CIBS POL Schweizer Eidgenossenschaft
Hallo zusammen
Habe mir schon letztes Jahr den Trojaner Schweizer Eidgenossenschaft eingefangen.
Jetzt erneut: Das ganze ist gleich aufgebaut und heisst nun Cibs POL, ebenfalls mit dem Logo der Schweizer Eidgenossenschaft
Ich komme noch in den abgesicherten Modus und konnte ein OTL-Scan durchführen.
Hier die Logs: Kann mir jemand weiterhelfen?
OTL Logfile: Code:
OTL logfile created on: 04.04.2013 20:22:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 85.93% Memory free
3.85 Gb Paging File | 3.74 Gb Available in Paging File | 97.21% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Programme
Drive D: | 662.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 298.08 Gb Total Space | 115.75 Gb Free Space | 38.83% Space Free | Partition Type: NTFS
Computer Name: M-A97475EB99544 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.04 20:21:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- I:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- I:\ComboFix\pev.3XE EXEC /i I:\ComboFix\HIDEC.3XE I:\ComboFix\SWREG.3XE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] -- I:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.12.21 17:27:46 | 000,057,008 | ---- | M] (Apple Inc.) [Auto | Stopped] -- I:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012.10.15 18:22:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- I:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- I:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009.07.20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- I:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.12.24 16:52:08 | 000,068,136 | ---- | M] () [Auto | Stopped] -- I:\Programme\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- I:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.04.04 19:37:01 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013.03.07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- I:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- I:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- I:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 01:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013.03.07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- I:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- I:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- I:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- I:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- I:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.08.15 16:45:07 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- I:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.11 09:19:20 | 000,056,992 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009.01.13 13:10:08 | 005,015,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.06.01 09:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- I:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007.03.12 15:25:24 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: I:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: I:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: I:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: i:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: i:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: i:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.06 17:38:17 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012.09.13 16:39:50 | 000,000,098 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AppleSyncNotifier] I:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] I:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] I:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] I:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] I:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] I:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: I:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\STK02N 2.0 PNP Monitor.lnk = I:\WINDOWS\STK02N\STK02NM.exe (Syntek Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1363715084218 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65712A40-D657-488E-9E19-A4623CC5A7CD}: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.04 20:21:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- I:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.04.04 20:21:20 | 000,000,000 | R--D | C] -- I:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[2013.04.04 20:20:06 | 000,000,000 | ---D | C] -- I:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2013.03.19 19:45:43 | 000,012,928 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usb8023x.sys
[2013.03.19 19:45:43 | 000,012,928 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usb8023.sys
[2013.03.12 18:42:50 | 000,066,336 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013.01.26 18:22:12 | 023,592,664 | ---- | C] (PokerStars) -- I:\Programme\PokerStarsInstallEU.exe
[2012.10.15 18:21:32 | 031,175,144 | ---- | C] (Oracle Corporation) -- I:\Programme\jre-7u7-windows-i586.exe
[2012.09.04 20:37:52 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- I:\Programme\mbam-setup-1.61.0.1400.exe
[2012.08.05 14:33:41 | 003,226,768 | ---- | C] (Badoo) -- I:\Programme\badoo.desktop.installer-1.6.55.exe
[2012.05.27 12:01:53 | 018,670,328 | ---- | C] (Lavasoft Limited) -- I:\Programme\Ad-Aware_Antivirus_Free_Setup_10.1.211.3382.exe
[2012.05.24 16:45:54 | 004,587,128 | ---- | C] (Lavasoft Limited) -- I:\Programme\Adaware_Installer.exe
[2012.04.06 17:51:59 | 114,740,416 | ---- | C] (Youdagames) -- I:\Programme\Governor_of_Poker_2_Premium_Edition.exe
[2011.10.16 21:15:17 | 000,676,624 | ---- | C] (RealNetworks, Inc.) -- I:\Programme\RealPlayer_de.exe
[2011.10.13 22:03:48 | 020,196,744 | ---- | C] (Oracle Corporation) -- I:\Programme\jre-7-windows-i586.exe
[2011.06.24 18:01:51 | 130,359,064 | ---- | C] (Lavasoft ) -- I:\Programme\Ad-Aware90Install.exe
[2011.06.22 15:05:28 | 001,276,752 | ---- | C] (Microsoft Corporation) -- I:\Programme\wlsetup-web.exe
[2011.04.09 19:20:25 | 050,264,486 | ---- | C] (Youdagames) -- I:\Programme\GovernorofPoker_Download.exe
[2009.10.29 18:09:09 | 097,395,640 | ---- | C] (Lavasoft ) -- I:\Programme\Ad-AwareInstallation.exe
[2009.08.15 19:05:58 | 021,935,408 | ---- | C] (Apple Inc.) -- I:\Programme\QuickTimeInstaller.exe
[2009.08.15 17:31:41 | 015,452,536 | ---- | C] (Microsoft Corporation) -- I:\Programme\IE7-WindowsXP-x86-enu.exe
[2009.08.15 16:51:29 | 017,010,016 | ---- | C] (Microsoft Corporation) -- I:\Programme\IE8-WindowsXP-x86-DEU.exe
========== Files - Modified Within 30 Days ==========
[2013.04.04 20:21:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.04.04 20:17:16 | 000,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2013.04.04 20:17:02 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2013.04.04 19:37:22 | 000,000,356 | -H-- | M] () -- I:\WINDOWS\tasks\avast! Emergency Update.job
[2013.04.04 19:37:01 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- I:\WINDOWS\gdrv.sys
[2013.04.04 19:36:55 | 000,000,280 | ---- | M] () -- I:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-1708537768-839522115-1004.job
[2013.04.04 18:55:04 | 000,000,288 | ---- | M] () -- I:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-1708537768-839522115-1004.job
[2013.04.01 17:57:00 | 000,000,470 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2013.03.31 23:57:00 | 000,000,470 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2013.03.31 12:16:52 | 000,449,236 | ---- | M] () -- I:\WINDOWS\System32\perfh007.dat
[2013.03.31 12:16:52 | 000,432,928 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2013.03.31 12:16:52 | 000,080,544 | ---- | M] () -- I:\WINDOWS\System32\perfc007.dat
[2013.03.31 12:16:52 | 000,067,884 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2013.03.24 13:00:00 | 000,001,090 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013.03.24 12:57:00 | 000,000,470 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2013.03.16 16:32:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- I:\WINDOWS\System32\FlashPlayerApp.exe
[2013.03.16 16:32:46 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- I:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.03.14 01:08:15 | 000,001,374 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2013.03.12 18:42:50 | 000,002,953 | ---- | M] () -- I:\WINDOWS\System32\CONFIG.NT
[2013.03.07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswSnx.sys
[2013.03.07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswSP.sys
[2013.03.07 01:33:24 | 000,164,736 | ---- | M] () -- I:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswTdi.sys
[2013.03.07 01:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswRdr.sys
[2013.03.07 01:33:24 | 000,049,248 | ---- | M] () -- I:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.03.07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013.03.07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013.03.07 01:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- I:\WINDOWS\avastSS.scr
[2013.03.07 01:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- I:\WINDOWS\System32\aswBoot.exe
========== Files Created - No Company Name ==========
[2013.03.12 18:42:51 | 000,164,736 | ---- | C] () -- I:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.12 18:42:50 | 000,049,248 | ---- | C] () -- I:\WINDOWS\System32\drivers\aswRvrt.sys
[2012.10.15 17:19:51 | 000,000,034 | ---- | C] () -- I:\WINDOWS\AvastEmUpdate.ini
[2012.09.22 20:28:30 | 000,003,072 | ---- | C] () -- I:\WINDOWS\System32\iacenc.dll
[2012.08.31 23:25:17 | 000,000,664 | ---- | C] () -- I:\WINDOWS\System32\d3d9caps.dat
[2012.05.27 11:55:30 | 012,442,112 | ---- | C] () -- I:\Programme\Ad-Aware96Install.msi
[2011.10.31 20:11:55 | 000,000,452 | ---- | C] () -- I:\WINDOWS\STKSensorDetector.ini
[2011.10.19 14:27:01 | 009,859,528 | ---- | C] () -- I:\Programme\BitComet_1.28_x86_setup.exe
[2011.07.25 14:57:49 | 000,000,038 | ---- | C] () -- I:\WINDOWS\AviSplitter.INI
[2011.07.23 20:32:08 | 038,706,010 | ---- | C] () -- I:\Programme\FFSetupSoftonicNoDVDRip270.exe
[2011.07.23 20:29:57 | 038,701,002 | ---- | C] () -- I:\Programme\FFSetup-270.zip
[2011.04.22 10:14:19 | 000,000,064 | ---- | C] () -- I:\WINDOWS\System32\rp_stats.dat
[2011.04.22 10:14:19 | 000,000,044 | ---- | C] () -- I:\WINDOWS\System32\rp_rules.dat
[2010.12.22 23:52:47 | 019,985,265 | ---- | C] () -- I:\Programme\vlc-1.1.5-win32.exe
[2010.07.11 15:02:43 | 000,005,755 | ---- | C] () -- I:\Programme\callme.php
[2010.02.22 11:21:34 | 000,002,612 | ---- | C] () -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2009.10.19 20:25:23 | 001,891,432 | ---- | C] () -- I:\Programme\wrar_unplugged_3.6.2.2b.exe
[2009.08.15 19:45:31 | 014,603,672 | ---- | C] () -- I:\Programme\jre-6u3-windows-i586-p-s.exe
[2009.08.15 19:17:28 | 004,936,611 | ---- | C] () -- I:\Programme\emule049c.exe
[2009.08.15 16:45:51 | 000,000,000 | ---- | C] () -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
========== ZeroAccess Check ==========
[2009.10.05 17:01:58 | 000,000,227 | RHS- | M] () -- I:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 04.04.2013 20:22:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 85.93% Memory free
3.85 Gb Paging File | 3.74 Gb Available in Paging File | 97.21% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Programme
Drive D: | 662.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 298.08 Gb Total Space | 115.75 Gb Free Space | 38.83% Space Free | Partition Type: NTFS
Computer Name: M-A97475EB99544 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"22029:TCP" = 22029:TCP:*:Enabled:BitComet 22029 TCP
"22029:UDP" = 22029:UDP:*:Enabled:BitComet 22029 UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"I:\Programme\Windows Live\Messenger\msnmsgr.exe" = I:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"I:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = I:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"I:\Programme\Messenger\msmsgs.exe" = I:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"I:\Programme\eMule\emule.exe" = I:\Programme\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"I:\Programme\Java\jre6\bin\java.exe" = I:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
"I:\Programme\Windows Live\Messenger\msnmsgr.exe" = I:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"I:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = I:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"I:\Programme\Java\jre7\bin\java.exe" = I:\Programme\Java\jre7\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"I:\Programme\BitComet\BitComet.exe" = I:\Programme\BitComet\BitComet.exe:*:Enabled:BitComet.exe
"I:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = I:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker
"I:\Programme\Bonjour\mDNSResponder.exe" = I:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"I:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = I:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"I:\Programme\iTunes\iTunes.exe" = I:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.1224.1
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3254FD51-9910-48C4-AC9B-AF3691C1544C}" = TubeHunter Ultra
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4167571e-b7d1-452d-add4-64443dc00400}" = Nero 9 Essentials
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6F10C193-A6CF-4E18-8872-117B12AC3EDF}" = Governor of Poker 2 - Premium Edition
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{88F66FB7-BBB8-49F2-B6CF-7E749936CA74}" = Governor of Poker
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Nur Web
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.0
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FAE5B434-5222-4C81-BEEE-74A380D1EA6C}" = Badoo Desktop
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Applian FLV Player2.0.24" = Applian FLV Player
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"PokerStars.eu" = PokerStars.eu
"RealPlayer 15.0" = RealPlayer
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 413 MediaBar" = Windows Searchqu Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winpcap-nmap" = winpcap-nmap 4.02
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.03.2013 13:46:38 | Computer Name = M-A97475EB99544 | Source = Windows Live Messenger | ID = 1000
Description =
Error - 21.03.2013 12:38:05 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cb8.
Error - 23.03.2013 07:57:35 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cbd.
Error - 24.03.2013 08:08:03 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x0001a97c.
Error - 25.03.2013 17:07:05 | Computer Name = M-A97475EB99544 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung realplay.exe, Version 15.0.6.14, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.03.2013 12:05:45 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cb8.
Error - 29.03.2013 12:29:49 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00036d88.
Error - 31.03.2013 07:10:48 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cb8.
Error - 31.03.2013 07:16:26 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cb8.
Error - 31.03.2013 11:26:30 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung codec.dll, Version 0.0.0.0, fehlgeschlagenes
Modul codec.dll, Version 0.0.0.0, Fehleradresse 0x005cde66.
[ Application Events ]
Error - 17.03.2013 13:46:38 | Computer Name = M-A97475EB99544 | Source = Windows Live Messenger | ID = 1000
Description =
Error - 21.03.2013 12:38:05 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cb8.
Error - 23.03.2013 07:57:35 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cbd.
Error - 24.03.2013 08:08:03 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x0001a97c.
Error - 25.03.2013 17:07:05 | Computer Name = M-A97475EB99544 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung realplay.exe, Version 15.0.6.14, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.03.2013 12:05:45 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cb8.
Error - 29.03.2013 12:29:49 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00036d88.
Error - 31.03.2013 07:10:48 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cb8.
Error - 31.03.2013 07:16:26 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17123, fehlgeschlagenes
Modul aswwebrepie.dll, Version 8.0.1483.72, Fehleradresse 0x00007cb8.
Error - 31.03.2013 11:26:30 | Computer Name = M-A97475EB99544 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung codec.dll, Version 0.0.0.0, fehlgeschlagenes
Modul codec.dll, Version 0.0.0.0, Fehleradresse 0x005cde66.
[ System Events ]
Error - 04.04.2013 12:32:15 | Computer Name = M-A97475EB99544 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd SBRE
Error - 04.04.2013 13:37:17 | Computer Name = M-A97475EB99544 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd SBRE
Error - 04.04.2013 14:12:12 | Computer Name = M-A97475EB99544 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.04.2013 14:13:57 | Computer Name = M-A97475EB99544 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.04.2013 14:14:52 | Computer Name = M-A97475EB99544 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.04.2013 14:14:57 | Computer Name = M-A97475EB99544 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.04.2013 14:16:06 | Computer Name = M-A97475EB99544 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.04.2013 14:17:36 | Computer Name = M-A97475EB99544 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.04.2013 14:18:04 | Computer Name = M-A97475EB99544 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 04.04.2013 14:18:50 | Computer Name = M-A97475EB99544 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
aswSnx aswSP aswTdi Fips intelppm Lbd SASDIFSV SASKUTIL SBRE StarOpen
< End of report >
--- --- ---
Hier habe ich noch ein Malwarebytes Log erstellt: Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.04.04.06
Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.5730.13
Administrator :: M-A97475EB99544 [Administrator]
04.04.2013 20:41:20
MBAM-log-2013-04-04 (21-33-55).txt
Art des Suchlaufs: Vollständiger Suchlauf (I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 353754
Laufzeit: 31 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 4
I:\Dokumente und Einstellungen\M.xxx\Anwendungsdaten\skype.dat (Trojan.FakeAlert.RRE) -> Keine Aktion durchgeführt.
I:\Dokumente und Einstellungen\M.xxx\Lokale Einstellungen\temp\siooug (Trojan.FakeAlert.RRE) -> Keine Aktion durchgeführt.
I:\Dokumente und Einstellungen\M.xxx\Favoriten\Free Porn, Sex, Tube Videos, XXX Pics, Pussy in Porno Movies - XNXX.COM.url (Rogue.Link) -> Keine Aktion durchgeführt.
I:\Dokumente und Einstellungen\M.xxx\Anwendungsdaten\msconfig.ini (Trojan.Agent) -> Keine Aktion durchgeführt.
(Ende)
|
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
aswMBR.exe und speichere die Datei auf deinem Desktop.
SecurityCheck und:
