IE autostart + manche Installationen starten nicht

Thema ist geschlossen!
Thema ist geschlossen!
#0
24.08.2009, 15:10
Moderator

Beiträge: 5694
#16 >>
Entferne GMER von Deinem System und lade es neu. Dann lass es laufen und poste das NEUE Log zusammen mit einem NEUEN Hijackthis-Log.

Gruss Swiss
Seitenanfang Seitenende
24.08.2009, 22:20
Member

Themenstarter

Beiträge: 15
#17 neuer GMER log

Code

GMER 1.0.15.15077 [7iibttgg.exe] - http://www.gmer.net
Rootkit scan 2009-08-24 22:16:53
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwCreateFile [0xB6E00930]
SSDT            BA759C7E                                                                                                                                               ZwCreateKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwCreateProcess [0xB6E0A870]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwCreateProcessEx [0xB6E0AAA0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwCreateSection [0xB6E0DFD0]
SSDT            BA759C74                                                                                                                                               ZwCreateThread
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwDeleteFile [0xB6E00F20]
SSDT            BA759C83                                                                                                                                               ZwDeleteKey
SSDT            BA759C8D                                                                                                                                               ZwDeleteValueKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwDuplicateObject [0xB6E0A580]
SSDT            spmu.sys                                                                                                                                               ZwEnumerateKey [0xB9EC6CA2]
SSDT            spmu.sys                                                                                                                                               ZwEnumerateValueKey [0xB9EC7030]
SSDT            BA759C92                                                                                                                                               ZwLoadKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwOpenFile [0xB6E00D70]
SSDT            spmu.sys                                                                                                                                               ZwOpenKey [0xB9EA80C0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwOpenProcess [0xB6E0A350]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwOpenThread [0xB6E0A150]
SSDT            spmu.sys                                                                                                                                               ZwQueryKey [0xB9EC7108]
SSDT            spmu.sys                                                                                                                                               ZwQueryValueKey [0xB9EC6F88]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwRenameKey [0xB6E0D250]
SSDT            BA759C9C                                                                                                                                               ZwReplaceKey
SSDT            BA759C97                                                                                                                                               ZwRestoreKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwSecureConnectPort [0xB6E04220]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                            ZwSetInformationFile [0xB6E01120]
SSDT            BA759C88                                                                                                                                               ZwSetValueKey
SSDT            \??\F:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                              ZwTerminateProcess [0xB6D1B0B0]

INT 0x62        ?                                                                                                                                                      8A4C3BF8
INT 0x63        ?                                                                                                                                                      8A453BF8
INT 0x73        ?                                                                                                                                                      8A453BF8
INT 0xA4        ?                                                                                                                                                      8A456BF8
INT 0xB4        ?                                                                                                                                                      8A453BF8

---- Kernel code sections - GMER 1.0.15 ----

?               spmu.sys                                                                                                                                               Das System kann die angegebene Datei nicht finden. !
?               srescan.sys                                                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                                                                  B9BC162C 5 Bytes  JMP 8A3741D8
.text           apx782ru.SYS                                                                                                                                           B938B384 1 Byte  [20]
.text           apx782ru.SYS                                                                                                                                           B938B384 37 Bytes  [20, 00, 00, 68, 00, 00, 00, ...]
.text           apx782ru.SYS                                                                                                                                           B938B3AA 24 Bytes  [00, 00, 20, 00, 00, E0, 00, ...]
.text           apx782ru.SYS                                                                                                                                           B938B3C4 3 Bytes  [00, 00, 00]
.text           apx782ru.SYS                                                                                                                                           B938B3C9 1 Byte  [00]
.text           ...                                                                                                                                                    

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                     [B9EA9040] spmu.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                             [B9EA913C] spmu.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                                    [B9EA90BE] spmu.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                            [B9EA97FC] spmu.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                    [B9EA96D2] spmu.sys
IAT             \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                     [B9EB9048] spmu.sys
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!KfAcquireSpinLock]                                                                                   0A64D90F
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!READ_PORT_UCHAR]                                                                                     046FD406
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!KeGetCurrentIrql]                                                                                    1672C31D
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!KfRaiseIrql]                                                                                         1879CE14
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!KfLowerIrql]                                                                                         3248ED2B
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!HalGetInterruptVector]                                                                               3C43E022
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!HalTranslateBusAddress]                                                                              2E5EF739
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!KeStallExecutionProcessor]                                                                           2055FA30
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!KfReleaseSpinLock]                                                                                   EC01B79A
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                             E20ABA93
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!READ_PORT_USHORT]                                                                                    F017AD88
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                            FE1CA081
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                                                    D42D83BE
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[WMILIB.SYS!WmiSystemControl]                                                                                 C83B99AC
IAT             \SystemRoot\System32\Drivers\apx782ru.SYS[WMILIB.SYS!WmiCompleteRequest]                                                                               C63094A5
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                                                               [B6E08CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                                                    [B6E091C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                                                   [B6E09320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                             [B6E08E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                                                                [B6E08CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                                                    [B6E09320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                                                     [B6E091C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                                                              [B6E08E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                                                      [B6E09320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                                                                  [B6E08CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                                                       [B6E091C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                               [B6E08E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                                                                 [B6E08CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                                                      [B6E091C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                                                     [B6E09320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter]                                                                                    [B6E09320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                                                                                     [B6E091C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                              [B6E08E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol]                                                                                [B6E08CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                                                                [B6E08CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                                                              [B6E08E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                                                    [B6E09320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                                                     [B6E091C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             F:\Programme\Codebox\BitMeter\BitMeter2.exe[232] @ F:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile]                                           [00802F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Codebox\BitMeter\BitMeter2.exe[232] @ F:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile]                                  [00802CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Codebox\BitMeter\BitMeter2.exe[232] @ F:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose]                                                [00802D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Codebox\BitMeter\BitMeter2.exe[232] @ F:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject]                                      [00802CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\Explorer.EXE[1388] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                              [01272F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\Explorer.EXE[1388] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                                     [01272CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\Explorer.EXE[1388] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                                   [01272D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\Explorer.EXE[1388] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                         [01272CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\System32\wbem\unsecapp.exe[1828] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                [00B72F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\System32\wbem\unsecapp.exe[1828] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                       [00B72CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\System32\wbem\unsecapp.exe[1828] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                     [00B72D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\System32\wbem\unsecapp.exe[1828] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                           [00B72CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\system32\wscntfy.exe[2244] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                      [008B2F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\system32\wscntfy.exe[2244] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                             [008B2CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\system32\wscntfy.exe[2244] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                           [008B2D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\system32\wscntfy.exe[2244] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                 [008B2CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Analog Devices\Core\smax4pnp.exe[2648] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                        [00AE2F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Analog Devices\Core\smax4pnp.exe[2648] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                               [00AE2CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Analog Devices\Core\smax4pnp.exe[2648] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                             [00AE2D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Analog Devices\Core\smax4pnp.exe[2648] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                   [00AE2CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\system32\RUNDLL32.EXE[2816] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                     [00AB2F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\system32\RUNDLL32.EXE[2816] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                            [00AB2CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\system32\RUNDLL32.EXE[2816] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                          [00AB2D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\WINDOWS\system32\RUNDLL32.EXE[2816] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                [00AB2CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Avira\AntiVir Desktop\avgnt.exe[2832] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                         [00B72F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Avira\AntiVir Desktop\avgnt.exe[2832] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                [00B72CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Avira\AntiVir Desktop\avgnt.exe[2832] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                              [00B72D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Avira\AntiVir Desktop\avgnt.exe[2832] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                    [00B72CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Analog Devices\SoundMAX\smax4.exe[2908] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                       [00AC2F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Analog Devices\SoundMAX\smax4.exe[2908] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                              [00AC2CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Analog Devices\SoundMAX\smax4.exe[2908] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                            [00AC2D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Analog Devices\SoundMAX\smax4.exe[2908] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                  [00AC2CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Lavasoft\Ad-Aware\AAWService.exe[3448] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                        [003E2F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Lavasoft\Ad-Aware\AAWService.exe[3448] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                               [003E2CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Lavasoft\Ad-Aware\AAWService.exe[3448] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                             [003E2D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Lavasoft\Ad-Aware\AAWService.exe[3448] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                   [003E2CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3556] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                           [00A22F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3556] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                  [00A22CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3556] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                [00A22D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Programme\Lavasoft\Ad-Aware\AAWTray.exe[3556] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                      [00A22CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Dokumente und Einstellungen\tommy\Eigene Dateien\Downloads\7iibttgg.exe[3596] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]           [00802F30] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Dokumente und Einstellungen\tommy\Eigene Dateien\Downloads\7iibttgg.exe[3596] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]  [00802CA0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Dokumente und Einstellungen\tommy\Eigene Dateien\Downloads\7iibttgg.exe[3596] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                [00802D00] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             F:\Dokumente und Einstellungen\tommy\Eigene Dateien\Downloads\7iibttgg.exe[3596] @ F:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]      [00802CD0] F:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                 8A4C11F8
Device          \Driver\Tcpip \Device\Ip                                                                                                                               vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                                       8A2CA1F8
Device          \Driver\sptd \Device\3897676280                                                                                                                        spmu.sys
Device          \Driver\Tcpip \Device\Tcp                                                                                                                              vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                              fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device          \Driver\PCI_PNP5030 \Device\00000062                                                                                                                   spmu.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                 8A4541F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                                 8A4541F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                                           8A36B1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                                 8A4541F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                                                           8A36B1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                     8A4C31F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                     8A4C31F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3                                                                                                            8A4C31F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3                                                                                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                                 8A4541F8
Device          \Driver\Cdrom \Device\CdRom2                                                                                                                           8A36B1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                8928E500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                                       8928E500
Device          \Driver\nvata \Device\00000085                                                                                                                         8A4531F8
Device          \Driver\nvata \Device\00000085                                                                                                                         sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\Tcpip \Device\Udp                                                                                                                              vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\RawIp                                                                                                                            vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\usbohci \Device\USBFDO-0                                                                                                                       8A2CA1F8
Device          \Driver\nvata \Device\NvAta0                                                                                                                           8A4531F8
Device          \Driver\nvata \Device\NvAta0                                                                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                      891101F8
Device          \Driver\nvata \Device\NvAta1                                                                                                                           8A4531F8
Device          \Driver\nvata \Device\NvAta1                                                                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                                                                      vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                            891101F8
Device          \Driver\nvata \Device\NvAta2                                                                                                                           8A4531F8
Device          \Driver\nvata \Device\NvAta2                                                                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\Ftdisk \Device\FtControl                                                                                                                       8A4541F8
Device          \Driver\apx782ru \Device\Scsi\apx782ru1Port6Path0Target1Lun0                                                                                           8A2B9500
Device          \Driver\apx782ru \Device\Scsi\apx782ru1Port6Path0Target1Lun0                                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\apx782ru \Device\Scsi\apx782ru1                                                                                                                8A2B9500
Device          \Driver\apx782ru \Device\Scsi\apx782ru1                                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\JRAID \Device\Scsi\JRAID1                                                                                                                      8A4C21F8
Device          \Driver\apx782ru \Device\Scsi\apx782ru1Port6Path0Target0Lun0                                                                                           8A2B9500
Device          \Driver\apx782ru \Device\Scsi\apx782ru1Port6Path0Target0Lun0                                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \FileSystem\Cdfs \Cdfs                                                                                                                                 890D6500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                     771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                     285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                     1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                    F:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                    0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                 0xBA 0xD8 0x9D 0x40 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                        0x07 0xA9 0x3D 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                  0x4B 0x50 0x7E 0x0E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                                  0x4B 0x50 0x7E 0x0E ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                        F:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                        0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                     0xBA 0xD8 0x9D 0x40 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                          
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                            0x07 0xA9 0x3D 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                    
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                      0x4B 0x50 0x7E 0x0E ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)                                    
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                                      0x4B 0x50 0x7E 0x0E ...

---- EOF - GMER 1.0.15 ----
________________________________________________________

HJT neuer log

Code

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:00, on 24.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Programme\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\system32\svchost.exe
F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Programme\Analog Devices\Core\smax4pnp.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programme\Avira\AntiVir Desktop\avgnt.exe
F:\Programme\Analog Devices\SoundMAX\smax4.exe
F:\Programme\Codebox\BitMeter\BitMeter2.exe
F:\WINDOWS\System32\svchost.exe
C:\Steam\Steam.exe
F:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - F:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - F:\Programme\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Programme\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "F:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMax] "F:\Programme\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bitmeter2.lnk = F:\Programme\Codebox\BitMeter\BitMeter2.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - F:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - F:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212587922996
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212588038715
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - F:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - F:\DOKUME~1\tommy\LOKALE~1\Temp\AVSETUP_49cf19ba\basic\avupgsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - F:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - F:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - F:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7032 bytes
Seitenanfang Seitenende
25.08.2009, 11:48
Moderator

Beiträge: 5694
#18 Poste ein neues Combofix-Log.

Gruss Swiss
Seitenanfang Seitenende
25.08.2009, 14:25
Member

Themenstarter

Beiträge: 15
#19 Neuer combofix log


Code

ComboFix 09-08-24.06 - tommy 25.08.2009 14:02.2.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.3070.2536 [GMT 2:00]
ausgeführt von:: f:\dokumente und einstellungen\tommy\Eigene Dateien\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2009-07-25 bis 2009-08-25  ))))))))))))))))))))))))))))))
.

2030-08-29 13:22 . 2030-08-29 13:22    56832    ------w-    f:\windows\system32\Iyvu9_32.dll
2009-08-23 10:16 . 2009-08-23 10:16    --------    d-----w-    f:\dokumente und einstellungen\tommy\Lokale Einstellungen\Anwendungsdaten\Monte Cristo
2009-08-23 07:12 . 2009-08-25 12:18    117760    ----a-w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-23 07:12 . 2009-08-23 07:12    --------    d-----w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-08-23 07:11 . 2009-08-24 20:23    --------    d-----w-    f:\programme\SUPERAntiSpyware
2009-08-23 07:11 . 2009-08-23 07:11    --------    d-----w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\SUPERAntiSpyware.com
2009-08-22 05:20 . 2009-06-18 10:55    18816    ------w-    f:\windows\system32\SAVRKBootTasks.sys
2009-08-22 04:48 . 2009-08-22 04:48    --------    d-----w-    f:\programme\Sophos
2009-08-21 00:04 . 2009-08-21 00:04    --------    d-----w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\Malwarebytes
2009-08-20 23:47 . 2007-04-23 16:38    5376    ----a-w-    f:\windows\system32\antiwpa.dll
2009-08-20 23:15 . 2009-08-20 23:15    --------    d-----r-    f:\dokumente und einstellungen\Administrator\Eigene Dateien
2009-08-20 23:12 . 2009-08-20 23:12    --------    d-----w-    f:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2009-08-20 22:56 . 2009-08-03 11:36    38160    ----a-w-    f:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 22:56 . 2009-08-20 23:01    --------    d-----w-    f:\programme\Malwarebytes' Anti-Malware
2009-08-20 22:56 . 2009-08-20 22:56    --------    d-----w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-20 22:56 . 2009-08-03 11:36    19096    ----a-w-    f:\windows\system32\drivers\mbam.sys
2009-08-20 22:23 . 2009-08-20 22:23    --------    d-----w-    f:\programme\[url="http://www.ccleaner.de"]CCleaner[/url]
2009-08-20 22:19 . 2009-08-20 22:19    --------    d-----w-    f:\programme\Bullfrog
2009-08-20 21:12 . 2009-07-03 14:49    15688    ----a-w-    f:\windows\system32\lsdelete.exe
2009-08-20 21:10 . 2009-07-03 14:49    64160    ----a-w-    f:\windows\system32\drivers\Lbd.sys
2009-08-20 21:10 . 2009-08-20 21:10    --------    dc-h--w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-20 21:10 . 2009-07-08 17:28    2920112    -c--a-w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-20 21:10 . 2009-08-20 21:10    --------    d-----w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-08-20 21:10 . 2009-08-20 21:10    --------    d-----w-    f:\programme\Lavasoft
2009-08-20 20:14 . 2009-08-20 20:14    --------    d-----w-    f:\programme\Trend Micro
2009-08-20 11:26 . 2009-08-20 11:26    --------    d-----w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
2009-08-20 11:25 . 2009-08-20 11:25    --------    d-----w-    f:\programme\CDBurnerXP
2009-08-18 00:46 . 2009-08-18 00:46    --------    d-----w-    f:\programme\PFPortChecker
2009-08-16 11:59 . 2009-08-16 11:59    --------    d-----w-    f:\programme\Astonsoft
2009-08-16 11:53 . 2009-08-16 11:53    --------    d-----w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\Canneverbe_Limited
2009-08-15 12:41 . 2007-01-01 18:03    40960    ----a-r-    f:\windows\system32\psfind.dll
2009-08-15 03:36 . 2009-08-15 03:51    26515    ----a-w-    f:\windows\DIIUnin.dat
2009-08-15 03:36 . 2009-08-15 03:36    2829    ----a-w-    f:\windows\DIIUnin.pif
2009-08-15 03:36 . 2009-08-15 03:36    102400    ----a-w-    f:\windows\DIIUnin.exe
2009-08-10 21:53 . 2009-08-10 21:53    --------    d-----w-    f:\dokumente und einstellungen\tommy\Lokale Einstellungen\Anwendungsdaten\fabi.me
2009-08-10 21:45 . 2009-08-10 21:47    --------    d-----w-    f:\dokumente und einstellungen\tommy\Lokale Einstellungen\Anwendungsdaten\Nemex
2009-08-07 19:01 . 2009-08-07 19:01    --------    d-----w-    f:\dokumente und einstellungen\tommy\Lokale Einstellungen\Anwendungsdaten\DOSBox
2009-08-07 19:01 . 2009-08-20 20:06    --------    d-----w-    f:\programme\DOSBox-0.73
2009-08-05 02:48 . 2009-08-05 02:49    --------    d-----w-    f:\windows\system32\MathmosScreensaver dir
2009-08-05 02:48 . 2009-08-05 02:48    520192    ----a-w-    f:\windows\system32\MathmosScreensaver.scr
2009-08-05 02:44 . 2009-08-05 02:44    --------    d-----w-    f:\programme\Lava Lamp
2009-07-30 23:11 . 2009-08-25 12:15    --------    d-----w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\Bitmeter2
2009-07-30 23:11 . 2009-08-09 18:08    --------    d-----w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\Bitmeter2
2009-07-30 23:11 . 2009-07-30 23:11    --------    d-----w-    f:\programme\Codebox
2009-07-30 23:11 . 2009-07-30 23:11    --------    d-----w-    f:\programme\Bandwidth Meter
2009-07-29 05:18 . 2009-07-29 07:03    --------    d-----w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\mIRC
2009-07-29 05:18 . 2009-07-29 05:19    --------    d-----w-    f:\programme\mIRC

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 12:20 . 2009-03-29 22:53    19437600    --sha-w-    f:\windows\system32\drivers\fidbox.dat
2009-08-25 12:15 . 2009-03-29 22:53    236000    --sha-w-    f:\windows\system32\drivers\fidbox.idx
2009-08-24 12:43 . 2008-06-22 09:51    7680184    ----a-w-    f:\programme\Temp Log.log
2009-08-23 07:59 . 2009-08-23 08:02    2241024    ----a-w-    f:\windows\Internet Logs\xDB28.tmp
2009-08-23 07:11 . 2008-06-20 12:43    --------    d-----w-    f:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-08-21 20:57 . 2008-06-04 13:53    --------    d--h--w-    f:\programme\InstallShield Installation Information
2009-08-21 20:34 . 2008-06-10 20:06    --------    d-----w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\BitTorrent
2009-08-21 04:59 . 2008-06-20 12:18    --------    d-----w-    f:\programme\Electronic Arts
2009-08-21 04:59 . 2008-11-03 12:24    5036    ----a-w-    f:\windows\system32\ealregsnapshot1.reg
2009-08-21 04:58 . 2008-12-23 16:03    --------    d-----w-    f:\programme\Google
2009-08-21 04:58 . 2008-10-01 16:00    --------    d-----w-    f:\programme\Image-Line
2009-08-21 04:57 . 2008-10-01 21:24    --------    d-----w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\MAGIX
2009-08-21 04:57 . 2009-01-14 10:01    --------    d-----w-    f:\programme\MONOGRAM AMR SplitterDecoder
2009-08-21 04:51 . 2009-04-25 08:58    --------    d-----w-    f:\programme\AVS4YOU
2009-08-21 04:50 . 2008-12-05 08:27    --------    d-----w-    f:\programme\Gemeinsame Dateien\AquaSoft
2009-08-21 00:00 . 2001-08-18 12:00    507392    ----a-w-    f:\windows\system32\winlogon.exe
2009-08-20 22:52 . 2009-08-20 22:53    60928    ----a-w-    f:\windows\Internet Logs\xDB26.tmp
2009-08-20 22:52 . 2009-08-20 22:53    2191360    ----a-w-    f:\windows\Internet Logs\xDB27.tmp
2009-08-20 11:18 . 2009-03-30 17:52    --------    d-----w-    f:\programme\nLite
2009-08-20 11:18 . 2008-10-24 22:22    --------    d-----w-    f:\programme\SpeedFan
2009-08-15 13:29 . 2008-06-05 19:31    98304    ----a-w-    f:\windows\system32\CmdLineExt.dll
2009-08-15 05:15 . 2008-06-22 07:59    --------    d-----w-    f:\programme\Ashampoo
2009-08-15 03:50 . 2008-09-03 03:47    21840    ----atw-    f:\windows\system32\SIntfNT.dll
2009-08-15 03:50 . 2008-09-03 03:47    17212    ----atw-    f:\windows\system32\SIntf32.dll
2009-08-15 03:50 . 2008-09-03 03:47    12067    ----atw-    f:\windows\system32\SIntf16.dll
2009-08-12 03:04 . 2008-07-06 13:21    --------    d-----w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\LimeWire
2009-08-11 12:52 . 2009-08-11 12:53    2103296    ----a-w-    f:\windows\Internet Logs\xDB25.tmp
2009-08-11 12:52 . 2009-08-11 12:53    3109888    ----a-w-    f:\windows\Internet Logs\xDB24.tmp
2009-08-10 16:04 . 2008-06-04 15:28    --------    d---a-w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-08-09 21:38 . 2009-05-24 14:44    2721480    ----a-w-    f:\windows\Internet Logs\tvDebug.zip
2009-08-06 03:42 . 2009-03-29 06:54    55656    ----a-w-    f:\windows\system32\drivers\avgntflt.sys
2009-08-05 12:51 . 2009-06-20 07:31    --------    d-----w-    f:\programme\NifTools
2009-07-30 23:11 . 2008-06-04 14:30    87880    ----a-w-    f:\dokumente und einstellungen\tommy\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-07-29 14:41 . 2009-07-29 14:42    2010624    ----a-w-    f:\windows\Internet Logs\xDB23.tmp
2009-07-29 13:29 . 2009-07-29 13:30    2010112    ----a-w-    f:\windows\Internet Logs\xDB22.tmp
2009-07-29 13:29 . 2009-07-29 13:30    106496    ----a-w-    f:\windows\Internet Logs\xDB21.tmp
2009-07-28 12:04 . 2009-07-28 12:05    2007040    ----a-w-    f:\windows\Internet Logs\xDB20.tmp
2009-07-28 12:04 . 2009-07-28 12:05    421376    ----a-w-    f:\windows\Internet Logs\xDB1F.tmp
2009-07-28 12:03 . 2009-07-28 12:04    2006528    ----a-w-    f:\windows\Internet Logs\xDB1E.tmp
2009-07-25 05:24 . 2009-07-23 07:25    --------    d-----w-    f:\programme\Free Download Manager
2009-07-24 00:57 . 2009-07-24 00:58    2002944    ----a-w-    f:\windows\Internet Logs\xDB1D.tmp
2009-07-24 00:57 . 2009-07-24 00:58    260608    ----a-w-    f:\windows\Internet Logs\xDB1C.tmp
2009-07-23 02:45 . 2008-06-27 20:38    --------    d-----w-    f:\programme\Gemeinsame Dateien\Adobe
2009-07-22 12:48 . 2009-04-15 09:34    --------    d-----w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\Move Networks
2009-07-21 22:30 . 2009-07-21 22:31    1984000    ----a-w-    f:\windows\Internet Logs\xDB1B.tmp
2009-07-21 22:30 . 2009-07-21 22:31    225792    ----a-w-    f:\windows\Internet Logs\xDB1A.tmp
2009-07-17 19:19 . 2009-07-17 19:10    --------    d-----w-    f:\programme\ICQ6.5
2009-07-17 19:18 . 2009-07-17 19:18    --------    d-----w-    f:\programme\ICQ6Toolbar
2009-07-17 19:18 . 2009-07-17 19:17    --------    d-----w-    f:\dokumente und einstellungen\All Users\Anwendungsdaten\ICQ
2009-07-17 19:11 . 2008-09-17 04:52    --------    d-----w-    f:\programme\ICQ6
2009-07-12 12:40 . 2009-07-12 02:20    96    ---ha-w-    f:\windows\system32\HsInfo.dat
2009-07-12 02:20 . 2009-07-12 02:20    --------    d-----w-    f:\programme\Gemeinsame Dateien\DirectX
2009-07-10 11:40 . 2009-07-05 14:17    --------    d-----w-    f:\dokumente und einstellungen\tommy\Anwendungsdaten\Spore
2009-07-04 14:09 . 2009-07-04 14:10    1936384    ----a-w-    f:\windows\Internet Logs\xDB19.tmp
2009-07-04 14:09 . 2009-07-04 14:10    60928    ----a-w-    f:\windows\Internet Logs\xDB18.tmp
2009-07-02 15:02 . 2009-07-02 15:01    --------    d-----w-    f:\programme\Microsoft Games for Windows - LIVE
2009-07-02 14:55 . 2009-06-16 05:01    184816    ----a-w-    f:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2009-07-02 14:54 . 2001-08-18 12:00    81840    ----a-w-    f:\windows\system32\perfc007.dat
2009-07-02 14:54 . 2001-08-18 12:00    450164    ----a-w-    f:\windows\system32\perfh007.dat
2009-07-01 09:59 . 2009-07-01 10:02    1903104    ----a-w-    f:\windows\Internet Logs\xDB17.tmp
2009-06-30 11:32 . 2009-06-30 11:33    3094528    ----a-w-    f:\windows\Internet Logs\xDB16.tmp
2009-06-23 01:57 . 2009-06-23 01:57    67233    ----a-w-    f:\windows\Internet Logs\vsmon_2nd_2009_06_23_03_51_04_small.dmp.zip
2009-06-23 01:48 . 2009-06-23 01:52    1894912    ----a-w-    f:\windows\Internet Logs\xDB15.tmp
2009-06-11 05:04 . 2008-06-04 13:54    25280    ----a-w-    f:\windows\system32\drivers\hamachi.sys
2009-06-06 08:01 . 2008-07-26 12:27    160021    ----a-w-    f:\windows\hpoins14.dat
2008-08-24 06:26 . 2008-08-24 06:26    28    ----a-w-    f:\programme\deviceinfo
2008-05-18 22:37 . 2008-05-18 22:37    256528    ----a-w-    f:\programme\Core Temp.exe
2008-05-15 12:49 . 2008-05-15 12:49    107    ----a-w-    f:\programme\Settings.ini
2009-02-24 19:34 . 2009-02-24 19:34    1044480    ----a-w-    f:\programme\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34    200704    ----a-w-    f:\programme\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2002-08-29 01:43    521728    616896B708286DA98D6A099293F181D7    f:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2004-08-03 22:58    507392    2B6A0BAF33A9918F09442D873848FF72    f:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2009-08-21 00:00    507392    DB37D307003055ED09711CB3417814C7    f:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="f:\programme\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"SUPERAntiSpyware"="f:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="f:\programme\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"avgnt"="f:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2009-02-18 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

f:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Bitmeter2.lnk - f:\programme\Codebox\BitMeter\BitMeter2.exe [2008-11-1 1462272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05    356352    ----a-w-    f:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=f:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=f:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bitmeter2.lnk]
path=f:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Bitmeter2.lnk
backup=f:\windows\pss\Bitmeter2.lnkCommon Startup

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk]
backup=f:\windows\pss\BlueSoleil.lnkCommon Startup
path=f:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=f:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=f:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
backup=f:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^tommy^Startmenü^Programme^Autostart^Adobe Media Player.lnk]
backup=f:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^tommy^Startmenü^Programme^Autostart^hamachi.lnk]
backup=f:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^tommy^Startmenü^Programme^Autostart^MemInfo.lnk]
backup=f:\windows\pss\MemInfo.lnkStartup

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^tommy^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk]
path=f:\dokumente und einstellungen\tommy\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk
backup=f:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\F:^Dokumente und Einstellungen^tommy^Startmenü^Programme^Autostart^Xfire.lnk]
backup=f:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"ose"=3 (0x3)
"gusvc"=2 (0x2)
"ICQ Service"=2 (0x2)
"vsmon"=2 (0x2)
"npggsvc"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\BitTorrent\\bittorrent.exe"=
"f:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"f:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"f:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"f:\\WINDOWS\\system32\\PnkBstrA.exe"=
"f:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\Programme\\Curse\\CurseClient.exe"=
"g:\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"g:\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"f:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"g:\\Dungeon Siege 2\\DungeonSiege2.exe"=
"f:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"g:\\Warcraft III\\Warcraft III.exe"=
"g:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"g:\\Call of Duty - World at War\\CoDWaWmp.exe"=
"g:\\Call of Duty - World at War\\CoDWaW.exe"=
"g:\\Call of Duty - World at War\\CoDWaW.unpacked.exe"=
"c:\\Steam\\steamapps\\wintershol@hotmail.com\\half-life\\hl.exe"=
"g:\\CoH\\RelicCOH.exe"=
"f:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"f:\\Programme\\Messenger\\msmsgs.exe"=
"f:\\Programme\\ICQ6.5\\ICQ.exe"=
"g:\\Hellgate\\Launcher.exe"=

R0 Lbd;Lbd;f:\windows\system32\drivers\Lbd.sys [20.08.2009 23:10 64160]
R1 SASDIFSV;SASDIFSV;f:\programme\SUPERAntiSpyware\sasdifsv.sys [05.08.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;f:\programme\SUPERAntiSpyware\SASKUTIL.SYS [05.08.2009 16:06 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;f:\windows\system32\SAVRKBootTasks.sys [22.08.2009 07:20 18816]
R1 SSHDRV86;SSHDRV86;f:\windows\system32\drivers\SSHDRV86.sys [07.09.2008 11:59 81408]
R2 acedrv10;acedrv10;f:\windows\system32\drivers\ACEDRV10.sys [27.07.2007 10:13 330144]
R2 acedrv11;acedrv11;f:\windows\system32\drivers\ACEDRV11.sys [23.01.2008 10:19 501560]
R2 acehlp10;acehlp10;f:\windows\system32\drivers\acehlp10.sys [27.07.2007 12:46 251680]
R2 AntiVirSchedulerService;Avira AntiVir Planer;f:\programme\Avira\AntiVir Desktop\sched.exe [29.03.2009 08:54 108289]
R2 fssfltr;FssFltr;f:\windows\system32\drivers\fssfltr_tdi.sys [27.01.2009 16:37 55136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;f:\programme\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 16:49 1029456]
R2 SVKP;SVKP;f:\windows\system32\SVKP.sys [22.06.2008 13:18 2368]
R3 SASENUM;SASENUM;f:\programme\SUPERAntiSpyware\SASENUM.SYS [05.08.2009 16:06 7408]
S2 AntiVirUpgradeService;Avira Upgrade Service;"f:\dokume~1\tommy\LOKALE~1\Temp\AVSETUP_49cf19ba\basic\avupgsvc.exe" /TEMPSTART:""f:\dokume~1\tommy\LOKALE~1\Temp\AVSETUP_49cf19ba\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> f:\dokume~1\tommy\LOKALE~1\Temp\AVSETUP_49cf19ba\basic\avupgsvc.exe [?]
S3 fsssvc;Windows Live Family Safety;f:\programme\Windows Live\Family Safety\fsssvc.exe [08.12.2008 18:01 533344]
S3 krdpdre;krdpdre;\??\f:\dokume~1\tommy\LOKALE~1\Temp\krdpdre.sys --> f:\dokume~1\tommy\LOKALE~1\Temp\krdpdre.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\f:\windows\system32\7.tmp --> f:\windows\system32\7.tmp [?]
S4 npggsvc;nProtect GameGuard Service;f:\windows\system32\GameMon.des -service --> f:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2009-08-24 f:\windows\Tasks\Ad-Aware Update (Weekly).job
- f:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-22 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\programme\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - f:\dokumente und einstellungen\tommy\Anwendungsdaten\Mozilla\Firefox\Profiles\ebsxyyjn.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL -
FF - plugin: f:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: f:\programme\Microsoft\Office Live\npOLW.dll
FF - plugin: f:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: f:\programme\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: f:\programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: f:\programme\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
f:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
f:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
f:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
f:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
f:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
f:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 14:17
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\f:\windows\system32\7.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="f:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-507921405-1897051121-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2e,6a,cb,87,ea,eb,d0,3c,99,fc,ec,a0,0e,2a,9c,18,f1,8a,f2,46,fa,24,59,
   97,61,9f,59,91,b4,61,ca,7c,a2,59,e6,74,8d,30,ba,dd,44,b6,f4,42,e4,92,58,5e,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-507921405-1897051121-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:3c,16,23,57,f0,3a,f3,25,c2,3a,17,27,76,0a,cf,37,c1,eb,f9,05,ca,
   d6,e6,d4,66,97,a1,0c,db,ee,b5,04,6e,7f,7c,ca,ab,bf,60,7f,7f,53,6f,0e,29,33,\
"rkeysecu"=hex:0a,0d,fa,01,75,b2,9e,9f,40,a3,16,96,80,b1,c1,58
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(548)
f:\programme\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3088)
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
f:\windows\system32\ZoneLabs\vsmon.exe
f:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
f:\windows\system32\nvsvc32.exe
f:\windows\system32\wbem\unsecapp.exe
f:\windows\system32\wscntfy.exe
f:\programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
f:\programme\Lavasoft\Ad-Aware\AAWTray.exe
f:\windows\system32\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-25 14:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2009-08-25 12:22
ComboFix2.txt  2009-08-21 18:43

Vor Suchlauf: 10 Verzeichnis(se), 11.194.109.952 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 11.172.102.144 Bytes frei

386
Seitenanfang Seitenende
25.08.2009, 14:36
Moderator

Beiträge: 5694
#20 Download OTM.exe zum Desktop
Oeffne:OTM.exe
(Vista benutzer, rechtsklick auf OTM.exe und waehle "Run as Administrator")

OTM auf dem Desktop speichern

OTM.exe klicken

1. klicken: CleanUp! button

2. cleanup.txt wird vom Internet geladen (von Firewall zulassen!)

3. Begin cleanup process? klicke: Yes. - "Do you want to reboot?" klicke Yes

so wird von OTM automatisch alles an Tools entfernt, die zur Virenreinigung geladen wurden

>>
Systemwiederherstellung deaktivieren (XP):
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
dann das Häkchen wieder rausnehmen. (also wieder aktivieren)

>>
Mach ein Onlinescan mit Bitdefender und poste das Log:
http://virus-protect.org/artikel/tools/bitdefender.html

>>
Noch Probleme?

Gruss Swiss[/u]
Seitenanfang Seitenende
25.08.2009, 16:47
Member

Themenstarter

Beiträge: 15
#21

Code

BitDefender Online Scanner - Real Time Virus Report
Generated at: Tue, Aug 25, 2009 - 16:43:13    
Scan Info

Scanned Files

92977

Infected Files
4
    
Virus Detected

Virtool.3241
1

Virtool.20359
2

Virtool.4104
1

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
...aber wo die herkommen weis ich ja *schämgins*...
sonst keine probleme, mein pc müsste wieder sauber sein richtig?
Seitenanfang Seitenende
25.08.2009, 17:25
Moderator

Beiträge: 5694
#22 Waren keine Dateinamen und Pfade dabei???

Hast du OTM ausgeführt?

MAch noch ein Scan mit ESET:
http://virus-protect.org/artikel/tools/eset-nod.html

Gruss Swiss
Seitenanfang Seitenende
26.08.2009, 12:58
Member

Themenstarter

Beiträge: 15
#23 OTM hab ich ausgeführt, hat sich auch nach dem neustart selbst gelöscht
diese restviren beim BitDefender waren für die windows aktivierung...antiwpa oder so, alles gelöscht

ESET hat auch keine viren mehr gefunden
Seitenanfang Seitenende
26.08.2009, 20:14
Moderator

Beiträge: 5694
#24 Dann ändere alles Passwörter und update Deine Programme noch mit Secunia.

Gruss Swiss
Seitenanfang Seitenende
27.08.2009, 03:59
Member

Themenstarter

Beiträge: 15
#25 Vielen vielen dank für die aufgewendete mühe/hilfe/zeit und die ganzen hilfreichen tipps und tools
Es gibt ja doch noch nette menschen im internet die mir nicht schaden wollen hehe
werd ich halt das nächste mal noch vorsichtiger sein
Vielen lieben dank ;) spitzenklasse
Seitenanfang Seitenende
27.08.2009, 11:45
Moderator

Beiträge: 5694
#26 Ja Vorsicht ist das oberste Gebot hier im weiten weiten Universum.
Hier noch einige nützliche Tipps:
http://www.paules-pc-forum.de/forum/4-pc-sicherheit/114329-paules-10-empfehlungen-zum-sicheren-surfen-im-internet.html

Gruss Swiss
Seitenanfang Seitenende
20.01.2010, 00:18
...neu hier

Beiträge: 9
#27 Hallo zusammen,

ich hoffe es ist für euch keine Zumutung, wenn sich hier so ein planloser wie ich registriert um Fragen zu stellen, aber ich hoffe ich finde hier Hilfe.

Habe seit neustem auch das Problem, dass sich der Internet Explorer immer wieder im Hintergrund öffnet. Ab und zu öffnet sich mitten drin auch mal ein Fenster. (Iich benutze übrigens nur Firefox.)

Leider verstehe ich kaum was von PC's und konnte euer "Gespräch" hier kaum mitverfolgen.
Habe trotzdem die Installation von Malwarebytes' Anti-Malware versucht, Ergebnis ist, dass es sich zwar installieren lässt, aber nicht starten, auch wenn ich es test.exe nenne oder es im abgesicherten Modus versuche.
Ad-Aware scheint auch nicht zu helfen.

Hier mal ein Log vom HijackThis, falls es hilft...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:31, on 20.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ARCORO~1\AOButler.exe
C:\Programme\Juniper Networks\Common Files\dsNcService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = www.google.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.arcor.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {88E11317-DF5B-4431-AF8A-CC8A001CD319} - C:\WINDOWS\system32\winfax32.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Arcor Online] C:\PROGRA~1\ARCORO~1\Arcor.exe /inst_typ:2 /kunden_typ:bestand
O4 - HKCU\..\Run: [cls_pack.exe] C:\DOKUME~1\Alex\LOKALE~1\Temp\cls_pack.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0485DC-AAF8-4900-86DC-00C397916276}: NameServer = 195.50.140.178 195.50.140.114
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Programme\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 5238 bytes

Hoffe das Thema schaut sich immernoch einer an ;)
Seitenanfang Seitenende
20.01.2010, 12:12
Moderator

Beiträge: 5694
#28 Schritt 1

Einträge mit HijackThis fixen

Bitte alle Anwendungen inkl. Browser schließen und folgende Einträge mit HJT fixen (falls noch vorhanden):

Starte HijackThis (bei Vista mit Rechtsklick als Adminstrator) => Do a system scan only => mache vor folgenden Zeilen einen Haken klicke und dann "Fix checked":

Code

O4 - HKCU\..\Run: [cls_pack.exe] C:\DOKUME~1\Alex\LOKALE~1\Temp\cls_pack.exe
Den Rechner neu starten.

Schritt 2


Kein Anti-Virus-Programm installiert?

Falls Du wirklich kein Antivirenprogramm instaliert hast dann mache folgendes:

Downloade und installiere Avira AntiVir Personal - FREE Antivirus
, es wurde mit sehr guten Erkennungsleistungen ausgezeichnet.
Das Programm ist geeignet für Windows 2000, XP, XP 64 Bit, Vista 32 Bit und Vista 64 Bit.

Ein Downloadlink => AntiVir Personal Free Antivirus

AntiVir so einstellen, dass nur noch wichtige Ereignisse geloggt werden:

Rechte Maustaste auf den AntiVir-Schirm unten rechts in der Leiste => Antivir konfigurieren
=> einen Haken bei "Experten-Modus" machen => Scanner aufklappen => Report auf
"Standard" umstellen" => Guard aufklappen => Report auf "Standard" umstellen => mit OK
AntiVir schließen.

Im Menü gehe auf Update => Produktupdate starten, danach manuelles Update starten.
Mache nun einen Fullscan Deines Rechners und poste mir den Bericht hier in den Thread.

Bericht in AntiVir finden

Du kommst wie folgt an den Bericht: Antivir über Doppelklick auf den Schirm unten rechts
starten => den Reiter "Berichte" anklicken => Doppelklick auf den Bericht namens
"Suchlauf" => in dem aufpoppenden Fenster auf "Report" klicken => es öffnet sich Dein
Editor => im Editor mit Tastenkombination STRG + A den Text markieren => mit STRG + C
den Text ins Clipboard kopieren => mit STRG + V den Text hier reinkopieren.
Bitte im Logfile Deine Seriennummer unkenntlich machen.


Schritt 3

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
20.01.2010, 17:04
...neu hier

Beiträge: 9
#29 Hallo, erstmal danke für die vielversprechende Antwort!

Schritt 1 - Erledigt.
Schritt 2 - Habe das Programm installiert, kann es aber nicht öffnen! Es ist auch nicht unten rechts in der Leiste und beim Taskmanager nicht zu finden. Beim öffnen der exe kommt kurz eine Sanduhr und das wars.
Schritt 3 - Hier die Logs:

Code


OTL Extras logfile created on: 20.01.2010 16:58:04 - Run 1
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Dokumente und Einstellungen\Alex\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 502,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,55 Gb Total Space | 38,20 Gb Free Space | 51,24% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 99,31 Gb Free Space | 66,64% Space Free | Partition Type: NTFS
Drive E: | 74,49 Gb Total Space | 37,87 Gb Free Space | 50,84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NAM
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56646:TCP" = 56646:TCP:*:Enabled:Pando Media Booster
"56646:UDP" = 56646:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56646:TCP" = 56646:TCP:*:Enabled:Pando Media Booster
"56646:UDP" = 56646:UDP:*:Enabled:Pando Media Booster

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\uTorrent\utorrent.exe" = D:\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"D:\Russen\hl.exe" = D:\Russen\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Age of Empires II Lan Version\age2_x1.exe" = D:\Age of Empires II Lan Version\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\Hamachi\hamachi.exe" = D:\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- File not found
"E:\BearShare\BearShare.exe" = E:\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"D:\Warcraft III\Frozen Throne.exe" = D:\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"D:\Warcraft III\war3.exe" = D:\Warcraft III\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"D:\Age of Mythology an Jans Computer (Jan)\AOM.exe" = D:\Age of Mythology an Jans Computer (Jan)\AOM.exe:*:Enabled:Age of Mythology -- File not found
"D:\Age of Mythology\AOM.exe" = D:\Age of Mythology\AOM.exe:*:Enabled:Age of Mythology -- File not found
"D:\Steam\steamapps\i.koutsoumpeilis@ish.de\counter-strike\hl.exe" = D:\Steam\steamapps\i.koutsoumpeilis@ish.de\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"D:\ClipInc\Player\ClipInc-Player.exe" = D:\ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc. Player -- File not found
"D:\Warcraft III Lan Version\war3.exe" = D:\Warcraft III Lan Version\war3.exe:*:Enabled:Warcraft III -- (HeLLkiLLeR)
"D:\Age of Empires II Lan Version\empires2.exe" = D:\Age of Empires II Lan Version\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"D:\Titan Quest\Titan Quest.exe" = D:\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest -- File not found
"D:\NeverwinterNights\nwmain.exe" = D:\NeverwinterNights\nwmain.exe:*:Enabled:Neverwinter Nights -- File not found
"C:\Programme\Sacred Underworld\Sacred.exe" = C:\Programme\Sacred Underworld\Sacred.exe:*:Enabled:Sacred -- File not found
"C:\Programme\Sacred Underworld\GameServer.exe" = C:\Programme\Sacred Underworld\GameServer.exe:*:Enabled:Sacred Gameserver -- File not found
"D:\UT 2004\System\UT2004.exe" = D:\UT 2004\System\UT2004.exe:*:Enabled:UT2004 -- File not found
"C:\Programme\Veoh\VeohClient.exe" = C:\Programme\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Splinter Cell Chaos Theory\System\splintercell3.exe" = D:\Splinter Cell Chaos Theory\System\splintercell3.exe:*:Enabled:splintercell3 -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Bontago\Bontago.exe" = D:\Bontago\Bontago.exe:*:Enabled:Bontago -- File not found
"C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\Hamachi\hamachi.exe" = C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"D:\Warcraft III Lan Version\Frozen Throne.exe" = D:\Warcraft III Lan Version\Frozen Throne.exe:*:Enabled:Frozen Throne.exe -- (Blizzard Entertainment)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\Heroes of Newerth\hon.exe" = C:\Programme\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}" = Gothic III Release Update
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{30120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System (Beta)
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510407-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 SR-1 [DEU]
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7709081-CE4E-4339-A727-F88E648F92FA}_is1" = Oblivion Improved 1.20
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{CD815603-AB71-4CFB-B3AC-522298037ACC}" = W83L518D
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Generic USB CardReader 2.0
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Agfa ScanWise 1.50" = Agfa ScanWise 1.50
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"[url="http://www.ccleaner.de"]CCleaner[/url]" = [url="http://www.ccleaner.de"]CCleaner[/url]
"ClearProg" = ClearProg 1.6.0 Final
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX Unified" = EAX Unified
"FL Studio 5" = FL Studio 5
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"Hamachi" = Hamachi 1.0.2.2
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Mafia Game" = Mafia Game
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniMod Balance" = MiniMod Balance
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Traktor DJ Studio v2.5.3" = Native Instruments Traktor DJ Studio v2.5.3
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NSSSetup.{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan (Symantec Corporation)
"Pen Tablet Driver" = Stifttablett
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 400" = Portal
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ThielHater's Texturepatch_is1" = ThielHater's Texturepatch FINAL
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WAV to MP3" = WAV to MP3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinPcapInst" = WinPcap 4.0.1
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"QIP 2005" = QIP 2005 8092
"Steam App 10" = Counter-Strike
"Warcraft III" = Warcraft III: All Products

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 18.01.2010 18:00:29 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00d41e0a.

Error - 19.01.2010 17:35:34 | Computer Name = NAM | Source = MsiInstaller | ID = 11316
Description = Produkt: Ad-Aware -- Fehler 1316. Beim Versuch, die Datei C:\DOKUME~1\Alex\LOKALE~1\Temp\mia1\Ad-AwareAE.msi
zu lesen, ist ein Netzwerkfehler aufgetreten.

Error - 19.01.2010 17:42:37 | Computer Name = NAM | Source = MsiInstaller | ID = 11920
Description = Produkt: Windows Defender -- Fehler 1920. Der Dienst "Windows Defender"
(WinDefend) konnte nicht gestartet werden. Überprüfen Sie, ob Sie ausreichende
Berechtigungen zum Starten von Systemdiensten besitzen.

Error - 19.01.2010 17:43:09 | Computer Name = NAM | Source = MsiInstaller | ID = 11920
Description = Produkt: Windows Defender -- Fehler 1920. Der Dienst "Windows Defender"
(WinDefend) konnte nicht gestartet werden. Überprüfen Sie, ob Sie ausreichende
Berechtigungen zum Starten von Systemdiensten besitzen.

Error - 19.01.2010 17:50:11 | Computer Name = NAM | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 19.01.2010 17:59:47 | Computer Name = NAM | Source = MsiInstaller | ID = 11920
Description = Produkt: Windows Defender -- Fehler 1920. Der Dienst "Windows Defender"
(WinDefend) konnte nicht gestartet werden. Überprüfen Sie, ob Sie ausreichende
Berechtigungen zum Starten von Systemdiensten besitzen.

Error - 19.01.2010 20:25:51 | Computer Name = NAM | Source = MsiInstaller | ID = 1008
Description = Die Installation von C:\DOKUME~1\Alex\LOKALE~1\Temp\{B5AE4F6F-C7FA-4DC1-8447-E620A91A919E}\CSC_EN.msi
ist aufgrund eines Fehlers in der Verarbeitung der Richtlinie für Softwareeinschränkungen
nicht zugelassen. Das Objekt ist nicht vertrauenswürdig.

Error - 19.01.2010 20:27:19 | Computer Name = NAM | Source = MsiInstaller | ID = 1008
Description = Die Installation von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\{AB9D9B05-C1BF-4E05-AC47-CD9DDE256ED1}\CSC_EN.msi
ist aufgrund eines Fehlers in der Verarbeitung der Richtlinie für Softwareeinschränkungen
nicht zugelassen. Das Objekt ist nicht vertrauenswürdig.

Error - 19.01.2010 20:28:01 | Computer Name = NAM | Source = MsiInstaller | ID = 1008
Description = Die Installation von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\{D4ECFB82-7E6E-49D2-AE9D-8ABA5A70C33C}\CSC_EN.msi
ist aufgrund eines Fehlers in der Verarbeitung der Richtlinie für Softwareeinschränkungen
nicht zugelassen. Das Objekt ist nicht vertrauenswürdig.

[ System Events ]
Error - 20.01.2010 11:44:19 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 20.01.2010 11:44:19 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 20.01.2010 11:44:19 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 20.01.2010 11:44:19 | Computer Name = NAM | Source = ACPI | ID = 0
Description =

Error - 20.01.2010 11:44:19 | Computer Name = NAM | Source = ACPI | ID = 0
Description =

Error - 20.01.2010 11:44:19 | Computer Name = NAM | Source = ACPI | ID = 0
Description =

Error - 20.01.2010 11:46:34 | Computer Name = NAM | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira
AntiVir Guard.

Error - 20.01.2010 11:46:34 | Computer Name = NAM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet:   %%1053

Error - 20.01.2010 11:46:34 | Computer Name = NAM | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira
AntiVir Planer.

Error - 20.01.2010 11:46:34 | Computer Name = NAM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
nicht gestartet:   %%1053


< End of report >


Code


OTL logfile created on: 20.01.2010 16:58:04 - Run 1
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Dokumente und Einstellungen\Alex\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 502,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,55 Gb Total Space | 38,20 Gb Free Space | 51,24% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 99,31 Gb Free Space | 66,64% Space Free | Partition Type: NTFS
Drive E: | 74,49 Gb Total Space | 37,87 Gb Free Space | 50,84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NAM
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Programme\ArcorOnline\AOButler.exe (Arcor AG & Co. KG)
PRC - C:\Programme\QIP\qip.exe (The Author of QIP)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe (OldTimer Tools)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (AdobeActiveFileMonitor5.0) --  File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (cmudax) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Technologies, Inc.              )
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (NTSIM) -- C:\WINDOWS\system32\ntsim.sys (VIA Networking Technologies, Inc.       )
DRV - (wbscr) -- C:\WINDOWS\system32\drivers\wbscr.sys (Winbond Electronics Corp.)
DRV - (SONYPVU1) Sony USB-Filtertreiber (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.backup.ftp: "141.13.16.201"
FF - prefs.js..network.proxy.backup.ftp_port: 3127
FF - prefs.js..network.proxy.backup.gopher: "141.13.16.201"
FF - prefs.js..network.proxy.backup.gopher_port: 3127
FF - prefs.js..network.proxy.backup.socks: "141.13.16.201"
FF - prefs.js..network.proxy.backup.socks_port: 3127
FF - prefs.js..network.proxy.backup.ssl: "141.13.16.201"
FF - prefs.js..network.proxy.backup.ssl_port: 3127
FF - prefs.js..network.proxy.ftp: "149.157.205.5"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "149.157.205.5"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "149.157.205.5"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "149.157.205.5"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "149.157.205.5"
FF - prefs.js..network.proxy.ssl_port: 80


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.01.15 16:39:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.01.07 10:25:36 | 00,000,000 | ---D | M]

[2008.08.01 11:25:55 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Extensions
[2010.01.19 17:54:03 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\rvxpg0lu.default\extensions
[2009.02.15 11:16:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\rvxpg0lu.default\extensions\OberonGameHost@OberonGames.com
[2010.01.19 17:54:03 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.22 17:21:45 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009.09.07 00:06:52 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009.09.10 23:30:08 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.09.10 23:30:08 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.09.10 23:30:08 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.10 23:30:08 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.09.10 23:30:08 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.01.06 17:31:03 | 00,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {88E11317-DF5B-4431-AF8A-CC8A001CD319} - C:\WINDOWS\System32\winfax32.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Arcor Online]  File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKCU..\Run: [Arcor Online] C:\Programme\ArcorOnline\Arcor.exe (Arcor AG & Co. KG)
O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.29 12:35:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2114d9d8-01cc-11df-907c-001109f09d18}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found
O33 - MountPoints2\{7b7b8ff2-54c5-11dd-88ee-001109f09d18}\Shell\AutoRun\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 03:22:45 | 01,036,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{a25676ba-59e2-11de-8dc3-001109f09d18}\Shell\AutoRun\command - "" = e2.cmd
O33 - MountPoints2\{a25676ba-59e2-11de-8dc3-001109f09d18}\Shell\open\Command - "" = e2.cmd
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.01.20 16:57:12 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2010.01.20 16:46:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.01.20 16:46:13 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.01.20 16:46:13 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.01.20 16:46:13 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.01.20 16:46:12 | 00,000,000 | ---D | C] -- C:\Programme\Avira
[2010.01.20 16:46:12 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.01.20 16:44:54 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010.01.20 16:34:13 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.01.20 12:20:41 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Alex\Recent
[2010.01.20 01:19:54 | 12,371,736 | ---- | C] (Sunbelt Software                                             ) -- C:\Dokumente und Einstellungen\All Users\Dokumente\counterspy.exe
[2010.01.20 01:10:37 | 59,307,336 | ---- | C] (Avira GmbH) -- C:\Dokumente und Einstellungen\Alex\Desktop\rescue_system-common-en.exe
[2010.01.19 23:51:20 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.01.19 23:45:20 | 00,000,000 | ---D | C] -- C:\Programme\[url="http://www.ccleaner.de"]CCleaner[/url]
[2010.01.19 23:18:30 | 00,000,000 | ---D | C] -- C:\Programme\HijackThis
[2010.01.19 23:07:39 | 00,000,000 | ---D | C] -- C:\Programme\ClearProg
[2010.01.19 22:59:12 | 00,000,000 | ---D | C] -- C:\Programme\Windows Defender
[2010.01.19 22:50:25 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.01.19 22:35:39 | 00,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010.01.12 20:43:19 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.01.06 17:52:57 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Desktop\Optisches Fließen
[2009.12.26 15:34:16 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2009.12.26 15:34:16 | 00,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2009.12.26 15:34:13 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCDE.DLL
[2009.12.26 15:34:13 | 00,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL
[2009.12.26 15:34:13 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2DE.DLL
[2009.12.26 15:34:13 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2009.12.26 15:34:13 | 00,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2009.11.19 21:47:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.04.30 14:17:30 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2008.09.17 11:24:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2007.04.30 13:04:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Symantec
[2007.04.29 12:38:25 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2007.04.29 12:35:54 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.01.20 16:56:42 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2010.01.20 16:50:58 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.01.20 16:50:58 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.01.20 16:50:57 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.01.20 16:50:57 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.01.20 16:50:56 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.01.20 16:46:21 | 00,001,675 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.01.20 16:44:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.20 16:43:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.20 16:43:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.20 16:43:51 | 00,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.01.20 16:43:04 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Alex\ntuser.ini
[2010.01.20 16:43:03 | 11,272,192 | -H-- | M] () -- C:\Dokumente und Einstellungen\Alex\NTUSER.DAT
[2010.01.20 16:33:20 | 31,079,672 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\avira_antivir_personal_de.exe
[2010.01.20 14:25:42 | 00,183,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\landwehr.odp
[2010.01.20 14:09:00 | 02,153,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\blabla.pdf
[2010.01.20 14:08:58 | 01,578,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\wahrnehmung, bewegung und handeln.pdf
[2010.01.20 14:08:51 | 00,464,344 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\bewegungswahrnehmung.pdf
[2010.01.20 12:12:15 | 02,197,100 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\The Visual Cliff.pdf
[2010.01.20 01:20:49 | 12,371,736 | ---- | M] (Sunbelt Software                                             ) -- C:\Dokumente und Einstellungen\All Users\Dokumente\counterspy.exe
[2010.01.20 01:12:00 | 59,307,336 | ---- | M] (Avira GmbH) -- C:\Dokumente und Einstellungen\Alex\Desktop\rescue_system-common-en.exe
[2010.01.19 23:45:20 | 00,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\[url="http://www.ccleaner.de"]CCleaner[/url].lnk
[2010.01.19 23:41:12 | 01,042,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.01.19 23:41:12 | 00,448,800 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.01.19 23:41:12 | 00,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.19 23:41:12 | 00,080,108 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.01.19 23:41:12 | 00,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.19 23:18:30 | 00,001,548 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\HijackThis.lnk
[2010.01.19 23:07:39 | 00,000,670 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ClearProg.lnk
[2010.01.19 21:41:36 | 00,604,142 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\.recently-used.xbel
[2010.01.17 23:51:44 | 00,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2010.01.17 19:29:52 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.01.14 19:31:58 | 00,032,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Ablage.doc
[2010.01.14 17:20:07 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.10 17:48:49 | 00,103,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.01.20 16:46:21 | 00,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.01.20 16:32:38 | 31,079,672 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\avira_antivir_personal_de.exe
[2010.01.20 14:26:07 | 02,153,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\blabla.pdf
[2010.01.20 14:20:10 | 00,464,344 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\bewegungswahrnehmung.pdf
[2010.01.20 14:11:44 | 01,578,488 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\wahrnehmung, bewegung und handeln.pdf
[2010.01.20 12:12:29 | 02,197,100 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\The Visual Cliff.pdf
[2010.01.19 23:45:20 | 00,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\[url="http://www.ccleaner.de"]CCleaner[/url].lnk
[2010.01.19 23:18:30 | 00,001,548 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\HijackThis.lnk
[2010.01.19 23:07:39 | 00,000,670 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ClearProg.lnk
[2010.01.19 22:58:30 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.01.19 22:54:59 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.01.19 22:54:59 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.01.19 22:54:58 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.01.19 22:54:57 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.01.19 21:41:36 | 00,604,142 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\.recently-used.xbel
[2010.01.17 23:51:44 | 00,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2010.01.13 02:29:27 | 73,478,1440 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\stars-tekkonkinkreet.cd.2.xvid.avi
[2010.01.13 02:28:06 | 73,467,9040 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\stars-tekkonkinkreet.cd.1.xvid.avi
[2010.01.08 16:51:30 | 00,183,744 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\landwehr.odp
[2009.12.26 15:34:16 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.03.25 12:28:51 | 00,000,017 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\AVSDVDPlayer.m3u
[2009.03.25 12:26:47 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.03.25 12:26:47 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.01.24 18:56:39 | 00,000,193 | ---- | C] () -- C:\WINDOWS\bat2exe.INI
[2008.12.07 14:50:30 | 00,000,116 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3.INI
[2008.12.07 14:41:28 | 00,000,130 | ---- | C] () -- C:\WINDOWS\magix.ini
[2008.12.07 14:41:26 | 00,000,887 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.11.04 19:08:39 | 00,001,331 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\mdb.bin
[2008.10.31 21:14:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\P2kRotate.ini
[2008.10.07 10:48:10 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008.10.07 10:48:10 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008.10.07 10:45:25 | 00,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.07.07 04:53:47 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.06.27 22:51:40 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.12.20 11:45:18 | 00,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2007.12.20 11:45:12 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.12.16 00:47:48 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.12.11 20:27:12 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.11.14 13:45:31 | 00,000,022 | ---- | C] () -- C:\WINDOWS\CITEMP.INI
[2007.11.08 19:22:45 | 00,442,368 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2007.08.30 21:15:11 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007.08.30 16:59:34 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\iplCubePX.dll
[2007.08.30 16:59:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\iplCubeA6.dll
[2007.08.30 16:59:34 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\iplCubeM6.dll
[2007.08.30 16:59:34 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\iplCubeP6.dll
[2007.08.30 16:59:34 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\iplCubeM5.dll
[2007.08.30 16:59:34 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\iplCubeP5.dll
[2007.08.30 16:59:34 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\iplCube.dll
[2007.08.30 16:59:33 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007.08.27 12:31:47 | 00,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2007.08.27 12:31:09 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2007.08.25 00:37:33 | 00,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.08.25 00:37:33 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.06.29 01:01:48 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.05.05 13:33:11 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.04.30 13:52:41 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\KERNELH2.DLL
[2007.04.29 21:04:18 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2007.04.29 20:43:54 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.04.29 20:38:05 | 00,103,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.29 15:15:18 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2007.04.29 15:05:32 | 00,000,269 | ---- | C] () -- C:\WINDOWS\Dit.INI

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2008.01.30 21:42:07 | 00,000,162 | -H-- | M] ()(C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$?????? ? ???????? ? 50.doc) -- C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$ёнушке и Иванушке к 50.doc
[2008.01.30 21:42:07 | 00,000,162 | -H-- | C] ()(C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$?????? ? ???????? ? 50.doc) -- C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$ёнушке и Иванушке к 50.doc

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 319 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
< End of report >

Seitenanfang Seitenende
20.01.2010, 17:45
Moderator

Beiträge: 5694
#30 Schritt 1

Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren

Zitat

uTorrent
BearShare
Schritt 2

Was hast Du hier angeschlossen?
F:\Menu.exe



Schritt 3


Desinfizierung/Absicherung externer Medien

Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab.
Gehe nun wie folgt vor:

• Trenne den Rechner physikalisch vom Netz.
• Deaktiviere den Hintergrundwächter deines AVP.
• Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
• Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
• Wenn der Scan zuende ist, kannst du das Programm schließen.
• Starte Deinen Rechner neu.

Hinweis:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist.
Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.


Schritt 4

Was sind das für Dateien?

Zitat

C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$ёнушке и Иванушке к 50.doc
C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$ёнушке и Иванушке к 50.doc
Schritt 5

Fixen mit OTL
• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
O2 - BHO: (no name) - {88E11317-DF5B-4431-AF8A-CC8A001CD319} - C:\WINDOWS\System32\winfax32.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O33 - MountPoints2\{a25676ba-59e2-11de-8dc3-001109f09d18}\Shell\AutoRun\command - "" = e2.cmd
O33 - MountPoints2\{a25676ba-59e2-11de-8dc3-001109f09d18}\Shell\open\Command - "" = e2.cmd
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
• Schliesse bitte nun alle Programme.• Klicke nun bitte auf den Run Fix Button.• Klick auf .• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread


Schritt 6

Downloade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel:

Malwarebytes - MajorGeeks.com - BestTechie

Anwendbar auf Windows 2000, XP und Vista.
• Installiere das Programm in den vorgegebenen Pfad.
• Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
• Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
• Aktiviere "Komplett Scan durchführen" => Scan.
• Wähle alle verfügbaren Laufwerke aus und starte den Scan.
• Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
• Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
• Berichte, wie der Rechner nun läuft.
Hier findest Du eine ausführliche und bebilderte Anleitung.

Schritt 7

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

• alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

• Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Zitat

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: