Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und... (https://www.trojaner-board.de/87288-viele-trojaner-adware-selbststaendig-oeffnende-i-net-explorer-fenster.html)

+max+ 18.06.2010 21:00
Viele Trojaner, Adware, selbstständig öffnende I-Net-Explorer - Fenster und und und...
 
So,

Hallo erstmal an alle,
bin ganz neu hier, also bitte nicht steinigen wenn ich etwas falsch mache...:party:

Also ich habe folgendes Problem: (an dem ich wahrscheinlich selber schuld bin)


Ich war gestern in MSN online, bekam einen Link von einem "bekannten"...
(...der Link endete auf .jpg)
Natürlich völlig vertieft in die Musik klickte ich auf den link...

Es kam mir nur komisch vor, das darauf nichts passierte...

Kurz darauf öffneten sich immer wieder einzelne Internetexplorer-Seiten, teils mit Inhalt (Werbung ...), teils auch völlig leer...

Und dann fing das Schauspiel an: Avira schmiss mir eine Trojaner-Meldung nach der anderen vor die Füße...

Ich nenne mal ein Paar:

tr/dropper
tr/downloader
tr/fraudpack
tr/bho
tr/fakeallert
...... usw.


Hab mal bissl was an Programmen laufen lassen (Hijack, Malwarebytes, SUPERAntiSpyware)

Hier die dazugehörigen Logfiles:

Hijackthis - Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:38, on 18.06.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrator\Application Data\winscdnr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Windows Firewall Service] C:\Documents and Settings\Administrator\Application Data\winscdnr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Cz2.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205436973119
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205437178203
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8357 bytes



Malwarebytes - Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4210

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18.06.2010 05:33:33
mbam-log-2010-06-18 (05-33-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 183593
Laufzeit: 5 Stunde(n), 18 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 15

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v71iql7hi7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Documents and Settings\Administrator\Local Settings\Temp\4991.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOZPMWTO\ee[1].exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cz3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\uuauc_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\uuauc_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\Czx.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.




SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/18/2010 at 08:18 AM

Application Version : 4.39.1002

Core Rules Database Version : 5057
Trace Rules Database Version: 2869

Scan type : Complete Scan
Total Scan Time : 01:31:39

Memory items scanned : 447
Memory threats detected : 0
Registry items scanned : 7984
Registry threats detected : 9
File items scanned : 24133
File threats detected : 180

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@go.dynamic-tracking[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads4.net2day[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@euros4click[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@game-advertising-online[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@300002139009955[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1069647890[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.adtechus[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@condor[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver1.interwall[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hamburg[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@groupmtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.etracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.hbv[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@myroitracking[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@komtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@webmasterplan[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a3.adserver01[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.quisma[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zbox.zanox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.mitfahrzentrale[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mbb[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1047393847[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.71i[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.admediate[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.king[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adfarm1.adition[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracknet.twyn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adshopping[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sport1[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.medienhaus[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@im.banner.t-online[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads3.net2day[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.teleint[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hamburg[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adsrv.admediate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eas.apm.emediate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sixtgmbh.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.71i[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adition[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.mindshare[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@traffictrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a6.adserver01[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.moveco[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zanox-affiliate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a7.adserver01[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sevenoneintermedia.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.zanox-affiliate[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.heias[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.gamershell[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads2.net2day[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ak[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.easyad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.beepworld[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.3gnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@html[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sport1-de[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicks.pangora[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@smartadserver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071817748[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.cpmstar[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tcook[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tto2.traffictrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicksor[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@77tracking[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.creative-serving[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1065944648[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.easy-forex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserving.claxon[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.sexsuche[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xml.trafficengine[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@de2.komtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@exoclick[2].txt
bc.youporn.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
cdn5.specificclick.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
hs.interpolls.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
imagesrv.adition.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
m.de.2mdn.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
media.mtvnservices.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
media.rofl.to [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
oddcast.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
pornoprinzen.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
s0.2mdn.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
spe.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
static.youporn.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
vidii.hardsextube.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.alphaporno.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.fucktube.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.naiadsystems.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.pornhub.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.sexkiste.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.sextube.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
www.teenist.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
youporn.videobox.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
youporncams.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\VZS75DK8 ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.ehg-upcchellomedia.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
www.etracker.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.account.live.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.account.live.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
www.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\cookies.sqlite ]
C:\Documents and Settings\Administrator\Cookies\administrator@counterservice[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@accounts[5].txt
C:\Documents and Settings\Administrator\Cookies\administrator@accounts[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@accounts[1].txt

Adware.Flash Tracking Cookie
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\BC.YOUPORN.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\STATIC.YOUPORN.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\MEDIA.ROFL.TO
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\WWW.SEXTUBE.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\SPE.ATDMT.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\WWW.NAIADSYSTEMS.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\M.DE.2MDN.NET
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\HS.INTERPOLLS.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\IMAGESRV.ADITION.COM
C:\Documents and Settings\Administrator\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VZS75DK8\ODDCAST.COM

Trojan.Agent/Gen-SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#DeviceDesc

Trojan.Agent/Gen-CDesc[Broad]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0F.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0B.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0C.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0E.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0H.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C0I.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ2.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ4.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ5.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ6.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ8.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZ9.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CZW.EXE
C:\WINDOWS\CRUMYA.EXE
C:\WINDOWS\CRUMYB.EXE
C:\WINDOWS\CRUMYC.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8DFDD5E5-3DA1-4B56-8585-83D038B6F1A4}\RP346\A0179264.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8DFDD5E5-3DA1-4B56-8585-83D038B6F1A4}\RP346\A0179267.DLL




So das wärs dann mal vorerst von meiner Seite gewesen...

Hoffe das ihr mit diesen Infos arbeiten könnt und bedanke mich schonmal im Voraus für Hilfe.


Grüße,
Max



(und nein, ich weiß nicht wo diese ganzen Schmuddel- Links aus den Logfiles herkommen..................)

Larusso 18.06.2010 21:05
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Schritt 2

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.


Schritt 3

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs


Bitte poste in Deiner nächsten Antwort
COmbofix.txt
OTL.txt
Gmer.txt

+max+ 18.06.2010 21:13
Hallo Larusso,
ich danke dir für deine Schnelle Antwort...

Ich habe diese Logfiles von einem "Sicheren System" aus gepostet...

Auf dem Befallenen Laptop läuft Windows XP... (soll mir das mittlerweile peinlich sein...???)

Und in der Anleitung steht "...für Vista und Windows 7".

Kann ich das trotzdem anwenden???


Grüße,
Max

Larusso 18.06.2010 21:18
Kwasi du sitzt auf hinter einem zweiten Rechner ?

Ja das mit vista und win7 ist ne spezialanleitung nur für diese beiden Betriebssysteme. (als admin ausführen braucht man mit XP nicht)

Ich nutze selber XP

Entweder du gehst mit dem Infizierten Rechner online und ladest dir die Tools herunter oder du machst es via USB.

Solltest Du dich für den USB weg entscheiden bitte noch folgendes. (auf den sauberen Rechner ausführen)

Desinfizierung/Absicherung externer Medien

Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab.
Gehe nun wie folgt vor:
  1. Trenne den Rechner physikalisch vom Netz.
  2. Deaktiviere den Hintergrundwächter deines AVP.
  3. Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
  4. Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
  5. Wenn der Scan zuende ist, kannst du das Programm schließen.
  6. Starte Deinen Rechner neu.
Hinweis:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist.
Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.

+max+ 18.06.2010 21:26
OK Alles klar,


Ich werde mit dem Infizierten Laptop vorgehen...
... den mehr als kaputt gehen kann dieser ja nicht...:D


Wird nur etwas dauern, der schnellste ist er nichtmehr...

+max+ 18.06.2010 22:04
Combo-Fix sagt bei mir, dass es nur mit Windows 2000 un XP kompatibel ist... (wie gesagt, ich habe XP)...

Dann kamen ein paar Fehlermeldungen, dass diese und jene Datei nicht gefunden werden konnte...


Und jetzt hat er einen Neustart gemacht...

Ist das Normal ???

Larusso 18.06.2010 22:06
Poste mal die OTL Logfiles

+max+ 18.06.2010 22:10
Eben hat sich ein Fenster mit blauen Hiintergrund geöffnet: "Combofix wird vorbereitet, um ausgeführt zu werden.
The System cannot find the FileCFVersionOld.
Versuche, einen neuen Systemwiederherstellungspunkt zu erstellen"


Soll ich das tun ?


€dit: Ich besitze keine Microsoft-Wiederherstellungskonsole... oO
Combofix sagt, ich soll sie runterladen...
dann werde ich das tun...

Larusso 18.06.2010 22:11
folge den anweisungen am desktop

+max+ 18.06.2010 23:34
So hier mal die Logfiles:

Combo-Fix:


Combofix Logfile:
Code:
ComboFix 10-06-17.03 - Administrator 18.06.2010  23:23:11.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.254.112 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Administrator\Desktop\ComboFix.exe.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\winscdnr.exe
c:\documents and settings\All Users\Start Menu\Programs\WebMediaPlayer
c:\documents and settings\All Users\Start Menu\Programs\WebMediaPlayer\Datenschutzrichtlinien.url
c:\documents and settings\All Users\Start Menu\Programs\WebMediaPlayer\Geschäftsbedingungen.url
c:\documents and settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.url
c:\windows\system32\sshnas21.dll
c:\windows\system32\win.com
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SSHNAS


(((((((((((((((((((((((  Dateien erstellt von 2010-05-18 bis 2010-06-18  ))))))))))))))))))))))))))))))
.

2010-06-17 21:44 . 2010-06-17 21:44        --------        d-----w-        c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-17 21:44 . 2010-06-17 21:44        --------        d-----w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-17 21:43 . 2010-06-17 21:43        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-17 21:40 . 2010-06-17 21:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 21:51 . 2008-12-05 15:13        --------        d-----w-        c:\documents and settings\All Users\Application Data\Google Updater
2010-06-18 05:44 . 2010-06-17 21:46        63488        ----a-w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-18 05:44 . 2010-06-17 21:46        117760        ----a-w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-17 21:46 . 2010-06-17 21:46        52224        ----a-w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-17 21:43 . 2010-06-17 21:40        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-17 21:42 . 2010-06-17 21:41        --------        d-----w-        c:\program files\SUPERAntiSpyware
2010-06-13 21:37 . 2008-03-13 20:17        --------        d-----w-        c:\documents and settings\Administrator\Application Data\ICQ
2010-06-13 21:12 . 2010-05-19 18:00        --------        d-----w-        c:\program files\ICQ7.1
2010-06-13 20:31 . 2009-10-17 13:30        --------        d-----w-        c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-20 16:10 . 2010-04-28 16:35        --------        d-----w-        c:\program files\ANNO1602
2010-05-19 18:02 . 2008-03-13 20:19        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-18 15:55 . 2010-05-18 15:55        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Avira
2010-05-18 15:49 . 2009-03-13 21:12        --------        d-----w-        c:\program files\Avira
2010-05-18 15:41 . 2010-05-18 15:41        --------        d-----w-        c:\documents and settings\All Users\Application Data\Avira
2010-05-17 17:38 . 2010-04-06 20:48        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Winamp
2010-05-17 13:55 . 2010-05-17 13:55        604488        ----a-w-        c:\windows\system32\TUProgSt.exe
2010-05-17 13:55 . 2010-05-17 13:55        361288        ----a-w-        c:\windows\system32\TuneUpDefragService.exe
2010-05-17 13:55 . 2010-05-17 13:55        --------        d-----w-        c:\documents and settings\Administrator\Application Data\TuneUp Software
2010-05-17 13:54 . 2010-05-17 13:53        --------        d-----w-        c:\program files\TuneUp Utilities 2009
2010-05-17 13:53 . 2010-05-17 13:53        --------        d-----w-        c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-17 13:50 . 2010-05-17 13:50        --------        d-sh--w-        c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2010-05-02 05:22 . 2004-08-04 12:00        1851264        ----a-w-        c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-06-17 21:41        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-06-17 21:40        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-04-28 19:50 . 2008-03-20 20:05        --------        d-----w-        c:\program files\Common Files\InstallShield
2010-04-28 19:44 . 2010-04-28 19:24        --------        d-----w-        c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2010-04-28 19:32 . 2010-04-28 19:32        --------        d-----w-        c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-04-28 19:31 . 2010-04-28 19:31        --------        d-----w-        c:\program files\DAEMON Tools Toolbar
2010-04-28 19:31 . 2010-04-28 19:31        --------        d-----w-        c:\program files\DAEMON Tools Lite
2010-04-28 19:24 . 2010-04-28 19:24        721904        ----a-w-        c:\windows\system32\drivers\sptd.sys
2010-04-20 05:30 . 2004-08-04 12:00        285696        ----a-w-        c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-04 12:00        667136        ----a-w-        c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll
2010-04-14 18:01 . 2010-04-14 18:01        362        ----a-w-        c:\documents and settings\Administrator\Local Settings\Application Data\fw_start.bat
2010-04-14 17:57 . 2010-04-14 18:01        176210        ----a-w-        c:\windows\callAPI.exe
2008-05-01 12:31 . 2008-05-01 12:31        0        -c--a-w-        c:\program files\temp01
.

       
Code:

       
<pre>
c:\windows\WECO Feuerwerk .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]
"Windows Firewall Service"="c:\documents and settings\Administrator\Application Data\winscdnr.exe" [N/A]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"PCTVOICE"="pctspk.exe" [2003-02-24 163840]
"Conceptronic Conceptronic 54Mbps Wireless Utility"="c:\program files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe" [2007-01-19 950272]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-03-01 11:35        327680        ----a-w-        c:\program files\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51        691656        ----a-w-        c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16        141608        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 08:42        2156368        ------w-        c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-05-20 14:11        111928        ----a-r-        c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44        37888        ----a-w-        c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-02-23 264704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-28 721904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-06-18 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 17:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.feuerwerk-forum.de/cms.php?p=home
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-18 23:43
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spkp.sys hal.dll >>UNKNOWN [0x81B1F938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf92a5f28
\Driver\ACPI -> ACPI.sys @ 0xf90ffcb8
\Driver\atapi -> atapi.sys @ 0xf909cb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Conceptronic 54g Wireless PC-Card -> SendCompleteHandler -> NDIS.sys @ 0xf8fa7b0a
 PacketIndicateHandler -> NDIS.sys @ 0xf8fb2a21
 SendHandler -> NDIS.sys @ 0xf8fa7949
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-436374069-706699826-1957994488-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,42,e5,e5,9a,13,5a,58,59,b3,38,57,cf,28,63,b1,49,6d,1e,6d,01,25,be,
  ea,30,66,12,14,9c,3d,4c,34,8a,58,14,83,f7,5c,57,60,5d,ed,20,17,73,15,82,96,\
"??"=hex:c4,8a,f6,63,3a,cc,81,12,7e,50,4c,f3,5a,84,99,8d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1204)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TUProgSt.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-18  23:57:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-18 22:57

Vor Suchlauf: 10.891.530.240 bytes free
Nach Suchlauf: 12 Verzeichnis(se), 10.765.344.768 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5331DD50531AB83504572CBE8EB68C2E
--- --- ---




OTL - Log:

OTL Logfile:
Code:
OTL logfile created on: 19.06.2010 00:04:42 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
254,00 Mb Total Physical Memory | 89,00 Mb Available Physical Memory | 35,00% Memory free
1.008,00 Mb Paging File | 702,00 Mb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 10,05 Gb Free Space | 35,96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WALTERMOBIL
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010.06.07 18:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.03.29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2003.02.24 15:35:12 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\pctspk.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008.04.14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.05.17 14:55:27 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005.10.19 18:19:10 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.04.28 20:24:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.26 16:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 16:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 16:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.07.26 16:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007.09.12 09:56:50 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.09.05 20:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006.09.05 20:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.05 19:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006.09.05 19:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006.09.05 19:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006.09.05 19:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006.09.05 19:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2006.02.23 17:16:36 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.01.19 22:10:50 | 000,363,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003.05.30 18:45:16 | 000,477,403 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2003.05.30 17:50:46 | 000,690,973 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2003.05.28 12:08:12 | 000,066,111 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2003.02.24 15:30:02 | 000,135,292 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001.08.17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.feuerwerk-forum.de/cms.php?p=home"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 21:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.06 21:48:20 | 000,000,000 | ---D | M]
 
[2010.04.06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2010.06.18 01:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions
[2010.04.06 23:04:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.17 18:39:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.29 17:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\youtube2mp3@mondayx.de
[2010.06.18 01:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.14 19:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.18 23:37:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WlanMon.exe (Conceptronic )
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Windows Firewall Service] C:\Documents and Settings\Administrator\Application Data\winscdnr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205436973119 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205437178203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.13 05:09:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.03.13 05:08:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.18 23:19:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.18 23:06:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.18 23:06:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.18 23:06:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.18 23:06:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.18 23:04:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.18 23:00:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.18 22:41:17 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.06.18 22:41:15 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010.06.17 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.06.17 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010.06.17 22:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010.06.17 22:41:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.17 22:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.06.17 22:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.06.17 22:40:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.17 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.17 22:37:12 | 008,776,240 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010.06.17 22:35:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010.05.19 19:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2010.05.19 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.05.18 16:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.18 16:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2010.05.18 16:41:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.05.18 16:41:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.05.18 16:41:14 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.05.18 16:41:14 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.05.18 16:41:14 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.05.18 16:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010.05.17 14:55:35 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010.05.17 14:55:30 | 000,029,000 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.05.17 14:55:26 | 000,361,288 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010.05.17 14:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010.05.17 14:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.05.17 14:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2010.05.17 14:50:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.05.13 18:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.05.06 20:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\IDoser v4.5
[2010.04.28 20:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.04.28 20:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010.04.28 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.04.28 20:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010.04.28 20:13:46 | 007,658,952 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Administrator\Desktop\daemon4304-lite.exe
[2010.04.28 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO1602
[2010.04.28 16:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Musik
[2010.04.11 17:17:52 | 000,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\WECO Feuerwerk .exe
[2010.04.11 17:17:51 | 000,903,168 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\WECO Feuerwerk .scr
[2010.04.11 17:17:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WECO Feuerwerk  Uninstaller
[2010.04.11 00:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Feuerwerk Bilder und Videos
[2010.04.10 22:41:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Neu Aktenkoffer
[2010.04.07 19:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\KAMERA
[2010.04.07 18:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.04.07 18:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FW-Sim
[2010.04.06 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.04.06 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010.04.06 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010.04.06 21:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2010.04.06 21:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Programme
[2010.04.06 21:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Office 2007
[2010.03.22 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.19 00:01:10 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.06.18 23:41:50 | 000,013,728 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.18 23:38:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.18 23:38:00 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.06.18 23:37:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.18 23:37:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.18 23:37:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.18 23:35:46 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.06.18 23:35:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.06.18 23:20:01 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.06.18 22:29:28 | 003,714,766 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe.exe
[2010.06.18 22:28:38 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010.06.17 22:43:10 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:42:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.17 22:38:11 | 008,776,240 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010.06.17 22:36:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010.06.17 14:17:14 | 000,011,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner Neu.docx
[2010.06.17 00:44:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$brenner Neu.docx
[2010.06.16 19:54:01 | 000,074,747 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk neu.docx
[2010.06.16 00:44:57 | 004,811,836 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010.06.13 22:08:21 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.13 21:38:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.13 20:42:23 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.13 20:42:23 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.13 20:42:22 | 000,505,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.08 22:32:20 | 000,054,183 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrennplan Vorschlag 1.docx
[2010.06.07 19:24:54 | 000,093,190 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\opelcorsab.JPG
[2010.06.06 23:43:48 | 000,011,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner aus dem Forum.docx
[2010.05.24 15:36:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.05.19 19:03:10 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.1.lnk
[2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010.05.17 14:55:27 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010.05.17 14:54:34 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.17 14:54:32 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010.05.16 21:15:07 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$brennplan Vorschlag 1.docx
[2010.05.13 18:26:01 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.13 18:26:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.05.09 14:32:56 | 000,000,370 | ---- | M] () -- C:\content_update_notification.xml
[2010.05.06 20:45:47 | 000,020,480 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\photothumb.db
[2010.05.06 19:45:34 | 000,484,516 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Du hast es gefunden.JPG
[2010.04.29 20:19:07 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 20:24:26 | 000,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.27 22:32:01 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Eigene Dateien.lnk
[2010.04.27 21:44:03 | 000,310,191 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ich (10).JPG
[2010.04.27 18:22:35 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$eder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.25 22:17:04 | 000,054,652 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 14:45:11 | 000,096,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BLOCKPLAN-KFZ-2009-2010.pdf
[2010.04.21 22:32:56 | 000,068,643 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk bestellvorschlag 1.docx
[2010.04.20 20:23:56 | 000,012,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ipanema.jpg
[2010.04.14 19:03:21 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.properties
[2010.04.14 19:01:10 | 000,000,140 | ---- | M] () -- C:\WINDOWS\CallAPI.ini
[2010.04.14 19:01:00 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fw_start.bat
[2010.04.14 18:57:14 | 000,176,210 | ---- | M] () -- C:\WINDOWS\callAPI.exe
[2010.04.11 17:32:31 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Die Tomate ausarbeitung präsentation.doc
[2010.04.07 19:33:16 | 000,207,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fehlerfwsim.BMP
[2010.04.06 21:48:21 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010.04.06 21:26:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010.04.06 20:31:57 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
 
========== Files Created - No Company Name ==========
 
[2010.06.18 23:20:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.06.18 23:19:51 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.18 23:06:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.18 23:06:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.18 23:06:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.18 23:06:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.18 23:06:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.18 22:41:21 | 003,714,766 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe.exe
[2010.06.17 22:43:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:42:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.17 00:44:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$brenner Neu.docx
[2010.06.16 20:08:22 | 000,011,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner Neu.docx
[2010.06.16 19:51:23 | 000,074,747 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk neu.docx
[2010.06.07 19:24:53 | 000,093,190 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\opelcorsab.JPG
[2010.06.06 21:55:28 | 000,011,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner aus dem Forum.docx
[2010.05.19 19:03:10 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.1.lnk
[2010.05.17 14:55:25 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.05.17 14:54:34 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.17 14:54:32 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010.05.16 21:15:07 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$brennplan Vorschlag 1.docx
[2010.05.06 19:45:02 | 000,484,516 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Du hast es gefunden.JPG
[2010.04.28 20:24:24 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.28 20:13:57 | 558,018,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\An.603.iso
[2010.04.27 22:32:01 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Eigene Dateien.lnk
[2010.04.27 21:43:44 | 000,310,191 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ich (10).JPG
[2010.04.27 18:22:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$eder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 22:15:41 | 000,054,652 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 14:45:11 | 000,096,440 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BLOCKPLAN-KFZ-2009-2010.pdf
[2010.04.22 21:40:28 | 000,054,183 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrennplan Vorschlag 1.docx
[2010.04.21 22:23:42 | 000,068,643 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk bestellvorschlag 1.docx
[2010.04.20 20:23:54 | 000,012,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ipanema.jpg
[2010.04.14 19:01:10 | 000,000,140 | ---- | C] () -- C:\WINDOWS\CallAPI.ini
[2010.04.14 19:01:08 | 000,176,210 | ---- | C] () -- C:\WINDOWS\callAPI.exe
[2010.04.14 19:01:00 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fw_start.bat
[2010.04.14 18:50:55 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.properties
[2010.04.14 18:50:51 | 000,088,986 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.log
[2010.04.11 17:32:28 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Die Tomate ausarbeitung präsentation.doc
[2010.04.11 17:17:53 | 000,000,639 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c4
[2010.04.11 17:17:52 | 000,825,646 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .swf
[2010.04.11 17:17:52 | 000,161,078 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .bmp
[2010.04.11 17:17:52 | 000,023,558 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .ico
[2010.04.11 17:17:52 | 000,000,767 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c3
[2010.04.11 17:17:52 | 000,000,767 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c1
[2010.04.11 17:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .ini
[2010.04.07 19:33:16 | 000,207,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fehlerfwsim.BMP
[2010.04.07 19:30:41 | 000,031,744 | ---- | C] () -- C:\WINDOWS\UNISTB32.EXE
[2010.04.06 21:48:21 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010.04.06 21:26:14 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009.09.19 15:17:36 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.13 21:32:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008.06.22 20:33:32 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.10.12 01:11:58 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2003.02.13 17:40:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmmoh.dll
 
========== LOP Check ==========
 
[2008.11.16 13:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alawar
[2009.03.14 13:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ashampoo
[2009.11.21 21:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2008.12.03 13:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
[2009.01.05 23:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cerasus.media
[2010.04.06 21:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\concept design
[2010.04.28 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009.09.03 18:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EleFun Games
[2008.06.09 18:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gaijin Ent
[2008.12.03 18:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gemsweeperextractedgfx
[2008.11.15 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gogii Games
[2010.06.13 22:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2008.03.20 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
[2008.03.20 21:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2008.10.13 15:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009.09.01 23:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lost in the City
[2008.06.09 17:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Meridian93
[2008.03.20 20:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2008.05.22 14:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oberon Games
[2009.09.03 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\panoramik
[2008.10.29 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\phonostar-Player
[2009.09.25 16:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2009.09.03 12:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
[2008.08.13 16:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SultansLabyrinth
[2010.04.06 21:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
[2008.08.14 14:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TheScruffs
[2010.05.17 14:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008.05.31 14:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Turtle Odyssey II
[2008.06.09 19:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Valusoft
[2008.05.31 16:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VeniceMysteryData
[2009.03.19 17:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Live Writer
[2009.07.01 11:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YoudaGames
[2008.06.02 14:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cerasus.media
[2010.04.28 20:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008.09.01 15:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2008.12.17 16:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Global Software Publishing
[2008.08.20 18:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008.11.15 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2008.06.01 09:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008.05.31 13:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2008.06.10 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009.03.14 19:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.08.31 16:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008.12.03 18:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meine Spiele
[2009.04.10 02:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age
[2008.06.09 19:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009.09.25 16:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008.12.01 21:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2008.09.02 16:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010.04.19 20:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2010.01.05 17:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.05.17 14:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008.06.09 19:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009.03.23 16:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.05.17 14:50:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.09.14 16:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.20 15:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.06.19 00:01:10 | 000,000,516 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2008.03.13 05:09:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.05.13 18:26:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.06.18 23:20:01 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004.08.03 23:00:10 | 000,262,448 | ---- | M] () -- C:\cmldr
[2010.06.18 23:57:38 | 000,017,590 | ---- | M] () -- C:\ComboFix.txt
[2008.03.13 05:09:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.05.09 14:32:56 | 000,000,370 | ---- | M] () -- C:\content_update_notification.xml
[2008.03.21 11:38:35 | 000,000,830 | ---- | M] () -- C:\CreatePrinter.log
[2008.03.13 05:09:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.03.13 05:09:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.08.04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.10.30 15:44:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010.06.18 23:37:12 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008.05.18 20:20:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008.05.18 22:09:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008.05.19 11:12:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008.05.19 11:12:38 | 000,000,208 | -H-- | M] () -- C:\sqmdata03.sqm
[2008.06.04 15:08:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008.07.20 20:06:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008.07.26 00:38:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008.07.27 13:34:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008.08.18 12:08:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008.11.10 20:41:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008.11.12 16:49:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008.11.29 07:40:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008.05.18 20:20:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008.05.18 22:09:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008.05.19 11:12:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008.05.19 11:12:38 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008.06.04 15:08:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008.07.20 20:06:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008.07.26 00:38:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008.07.27 13:34:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008.08.18 12:08:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008.11.10 20:41:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008.11.12 16:49:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008.11.29 07:40:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.01.11 10:49:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.01.11 10:49:21 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.01.11 10:49:21 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010.04.28 20:24:26 | 000,721,904 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507AEDA
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B3AE54
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46700142
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E6616C
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49FF93
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0DD063D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09867A8B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8776F88E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8F2382B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F264BECE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B268A25C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77F07255
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A109A3D0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0207B271
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB3187E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12A8EFF7
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5BCA2A0
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01
< End of report >
--- --- ---

+max+ 18.06.2010 23:36
Und dann noch Extra.txt:


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 19.06.2010 00:04:42 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
254,00 Mb Total Physical Memory | 89,00 Mb Available Physical Memory | 35,00% Memory free
1.008,00 Mb Paging File | 702,00 Mb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 10,05 Gb Free Space | 35,96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WALTERMOBIL
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [oneclickpdf] -- "C:\Program Files\Sowedoo Software\One Click PDF 2\OneClickPDF.exe" %l (Sowedoo Software)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\concept design\onlineTV 4\onlineTV.exe" = C:\Program Files\concept design\onlineTV 4\onlineTV.exe:*:Enabled:onlineTV -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EBA4A9-25D7-4F86-AB6D-0848C74CC3F8}" = Conceptronic 54Mbps Wireless Utility
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94C1A41C-2A2D-4AF0-858E-924288245621}" = SlimDX Redistributable (August 2009)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E32D85B0-1B37-4192-81F1-46804EE760E3}" = One Click PDF 2.0
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo PowerUp 2009_is1" = Ashampoo PowerUp 2009
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Audio Editor_is1" = AVS Audio Editor version 4.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BFG-Hidden Secrets - The Nightmare" = Hidden Secrets: The Nightmare
"BitComet FLV Converter" = BitComet FLV Converter 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gehirnjogging - Special Edition" = Gehirnjogging - Special Edition
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"Installing HSP56 MicroModem Drivers" = PCTEL 2304WT V.9x MDC Modem Drivers
"InstallShield_{72EBA4A9-25D7-4F86-AB6D-0848C74CC3F8}" = Conceptronic 54Mbps Wireless Utility
"KAMERA v1.1" = KAMERA v1.1
"lvdrivers_11.80" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenAL" = OpenAL
"PDFzuWord Professional_is1" = PDFzuWord Professional
"PhotoScape" = PhotoScape
"Solitaire Quest 450_is1" = Solitaire Quest 450
"WECO Feuerwerk_is1" = WECO Feuerwerk
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeepChat" = BeepChat
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2010 13:35:15 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung avscan.exe, Version 8.1.4.10, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:16 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:16 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:20 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:21 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:21 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.05.2010 16:59:22 | Computer Name = WALTERMOBIL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 18.05.2010 11:43:19 | Computer Name = WALTERMOBIL | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 18.05.2010 11:43:19 | Computer Name = WALTERMOBIL | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 25.05.2010 12:57:42 | Computer Name = WALTERMOBIL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
[ System Events ]
Error - 18.06.2010 17:52:18 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Parallel port driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1058
 
Error - 18.06.2010 17:54:35 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 18.06.2010 17:57:24 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Application
 Layer Gateway Service.
 
Error - 18.06.2010 17:57:25 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Layer Gateway Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 18.06.2010 18:05:21 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Parallel port driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1058
 
Error - 18.06.2010 18:07:29 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 18.06.2010 18:38:30 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Parallel port driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1058
 
Error - 18.06.2010 18:40:08 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht ordnungsgemäß gestartet.
 
Error - 18.06.2010 18:42:49 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Application
 Layer Gateway Service.
 
Error - 18.06.2010 18:42:49 | Computer Name = WALTERMOBIL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Layer Gateway Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
[ TuneUp Events ]
Error - 17.06.2010 17:42:03 | Computer Name = WALTERMOBIL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-17 22:42:00', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamgui.exe','4004',0)
 
Error - 17.06.2010 17:43:27 | Computer Name = WALTERMOBIL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-17 22:43:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3392',0)
 
Error - 17.06.2010 18:01:09 | Computer Name = WALTERMOBIL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-17 23:01:09', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','1100',0)
 
Error - 18.06.2010 00:38:20 | Computer Name = WALTERMOBIL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-18 05:38:20', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','1824',0)
 
 
< End of report >
--- --- ---

+max+ 19.06.2010 10:55
Das Problem mit den Explorer-Seiten hat sich mitlerweile (anscheinend) gelöst...

Larusso 19.06.2010 11:04
Sieht eigentlich gut aus.

Was kannst Du mir dazu sagen ? Dir bekannt

C:\WINDOWS\WECO Feuerwerk.exe

+max+ 19.06.2010 11:09
Ja ist bekannt...
Ist ein Bildschirmschoner ....

Larusso 19.06.2010 11:21
Okay, dann reparieren wir das ganze mal. Ist nämlich infiziert worden

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.
  • Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
    Danach wieder anstellen nicht vergessen!
  • Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
Anwendung
  1. Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:
    Code:
    KillAll::
    RenV::
    c:\windows\WECO Feuerwerk .exe
    C:\WINDOWS\WECO Feuerwerk .scr
    C:\WINDOWS\WECO Feuerwerk .ini
    C:\WINDOWS\WECO Feuerwerk .c1
    C:\WINDOWS\WECO Feuerwerk .c3
    C:\WINDOWS\WECO Feuerwerk .ico
    C:\WINDOWS\WECO Feuerwerk .bmp
    C:\WINDOWS\WECO Feuerwerk .swf
    C:\WINDOWS\WECO Feuerwerk .c4

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Firewall Service"=-
  2. Speichere dies als CFScript.txt auf Deinem Desktop
    .
    http://i266.photobucket.com/albums/i.../CFScriptB.gif
    .
  3. In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  4. Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Schritt 2
Code:
:OTL
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507AEDA
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B3AE54
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46700142
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E6616C
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49FF93
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0DD063D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09867A8B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8776F88E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8F2382B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F264BECE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B268A25C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77F07255
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A109A3D0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0207B271
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB3187E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12A8EFF7
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5BCA2A0
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01
:services
:files
C:\sqmnoopt*.sqm
C:\sqmdata*.sqm
:reg
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 3

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
COmbofix.txt
OTLfix.txt
OTL.txt

+max+ 19.06.2010 12:57
Wenn ich die CFScript.txt ins Combofix ziehe kommt folgendes:

"Some installation files are corrupt.
Please download a fresh copy and retry the installation"


Was tun ?

Larusso 19.06.2010 13:30
Lade dir eine neue Kopie von COmbofix herunter. Diese nicht umbenennen.

+max+ 19.06.2010 13:31
Ach ja, eine Frage zwischendurch:

Muss ich nach dieser ganzen Prozedur (wenn sie mal beendet ist) noch etwas gegen den MSN-Virus machen (eben weil ich auf den Link geklickt habe, kann nemanden mehr anschreiben...)???

Muss da anschließend noch was gemacht werden??? (Passwörter ändern ist klar...)

Lg Max

Larusso 19.06.2010 13:43
Jz mach mal das was ich dir hier schreibe sonst wird das nie was

+max+ 19.06.2010 15:30
so hier die Logfiles:

Combo Fix:

Combofix Logfile:
Code:
ComboFix 10-06-18.03 - Administrator 19.06.2010  15:25:41.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.254.104 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-05-19 bis 2010-06-19  ))))))))))))))))))))))))))))))
.

2010-06-17 21:44 . 2010-06-17 21:44        --------        d-----w-        c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-17 21:44 . 2010-06-17 21:44        --------        d-----w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-17 21:43 . 2010-06-17 21:43        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-17 21:40 . 2010-06-17 21:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 21:51 . 2008-12-05 15:13        --------        d-----w-        c:\documents and settings\All Users\Application Data\Google Updater
2010-06-18 05:44 . 2010-06-17 21:46        63488        ----a-w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-18 05:44 . 2010-06-17 21:46        117760        ----a-w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-17 21:46 . 2010-06-17 21:46        52224        ----a-w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-17 21:43 . 2010-06-17 21:40        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-06-17 21:42 . 2010-06-17 21:41        --------        d-----w-        c:\program files\SUPERAntiSpyware
2010-06-13 21:37 . 2008-03-13 20:17        --------        d-----w-        c:\documents and settings\Administrator\Application Data\ICQ
2010-06-13 21:12 . 2010-05-19 18:00        --------        d-----w-        c:\program files\ICQ7.1
2010-06-13 20:31 . 2009-10-17 13:30        --------        d-----w-        c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-20 16:10 . 2010-04-28 16:35        --------        d-----w-        c:\program files\ANNO1602
2010-05-19 18:02 . 2008-03-13 20:19        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-05-18 15:55 . 2010-05-18 15:55        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Avira
2010-05-18 15:49 . 2009-03-13 21:12        --------        d-----w-        c:\program files\Avira
2010-05-18 15:41 . 2010-05-18 15:41        --------        d-----w-        c:\documents and settings\All Users\Application Data\Avira
2010-05-17 17:38 . 2010-04-06 20:48        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Winamp
2010-05-17 13:55 . 2010-05-17 13:55        604488        ----a-w-        c:\windows\system32\TUProgSt.exe
2010-05-17 13:55 . 2010-05-17 13:55        361288        ----a-w-        c:\windows\system32\TuneUpDefragService.exe
2010-05-17 13:55 . 2010-05-17 13:55        --------        d-----w-        c:\documents and settings\Administrator\Application Data\TuneUp Software
2010-05-17 13:54 . 2010-05-17 13:53        --------        d-----w-        c:\program files\TuneUp Utilities 2009
2010-05-17 13:53 . 2010-05-17 13:53        --------        d-----w-        c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-17 13:50 . 2010-05-17 13:50        --------        d-sh--w-        c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2010-05-02 05:22 . 2004-08-04 12:00        1851264        ----a-w-        c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-06-17 21:41        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-06-17 21:40        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-04-28 19:50 . 2008-03-20 20:05        --------        d-----w-        c:\program files\Common Files\InstallShield
2010-04-28 19:44 . 2010-04-28 19:24        --------        d-----w-        c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2010-04-28 19:32 . 2010-04-28 19:32        --------        d-----w-        c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-04-28 19:31 . 2010-04-28 19:31        --------        d-----w-        c:\program files\DAEMON Tools Toolbar
2010-04-28 19:31 . 2010-04-28 19:31        --------        d-----w-        c:\program files\DAEMON Tools Lite
2010-04-28 19:24 . 2010-04-28 19:24        721904        ----a-w-        c:\windows\system32\drivers\sptd.sys
2010-04-20 05:30 . 2004-08-04 12:00        285696        ----a-w-        c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-04 12:00        667136        ----a-w-        c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll
2010-04-14 18:01 . 2010-04-14 18:01        362        ----a-w-        c:\documents and settings\Administrator\Local Settings\Application Data\fw_start.bat
2010-04-14 17:57 . 2010-04-14 18:01        176210        ----a-w-        c:\windows\callAPI.exe
2008-05-01 12:31 . 2008-05-01 12:31        0        -c--a-w-        c:\program files\temp01
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"PCTVOICE"="pctspk.exe" [2003-02-24 163840]
"Conceptronic Conceptronic 54Mbps Wireless Utility"="c:\program files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe" [2007-01-19 950272]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-03-01 11:35        327680        ----a-w-        c:\program files\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51        691656        ----a-w-        c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16        141608        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 08:42        2156368        ------w-        c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13        2403568        ----a-w-        c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-05-20 14:11        111928        ----a-r-        c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44        37888        ----a-w-        c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.04.2010 20:24 721904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [20.03.2008 20:36 264704]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-06-19 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-06-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 17:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.feuerwerk-forum.de/cms.php?p=home
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-19 15:41
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spqu.sys hal.dll >>UNKNOWN [0x81B1F938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf92a5f28
\Driver\ACPI -> ACPI.sys @ 0xf90ffcb8
\Driver\atapi -> atapi.sys @ 0xf909cb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-436374069-706699826-1957994488-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,42,e5,e5,9a,13,5a,58,59,b3,38,57,cf,28,63,b1,49,6d,1e,6d,01,25,be,
  ea,30,66,12,14,9c,3d,4c,34,8a,58,14,83,f7,5c,57,60,5d,ed,20,17,73,15,82,96,\
"??"=hex:c4,8a,f6,63,3a,cc,81,12,7e,50,4c,f3,5a,84,99,8d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(452)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2348)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TUProgSt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\pctspk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-19  16:00:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-19 15:00

Vor Suchlauf: 10.735.988.736 bytes free
Nach Suchlauf: 12 Verzeichnis(se), 10.724.880.384 Bytes frei

- - End Of File - - F0019A1ECB1156306474ED636058958E
--- --- ---



OTL Fix Log:

All processes killed
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D507AEDA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:18B3AE54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:46700142 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:72E6616C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90B52091 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2E49FF93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0DD063D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09867A8B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8776F88E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8F2382B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:275AA066 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F264BECE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B268A25C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1713795 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77F07255 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90D89144 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A109A3D0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:453190EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0207B271 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CB3187E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12A8EFF7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:101708D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C5BCA2A0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01 deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06192010_160521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

+max+ 19.06.2010 15:32
Und der OTL Quick Scan Log:


OTL Logfile:
Code:
OTL logfile created on: 19.06.2010 16:12:45 - Run 2
OTL by OldTimer - Version 3.2.6.0    Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
254,00 Mb Total Physical Memory | 95,00 Mb Available Physical Memory | 38,00% Memory free
1.008,00 Mb Paging File | 761,00 Mb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 10,01 Gb Free Space | 35,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WALTERMOBIL
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.03.29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2003.02.24 15:35:12 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\pctspk.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008.04.14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.05.17 14:55:27 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005.10.19 18:19:10 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Disabled | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.04.28 20:24:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.26 16:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 16:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 16:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.07.26 16:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007.09.12 09:56:50 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.09.05 20:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006.09.05 20:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.05 19:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006.09.05 19:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006.09.05 19:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006.09.05 19:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006.09.05 19:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2006.02.23 17:16:36 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.01.19 22:10:50 | 000,363,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003.05.30 18:45:16 | 000,477,403 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2003.05.30 17:50:46 | 000,690,973 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2003.05.28 12:08:12 | 000,066,111 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2003.02.24 15:30:02 | 000,135,292 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001.08.17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.feuerwerk-forum.de/cms.php?p=home"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 21:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.06 21:48:20 | 000,000,000 | ---D | M]
 
[2010.04.06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2010.06.18 01:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions
[2010.04.06 23:04:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.17 18:39:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.29 17:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\q0xptpv5.default\extensions\youtube2mp3@mondayx.de
[2010.06.18 01:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.14 19:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.19 15:39:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WlanMon.exe (Conceptronic )
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205436973119 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205437178203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.13 05:09:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.19 16:05:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.19 16:05:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.19 16:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.19 15:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010.06.19 13:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Logfiles 18.06 und 19.06
[2010.06.18 23:19:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.18 23:06:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.18 23:06:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.18 23:06:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.18 23:06:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.18 23:04:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.18 23:00:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.18 22:41:17 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.06.18 22:41:15 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010.06.17 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.06.17 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010.06.17 22:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010.06.17 22:41:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.17 22:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.06.17 22:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.06.17 22:40:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.17 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.17 22:37:12 | 008,776,240 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010.06.17 22:35:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010.05.19 19:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2010.05.19 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.05.18 16:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.18 16:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2010.05.18 16:41:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.05.18 16:41:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.05.18 16:41:14 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.05.18 16:41:14 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.05.18 16:41:14 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.05.18 16:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010.05.17 14:55:35 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010.05.17 14:55:30 | 000,029,000 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.05.17 14:55:26 | 000,361,288 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010.05.17 14:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010.05.17 14:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.05.17 14:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2010.05.17 14:50:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.05.13 18:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.05.06 20:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\IDoser v4.5
[2010.04.28 20:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.04.28 20:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010.04.28 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.04.28 20:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010.04.28 20:13:46 | 007,658,952 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Administrator\Desktop\daemon4304-lite.exe
[2010.04.28 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO1602
[2010.04.28 16:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Musik
[2010.04.11 17:17:52 | 000,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\WECO Feuerwerk.exe
[2010.04.11 17:17:51 | 000,903,168 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\WECO Feuerwerk .scr
[2010.04.11 17:17:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WECO Feuerwerk  Uninstaller
[2010.04.11 00:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Feuerwerk Bilder und Videos
[2010.04.10 22:41:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Neu Aktenkoffer
[2010.04.07 19:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\KAMERA
[2010.04.07 18:59:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.04.07 18:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FW-Sim
[2010.04.06 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.04.06 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010.04.06 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010.04.06 21:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2010.04.06 21:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Programme
[2010.04.06 21:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Office 2007
[2010.03.22 15:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.19 16:12:17 | 000,013,728 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.19 16:08:22 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.06.19 16:07:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.19 16:07:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.19 16:05:43 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.06.19 16:05:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.06.19 15:43:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.19 15:39:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.19 15:06:52 | 003,715,012 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010.06.19 14:30:30 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.19 14:30:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.06.19 13:34:11 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.06.18 22:29:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010.06.18 22:28:38 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010.06.17 22:43:10 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:42:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.17 22:38:11 | 008,776,240 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2010.06.17 22:36:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010.06.17 14:17:14 | 000,011,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner Neu.docx
[2010.06.16 19:54:01 | 000,074,747 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk neu.docx
[2010.06.16 00:44:57 | 004,811,836 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010.06.13 22:08:21 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.13 21:38:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.13 20:42:23 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.13 20:42:23 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.13 20:42:22 | 000,505,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.08 22:32:20 | 000,054,183 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrennplan Vorschlag 1.docx
[2010.06.07 19:24:54 | 000,093,190 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\opelcorsab.JPG
[2010.06.06 23:43:48 | 000,011,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner aus dem Forum.docx
[2010.05.24 15:36:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.05.19 19:03:10 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.1.lnk
[2010.05.17 14:55:35 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010.05.17 14:55:27 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010.05.17 14:54:34 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.17 14:54:32 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010.05.13 18:26:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.05.09 14:32:56 | 000,000,370 | ---- | M] () -- C:\content_update_notification.xml
[2010.05.06 19:45:34 | 000,484,516 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Du hast es gefunden.JPG
[2010.04.29 20:19:07 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 20:24:26 | 000,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.27 22:32:01 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Eigene Dateien.lnk
[2010.04.27 21:44:03 | 000,310,191 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ich (10).JPG
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.25 22:17:04 | 000,054,652 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 14:45:11 | 000,096,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BLOCKPLAN-KFZ-2009-2010.pdf
[2010.04.21 22:32:56 | 000,068,643 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk bestellvorschlag 1.docx
[2010.04.20 20:23:56 | 000,012,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ipanema.jpg
[2010.04.14 19:03:21 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.properties
[2010.04.14 19:01:10 | 000,000,140 | ---- | M] () -- C:\WINDOWS\CallAPI.ini
[2010.04.14 19:01:00 | 000,000,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fw_start.bat
[2010.04.14 18:57:14 | 000,176,210 | ---- | M] () -- C:\WINDOWS\callAPI.exe
[2010.04.11 17:32:31 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Die Tomate ausarbeitung präsentation.doc
[2010.04.07 19:33:16 | 000,207,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fehlerfwsim.BMP
[2010.04.06 21:48:21 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010.04.06 21:26:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010.04.06 20:31:57 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
 
========== Files Created - No Company Name ==========
 
[2010.06.19 15:09:41 | 003,715,012 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010.06.18 23:20:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.06.18 23:19:51 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.18 23:06:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.18 23:06:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.18 23:06:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.18 23:06:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.18 23:06:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.17 22:43:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:42:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.16 20:08:22 | 000,011,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner Neu.docx
[2010.06.16 19:51:23 | 000,074,747 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk neu.docx
[2010.06.07 19:24:53 | 000,093,190 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\opelcorsab.JPG
[2010.06.06 21:55:28 | 000,011,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrenner aus dem Forum.docx
[2010.05.19 19:03:10 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICQ7.1.lnk
[2010.05.17 14:55:25 | 000,000,516 | ---- | C] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.05.17 14:54:34 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.17 14:54:32 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2010.05.06 19:45:02 | 000,484,516 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Du hast es gefunden.JPG
[2010.04.28 20:24:24 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.28 20:13:57 | 558,018,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\An.603.iso
[2010.04.27 22:32:01 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Eigene Dateien.lnk
[2010.04.27 21:43:44 | 000,310,191 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ich (10).JPG
[2010.04.25 22:15:41 | 000,054,652 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk vorschlag 2.docx
[2010.04.25 14:45:11 | 000,096,440 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BLOCKPLAN-KFZ-2009-2010.pdf
[2010.04.22 21:40:28 | 000,054,183 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Abbrennplan Vorschlag 1.docx
[2010.04.21 22:23:42 | 000,068,643 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Roeder Leuchtfeuerwerk bestellvorschlag 1.docx
[2010.04.20 20:23:54 | 000,012,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ipanema.jpg
[2010.04.14 19:01:10 | 000,000,140 | ---- | C] () -- C:\WINDOWS\CallAPI.ini
[2010.04.14 19:01:08 | 000,176,210 | ---- | C] () -- C:\WINDOWS\callAPI.exe
[2010.04.14 19:01:00 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fw_start.bat
[2010.04.14 18:50:55 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.properties
[2010.04.14 18:50:51 | 000,088,986 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\starterapplet.log
[2010.04.11 17:32:28 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Die Tomate ausarbeitung präsentation.doc
[2010.04.11 17:17:53 | 000,000,639 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c4
[2010.04.11 17:17:52 | 000,825,646 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .swf
[2010.04.11 17:17:52 | 000,161,078 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .bmp
[2010.04.11 17:17:52 | 000,023,558 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .ico
[2010.04.11 17:17:52 | 000,000,767 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c3
[2010.04.11 17:17:52 | 000,000,767 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .c1
[2010.04.11 17:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WECO Feuerwerk .ini
[2010.04.07 19:33:16 | 000,207,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fehlerfwsim.BMP
[2010.04.07 19:30:41 | 000,031,744 | ---- | C] () -- C:\WINDOWS\UNISTB32.EXE
[2010.04.06 21:48:21 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010.04.06 21:26:14 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009.09.19 15:17:36 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.13 21:32:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008.06.22 20:33:32 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.10.12 01:11:58 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2003.02.13 17:40:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmmoh.dll
 
========== LOP Check ==========
 
[2008.11.16 13:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alawar
[2009.03.14 13:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ashampoo
[2009.11.21 21:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2008.12.03 13:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
[2009.01.05 23:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cerasus.media
[2010.04.06 21:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\concept design
[2010.04.28 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009.09.03 18:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EleFun Games
[2008.06.09 18:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gaijin Ent
[2008.12.03 18:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gemsweeperextractedgfx
[2008.11.15 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gogii Games
[2010.06.13 22:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2008.03.20 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
[2008.03.20 21:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2008.10.13 15:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009.09.01 23:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lost in the City
[2008.06.09 17:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Meridian93
[2008.03.20 20:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2008.05.22 14:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oberon Games
[2009.09.03 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\panoramik
[2008.10.29 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\phonostar-Player
[2009.09.25 16:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2009.09.03 12:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
[2008.08.13 16:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SultansLabyrinth
[2010.04.06 21:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
[2008.08.14 14:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TheScruffs
[2010.05.17 14:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008.05.31 14:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Turtle Odyssey II
[2008.06.09 19:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Valusoft
[2008.05.31 16:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VeniceMysteryData
[2009.03.19 17:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Live Writer
[2009.07.01 11:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YoudaGames
[2008.06.02 14:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cerasus.media
[2010.04.28 20:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008.09.01 15:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2008.12.17 16:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Global Software Publishing
[2008.08.20 18:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008.11.15 14:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2008.06.01 09:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008.05.31 13:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2008.06.10 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009.03.14 19:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.08.31 16:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008.12.03 18:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meine Spiele
[2009.04.10 02:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age
[2008.06.09 19:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009.09.25 16:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008.12.01 21:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2008.09.02 16:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010.04.19 20:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2010.01.05 17:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.05.17 14:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008.06.09 19:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009.03.23 16:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.05.17 14:50:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.09.14 16:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.20 15:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.06.19 16:08:22 | 000,000,516 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

Larusso 19.06.2010 15:39
start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
@echo off
cd \
md "%userprofile%\desktop\infected"
copy "C:\WINDOWS\WECO Feuerwerk .scr" "%userprofile%\desktop\infected"
del%0
Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die file.bat.
Vista und Win7 User: Mit Rechtsklick "als Administrator starten"


Schritt 2

Nach der ausführung solltest du einen Ordner Infected am Desktop haben.
Darin befindet sich die feuerwerk.scr
Diese bitte wie folgt hochladen
  • Öffne diese Webseite: virustotal
  • Klicke auf "Durchsuchen"
  • Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
  • "Senden der Datei"
  • Warte, bis der Scandurchlauf aller Virenscanner beendet ist
  • Auf "Filter" klicken
  • dann auf "Ergebnisse"
  • das Ergebnis (wie Du es bekommst )
    komplett markieren und hier rein kopieren
Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Poste mir die Auswertung

+max+ 19.06.2010 16:09
Virustotal ist nicht erreichbar...

Liegt das am Laptop oder an der Seite?

Larusso 19.06.2010 16:14
Liegt an der Seite -.-

Jottis Malwarescanner

+max+ 19.06.2010 16:59
Jotti hat nichts gefunden...

Larusso 19.06.2010 17:16
Speichere folgendes als CFScript.txt ab (nicht CFScript.txt.txt!!!)

Code:
KillAll::
RenV::
C:\WINDOWS\WECO Feuerwerk .scr
Poste mir erneut die Combofix.txt

+max+ 19.06.2010 18:12
Seit ca. 20 Minuten Steht bei Combo Fix:

R6025
- pure virtual function call



Weiter laufen lassen ?

+max+ 19.06.2010 18:19
Ahhh ok das Logfile ist da:


Combofix Logfile:
Code:
ComboFix 10-06-18.03 - Administrator 19.06.2010  18:41:57.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.254.96 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-05-19 bis 2010-06-19  ))))))))))))))))))))))))))))))
.

2010-06-17 21:44 . 2010-06-17 21:44        --------        d-----w-        c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-17 21:44 . 2010-06-17 21:44        --------        d-----w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-17 21:43 . 2010-06-17 21:43        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-17 21:40 . 2010-06-17 21:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 05:44 . 2010-06-17 21:46        63488        ----a-w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-18 05:44 . 2010-06-17 21:46        117760        ----a-w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-17 21:46 . 2010-06-17 21:46        52224        ----a-w-        c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"PCTVOICE"="pctspk.exe" [2003-02-24 163840]
"Conceptronic Conceptronic 54Mbps Wireless Utility"="c:\program files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe" [2007-01-19 950272]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-03-01 11:35        327680        ----a-w-        c:\program files\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51        691656        ----a-w-        c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16        141608        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-07 08:42        2156368        ------w-        c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13        2403568        ----a-w-        c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-05-20 14:11        111928        ----a-r-        c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44        37888        ----a-w-        c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.04.2010 20:24 721904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [20.03.2008 20:36 264704]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-06-19 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-06-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-05 17:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q0xptpv5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.feuerwerk-forum.de/cms.php?p=home
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-19 19:02
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys splc.sys hal.dll >>UNKNOWN [0x81B1F938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf92a5f28
\Driver\ACPI -> ACPI.sys @ 0xf90ffcb8
\Driver\atapi -> atapi.sys @ 0xf909cb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-436374069-706699826-1957994488-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,42,e5,e5,9a,13,5a,58,59,b3,38,57,cf,28,63,b1,49,6d,1e,6d,01,25,be,
  ea,30,66,12,14,9c,3d,4c,34,8a,58,14,83,f7,5c,57,60,5d,ed,20,17,73,15,82,96,\
"??"=hex:c4,8a,f6,63,3a,cc,81,12,7e,50,4c,f3,5a,84,99,8d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(452)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1692)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TUProgSt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-19  19:16:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-19 18:16

Vor Suchlauf: 10.705.178.624 bytes free
Nach Suchlauf: 13 Verzeichnis(se), 10.694.291.456 Bytes frei

- - End Of File - - 9E4603F5D8598B98131C5C617FD5E8C3
--- --- ---

Larusso 19.06.2010 18:32
Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

+max+ 19.06.2010 19:07
Deinstallation und Bereinigung bereits erledigt, der Rest folgt noch...

Sage an diesen Punkt schonmal herzlichen Dank...:daumenhoc


Noch Abschließend:

Ist jetzt wegen MSN noch irgendetwas notwendig, oder hat sich das damit auch erledigt?

Lg Max

Larusso 19.06.2010 19:24
Zugangspasswörter ändern ist sicher keine Schlechte Idee. Sonst ist alles erledigt (wenn dir nichts mehr auffällt ;) )

+max+ 19.06.2010 19:29
Alles klar...

Vielen Dank für die schnelle und kompetente Hilfe...:daumenhoc


Das wärs dann wohl gewesen...

Larusso 19.06.2010 19:52
Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich.

Jeder andere möge bitte einen eigenen Thread eröffnen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131