\Program Files\Netdrive\ndsvc.exe:*:Enabled:NetDrive service -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{15B25E12-3E5F-4C13-A637-9EC72A55491E}" = SPSS 15.0 for Windows
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{84E2AA5A-8BA3-4F08-9F6F-C14E4C679FF0}" = Asus OS Cleaner
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8BCAC105-C501-41F9-AED1-587024ABCA8C}" = Reference Manager 12 Professional Edition
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A4AE8CC0-2FE9-4E81-B694-6391263D438D}" = Amos 7
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DEB6ACEB-C418-4880-9133-1C5EB9AFBC79}" = Eee Storage
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Elantech" = ETD Ware PS/2-x86 5.0.0.4 WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v1.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"IZArc 3.4.1.6_is1" = IZArc 3.4.1.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Spyware Doctor" = Spyware Doctor 7.0
"VLC media player" = VLC media player 1.0.5
"Windows Live Toolbar" = Windows Live Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/02/2010 6:37:07 AM | Computer Name = OKEEEPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/02/2010 7:51:05 AM | Computer Name = OKEEEPC | Source = Google Update | ID = 20
Description =

Error - 1/02/2010 9:07:24 AM | Computer Name = OKEEEPC | Source = MsiInstaller | ID = 11316
Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error
occurred while attempting to read from the file: C:\DOCUME~1\***\LOCALS~1\Temp\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

Error - 1/02/2010 9:21:59 AM | Computer Name = OKEEEPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/02/2010 3:00:36 AM | Computer Name = OKEEEPC | Source = Google Update | ID = 20
Description =

Error - 3/02/2010 4:27:37 AM | Computer Name = OKEEEPC | Source = MsiInstaller | ID = 1013
Description = Product: CounterSpy -- CounterSpy 3.1.2848 is already installed on
the machine. If you wish to downgrade to CounterSpy 3.1.2836, you must first uninstall
CounterSpy 3.1.2848.

Error - 6/02/2010 4:57:35 AM | Computer Name = OKEEEPC | Source = Google Update | ID = 20
Description =

Error - 15/02/2010 11:33:06 PM | Computer Name = OKEEEPC | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 19/02/2010 8:08:41 AM | Computer Name = OKEEEPC | Source = Application Hang | ID = 1002
Description = Hanging application winamp.exe, version 5.5.4.2165, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20/02/2010 11:57:06 AM | Computer Name = OKEEEPC | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 6/05/2009 1:20:00 AM | Computer Name = OKEEEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 768 seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/09/2010 2:00:07 PM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/09/2010 2:00:07 PM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/09/2010 2:00:08 PM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/09/2010 2:00:08 PM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/09/2010 2:00:08 PM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/09/2010 2:26:17 AM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 11/09/2010 11:05:30 AM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 11/09/2010 1:30:09 PM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 11/09/2010 3:31:28 PM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 11/09/2010 4:15:55 PM | Computer Name = OKEEEPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

< End of report >

Malewarebytes zweiter durchlauf:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4595

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/09/2010 5:35:55 AM
mbam-log-2010-09-12 (05-35-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 181176
Laufzeit: 27 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Danach habe ich den text aus dem alten thema in OTL kopiert und es wurde neu gestartet

All processes killed
========== OTL ==========
No active process named houfunocoor.exe was found!
Error: No service named yeg0auiavae5oyu was found to stop!
Service\Driver key yeg0auiavae5oyu not found.
File File not found not found.
Error: No service named eygimovnxku was found to stop!
Service\Driver key eygimovnxku not found.
File C:\WINDOWS\system32\tooziwig.exe not found.
Error: No service named uzi3ndu1 was found to stop!
Service\Driver key uzi3ndu1 not found.
File C:\WINDOWS\system32\drivers\uzi3ndu1.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tessoub not found.
File C:\WINDOWS\system32\houfunocoor.exe not found.
Folder C:\41d3af1abfa4f1f72688\ not found.
Folder C:\9072b1f0a91a00e85a\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\houfunocoor.exe not found.
File\Folder C:\WINDOWS\system32\tooziwig.exe not found.
File\Folder C:\WINDOWS\system32\drivers\uzi3ndu1.sys not found.
File\Folder C:\WINDOWS\system32\drivers\yeg0auiavae5oyu.sys not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43511 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Oliver
->Temp folder emptied: 707705 bytes
->Temporary Internet Files folder emptied: 36298668 bytes
->Java cache emptied: 69582051 bytes
->FireFox cache emptied: 75795290 bytes
->Google Chrome cache emptied: 10252157 bytes
->Flash cache emptied: 24738 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15392689 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2412876 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 201.00 mb

OTL by OldTimer - Version 3.2.12.0 log created on 09122010_160443

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

so weit bin ich nun. Beim alten thema wurde jetzt der combofix ausgeführt, den ich wie gesagt nicht ohne professionelle hilfe laufen lassen wollte. Über hilfe und tipps würde ich mich sehr freuen.

Danke schonmal im vorraus.

winlogon-taskman-trojaner gefunden. Combofix ausführen oder nicht?

Plagegeister aller Art und deren Bekämpfung: winlogon-taskman-trojaner gefunden. Combofix ausführen oder nicht?

winlogon-taskman-trojaner gefunden. Combofix ausführen oder nicht?

Ähnliche Themen: winlogon-taskman-trojaner gefunden. Combofix ausführen oder nicht?