IE autostart + manche Installationen starten nicht

Thema ist geschlossen!
Thema ist geschlossen!
#0
20.01.2010, 19:50
...neu hier

Beiträge: 9
#31 Sooo, wiedermal danke für die Antwort.
Leider habe aber ich kaum einen Schritt hinbekommen...

Schritt 1
Bearshare und uTorrent waren mal vor Jahren auf dem PC drauf, aber wurden längst
gelöscht und vergessen. Die Programme sind jetzt weder bei Systemsteuerung noch in irgend
einem Ordner zu finden.
"E:\BearShare\BearShare.exe" = E:\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found"
"D:\uTorrent\utorrent.exe" = D:\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found"
Wahrscheinlich habe ich das damals nicht ordnungsgemäß entfernt.

Schritt 2
Habe keine Ahnung was das sein soll. Ich habe Festplatten C,D,E und Laufwerke J,K...
Habe eben die externe Festplatte zum Test angeschlossen, sie wurde als F angegeben,
war aber zum Zeitpunkt des Logs und auch sonst lange nicht mehr dran.

Schritt 3
Flash_Disinfector.exe konnte ich zunächst nichteinmal runterladen, übrigens war es bei
Oldtimer OTL vorhin das Gleiche, habe mir die Dateien von einem Freund herunterladen und
schicken lassen.
Nur diesmal wollte der Flash_Disinfector.exe nicht starten, bei einem Versuch kam die
Windows-Fehlermeldung, bei der es die Option gibt, die Meldung an Windows zu senden.

Schritt 4

Diese Dateien sind ganz normale Word-Dokumente, benannt in russischer Sprache.
Anscheinend wird diese nicht überall korrekt dargestellt.

Schritt 5

Code


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88E11317-DF5B-4431-AF8A-CC8A001CD319}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88E11317-DF5B-4431-AF8A-CC8A001CD319}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25676ba-59e2-11de-8dc3-001109f09d18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25676ba-59e2-11de-8dc3-001109f09d18}\ not found.
File e2.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25676ba-59e2-11de-8dc3-001109f09d18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a25676ba-59e2-11de-8dc3-001109f09d18}\ not found.
File e2.cmd not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 14744 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Alex
->Temp folder emptied: 2918266 bytes
->Temporary Internet Files folder emptied: 5844692 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51674051 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 57599 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 3614087 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66200 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63,00 mb

Error: Unable to interpret <Quelle: http://board.protecus.de/t37674-2.htm#334006#ixzz0dBAptpxP> in the current context!

OTL by OldTimer - Version 3.1.25.2 log created on 01202010_193921

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Temp\~DF5816.tmp moved successfully.

Registry entries deleted on Reboot...


Schritt 6

Nicht geklappt. Habe dieses Programm schon gestern versucht zu installieren, es klappte
zwar, aber die exe konnte nach der Installation nicht ausgeführt werden.
(Genau wie der Flash Disinfector und AviraAntivirus jetzt.)
Habe das Programm danach entfernt. Als ich es gerade nochmal versuchte zu installieren,
klappte nichteinmal mehr das...

Schritt 7

Hat beim zweiten Versuch geklappt, beim ersten Scan ist der PC irgendwann hängengeblieben,
beim zweiten Mal ist er es erst, nachdem der Scan fertig war.
Übrigens ist der PC heute schon ca. 10 Mal abgestürzt.

Code


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 19:20:26
Windows 5.1.2600 Service Pack 3
Running: 2ldbksmy.exe; Driver: C:\DOKUME~1\Alex\LOKALE~1\Temp\fgldqpow.sys


---- System - GMER 1.0.15 ----

INT 0x62        ?                                                                                                                                  86FC4BF8
INT 0x63        ?                                                                                                                                  86DB4F00
INT 0x73        ?                                                                                                                                  86FC4BF8
INT 0x73        ?                                                                                                                                  86FC4BF8
INT 0x73        ?                                                                                                                                  86DB4F00
INT 0x83        ?                                                                                                                                  86DB4F00
INT 0xB4        ?                                                                                                                                  86DB4F00

Code            86EBF438                                                                                                                           ZwEnumerateKey
Code            86F57690                                                                                                                           ZwFlushInstructionCache
Code            86BDD09E                                                                                                                           IofCallDriver
Code            867F60EE                                                                                                                           IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!IofCallDriver                                                                                                         804EF1A6 5 Bytes  JMP 86BDD0A3
.text           ntkrnlpa.exe!IofCompleteRequest                                                                                                    804EF236 5 Bytes  JMP 867F60F3
PAGE            ntkrnlpa.exe!ZwFlushInstructionCache                                                                                               805B6814 5 Bytes  JMP 86F57694
PAGE            ntkrnlpa.exe!ZwEnumerateKey                                                                                                        80623FF2 5 Bytes  JMP 86EBF43C
?               spgr.sys                                                                                                                           Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                           section is writeable [0xF642E000, 0x1A9158, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                              F63E58AC 5 Bytes  JMP 86DB44E0
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                             section is writeable [0xEB361300, 0x3B638, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                             section is writeable [0xF78C3300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Juniper Networks\Common Files\dsNcService.exe[340] kernel32.dll!CreateProcessW                                        7C802336 5 Bytes  JMP 0088000A
.text           C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!CreateProcessW                                                                7C802336 5 Bytes  JMP 007F000A
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[480] kernel32.dll!CreateProcessW                                 7C802336 5 Bytes  JMP 00A3000A
.text           C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe[600] kernel32.dll!CreateProcessW                                                7C802336 5 Bytes  JMP 00A1000A
.text           C:\WINDOWS\system32\ctfmon.exe[672] kernel32.dll!CreateProcessW                                                                    7C802336 5 Bytes  JMP 00A1000A
.text           ...                                                                                                                                
.text           C:\Programme\Internet Explorer\iexplore.exe[2804] ole32.dll!OleLoadFromStream                                                      774F9C85 5 Bytes  JMP 7E2A5255 C:\WINDOWS\system32\SHDOCVW.dll (Bibliothek für Shell-Dokumente und -Steuerelemente/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[2804] WININET.dll!HttpOpenRequestA                                                     77192B01 5 Bytes  JMP 00BB000A
.text           C:\Programme\Internet Explorer\iexplore.exe[2804] WININET.dll!InternetConnectA                                                     7719345A 5 Bytes  JMP 00BD000A
.text           C:\Programme\Internet Explorer\iexplore.exe[2804] WININET.dll!HttpAddRequestHeadersA                                               771940D2 5 Bytes  JMP 00B1000C
.text           C:\Programme\Internet Explorer\iexplore.exe[2804] WININET.dll!InternetConnectW                                                     7719EE40 5 Bytes  JMP 00BC000A
.text           C:\Programme\Internet Explorer\iexplore.exe[2804] WININET.dll!HttpAddRequestHeadersW                                               7719EF34 5 Bytes  JMP 00B9000A
.text           C:\Programme\Internet Explorer\iexplore.exe[2804] WININET.dll!HttpOpenRequestW                                                     7719F517 5 Bytes  JMP 00BA000A
.text           C:\Dokumente und Einstellungen\Alex\Desktop\2ldbksmy.exe[2852] kernel32.dll!CreateProcessW                                         7C802336 5 Bytes  JMP 00AB000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                 [F739C040] spgr.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                         [F739C13C] spgr.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                [F739C0BE] spgr.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                        [F739C7FC] spgr.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                [F739C6D2] spgr.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                             86FC31F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                   86E1B1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                   86E1B1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                   86E1B1F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                                   86E1B1F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                                                   86DAF500

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                          Lbd.sys (Boot Driver/Lavasoft AB)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                             86F541F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                             86F541F8
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                             86F541F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                 [F7314B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4                                                                                        [F7314B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                 [F7314B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                 [F7314B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c                                                                                        [F7314B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17                                                                                       [F7314B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-22                                                                                       [F7314B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\NetBT \Device\NetBT_Tcpip_{B5BE3048-2921-46A0-B557-8D4D17B294F4}                                                           86824500
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                            86824500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                   86824500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{753F048D-D94B-461B-BC6A-F09002172F48}                                                           86824500
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                   86E1B1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                   86E1B1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                  86DBE500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                   86E1B1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                        86DBE500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                                   86E1B1F8
Device          \Driver\usbehci \Device\USBFDO-4                                                                                                   86DAF500
Device          \Driver\Ftdisk \Device\FtControl                                                                                                   86F541F8
Device          \FileSystem\Cdfs \Cdfs                                                                                                             86B90500

---- Modules - GMER 1.0.15 ----

Module          \systemroot\system32\drivers\H8SRTtheepavyqj.sys (*** hidden *** )                                                                 EDE63000-EDE80000 (118784 bytes)                                                                                                          
---- Processes - GMER 1.0.15 ----

Library         \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [320]                   0x00700000                                                                                                                                
Library         \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [608]                   0x00700000                                                                                                                                
Library         \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [940]                  0x10000000                                                                                                                                
Library         \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1312]                  0x00700000                                                                                                                                
Library         \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1372]                  0x00700000                                                                                                                                
Library         \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1424]                  0x00700000                                                                                                                                
Library         \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1524]                  0x00700000                                                                                                                                
Library         \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1848]                  0x00700000                                                                                                                                
Library         \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll (*** hidden *** ) @ C:\Programme\Internet Explorer\iexplore.exe [2804]      0x00C40000                                                                                                                                

---- Services - GMER 1.0.15 ----

Service         C:\WINDOWS\system32\drivers\H8SRTtheepavyqj.sys (*** hidden *** )                                                                  [SYSTEM] H8SRTd.sys                                                                                                                         <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001109e3bdbb                                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys                                                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start                                                                            1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type                                                                             1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath                                                                        \systemroot\system32\drivers\H8SRTtheepavyqj.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group                                                                            file system
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules                                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd                                                                   \\?\globalroot\systemroot\system32\drivers\H8SRTtheepavyqj.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc                                                                   \\?\globalroot\systemroot\system32\H8SRTwxrbqjklyp.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr                                                                \\?\globalroot\systemroot\system32\H8SRTiqqpcdftkb.dat
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf                                                                \\?\globalroot\systemroot\system32\H8SRTwbiemoalkm.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtmsg                                                                 \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr                                                                 \\?\globalroot\systemroot\system32\H8SRTnnyolrxcxv.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                             0xE2 0x54 0x2C 0x68 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                              
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                    0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                 0xE2 0x54 0x2C 0x68 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001109e3bdbb (not active ControlSet)                                    
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)                                                              
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start                                                                                1
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type                                                                                 1
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath                                                                            \systemroot\system32\drivers\H8SRTtheepavyqj.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group                                                                                file system
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)                                                      
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd                                                                       \\?\globalroot\systemroot\system32\drivers\H8SRTtheepavyqj.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc                                                                       \\?\globalroot\systemroot\system32\H8SRTwxrbqjklyp.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr                                                                    \\?\globalroot\systemroot\system32\H8SRTiqqpcdftkb.dat
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf                                                                    \\?\globalroot\systemroot\system32\H8SRTwbiemoalkm.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtmsg                                                                     \\?\globalroot\systemroot\system32\H8SRTpmeuyqeycp.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr                                                                     \\?\globalroot\systemroot\system32\H8SRTnnyolrxcxv.dll
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                              
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                    0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                 0xE2 0x54 0x2C 0x68 ...

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84               0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\Thumbs.db     40960 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_3986.jpg  5043063 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_3989.jpg  1680871 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_3994.jpg  1258742 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_3995.jpg  3570368 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_4004.jpg  5762330 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_4010.jpg  2831226 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_4016.jpg  2145520 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_4018.jpg  1882006 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_4020.jpg  6468566 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\234400692 Schumi84\_MG_4031.jpg  5069046 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\262885297 eugen                  0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\293332967 Frigge                 0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\297389413 Jan                    0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\301560051 Carpome                0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\304714532 nico                   0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\306783603 Sky                    0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\330688259 Afrokalt               0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\345084398 Sarah                  0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\378677458 Cr3ve_                 0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\474036393 Tommy                  0 bytes
File            C:\Dokumente und Einstellungen\Alex\Eigene Dateien\ICQ\255108740\ReceivedFiles\234400692 Schumi84\491103686 FELI_                  0 bytes
File            C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Temp\H8SRTd2ea.tmp                                                        343040 bytes executable
File            C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Temp\h8srtmainqt.dll                                                      16470 bytes
File            C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX\DivX Converter\Links\Converter.lnk                               825 bytes
File            C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX\DivX Converter\Links\DivX Converter entfernen.lnk                523 bytes
File            C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX\DivX Converter\Links\Links                                       0 bytes
File            C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX\DivX Converter\Links\Lizenz.lnk                                  788 bytes
File            C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX\DivX Converter\Links\Produkte registrieren.lnk                   1702 bytes
File            C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX\DivX Converter\Links\ReadMe.lnk                                  783 bytes
File            C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP2000 Installer\Inst2\cnmis5.dll                                                              (size mismatch) 5632/18944 bytes executable
File            C:\Programme\Adobe\Photoshop Elements 5.0\moxplugins\Microsoft.VC80.CRT\msvcp80.dll                                                (size mismatch) 479232/548864 bytes executable
File            C:\Programme\Adobe\Photoshop Elements 5.0\Plug-Ins\Filters\Lens Flare.8BF                                                          (size mismatch) 1740800/77824 bytes executable
File            C:\Programme\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll                                             (size mismatch) 1245184/94208 bytes executable
File            C:\Programme\Java\jre1.6.0_01\bin\jsoundds.dll                                                                                     (size mismatch) 147456/18432 bytes executable
File            C:\Programme\JoWooD\Gothic II\_backup-2.6_de\Miles\MssDX7.m3d                                                                      (size mismatch) 70656/80896 bytes executable
File            C:\Programme\Microsoft Office\Visio10\DLL\Proextras.dll                                                                            (size mismatch) 1134592/237568 bytes executable
File            C:\Programme\VideoLAN\VLC\plugins\libstream_out_duplicate_plugin.dll                                                               (size mismatch) 10240/11264 bytes executable
File            C:\Programme\VideoLAN\VLC\plugins\libtelnet_plugin.dll                                                                             (size mismatch) 11264/14336 bytes executable
File            C:\Programme\Image-Line\FLStudio5\Plugins\Fruity\Effects\Buzz Effect Adapter\Zephod Orange Filter.dll                              (size mismatch) 32768/36864 bytes executable
File            C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe                                                                                   (size mismatch) 2140160/2061696 bytes executable
File            C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe                                                                                          (size mismatch) 15584/217312 bytes executable
File            C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe                                                                                  (size mismatch) 26488/765304 bytes executable
File            D:\Gimp\lib\gimp\2.0\plug-ins\convmatrix.exe                                                                                       (size mismatch) 12808/23048 bytes executable
File            D:\Oblivion\Data\meshes\Creatures\Wraith\Hair.NIF                                                                                  0 bytes
File            D:\Oblivion\Data\meshes\Creatures\Wraith\Spriggan.NIF                                                                              544207 bytes
File            D:\Oblivion\Data\textures\menus\Loading\trf\leyawiin\kvatch01.dds                                                                  262272 bytes
File            D:\Thief - Deadly Shadows\System\T3PhysicsSound.ini                                                                                (size mismatch) 6455296/752 bytes executable

---- EOF - GMER 1.0.15 ----


Meinst du es gibt noch eine Chance auf Heilung ohne zu formatieren?
Seitenanfang Seitenende
20.01.2010, 20:29
Moderator

Beiträge: 5694
#32 Lade dir Mbam herunter und speichere es unter anderem Namen (test.com). Starte es nicht.

Lade Avenger speichere es ebenfalls unter einem anderen Namen und starte es.



Hake zusaetzlich "atomaticaly disable any rootkit found", druecke execute und lass den Rechner neu starten.
Danach installiere Mbam und aktualisiere es, wie in obigem Link beschrieben.

Danach mache einen quickscan und lasse alle funde loeschen.

Poste den Avenger und Mbam Report.
Seitenanfang Seitenende
20.01.2010, 22:48
...neu hier

Beiträge: 9
#33 Scheint geklappt zu haben, danke!!!

Der Internet Explorer startet sich zumindest nicht mehr von allein.
Hatte schon Angst das wärs jetzt mit dem Computer, nachdem 2 Mal der Bluescreen kam, als der Avenger neustartete.
Vor lauter Freude habe ich aber die Logfile von avenger verschlampt :/ Habs weggeklickt, weiss
aber nicht wo es gespeichert ist. Zum Glück war sie ganz kurz und die Essenz habe ich noch in
ICQ verschickt:

Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRTtheepavyqj.sys
Driver disabled successfully.

Mbam funktioniert jetzt auch (sogar Avira geht ;) )

Code


Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3604
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20.01.2010 22:29:37
mbam-log-2010-01-20 (22-29-37).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 211033
Laufzeit: 38 minute(s), 5 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\ClearProg\eBay\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTwxrbqjklyp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\H8SRTtheepavyqj.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
D:\Traktor DJ Studio 2\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h8srtkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTnnyolrxcxv.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTpmeuyqeycp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h8srtshsyst.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTwbiemoalkm.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTiqqpcdftkb.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\H8SRTa023.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\H8SRTcab4.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Temp\H8SRTd2ea.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.


Ich hoffe das wars jetzt, das Schlimmste ist jedenfalls behoben.

Vielen Dank! Ich werde euch weiterempfehlen!
Seitenanfang Seitenende
20.01.2010, 23:06
Moderator

Beiträge: 5694
#34 Ja das schlimmste ist überstanden ;)

Aber mal schauen ob auch wirklich alles Clean ist.

Schritt 1

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Vorbereitung und wichtige Hinweise

• Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
• Das könnte Dein System einfrieren oder hängen bleiben lassen.
• Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
• Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
• Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole und zur Anwendung
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt,
wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben,
bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der
Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
** Zur Information: Sollte die Wiederherstellungskonsole schon installiert
sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.




Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.



Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Schritt 2


Zweiter Lauf mit Gmer

• Starte Gmer erneut.
• Dieses Mal machst Du einen Rechtsklick links in das weiße Feld und wählst im Kontext-Menü "Only non MS files".
• Dann klickst Du auf "Scan" und erlaubst damit Gmer erneut zu scannen.
• Wenn der Scan fertig ist, klickst Du auf den "Copy"-Button, womit der Inhalt ins Clipboard kopiert wird.
• Nun einen Rechtsklick auf den Desktop, wähle "Textdokument", was ein leeres Dokument auf dem Desktop erstellt.
• Öffne das Textdokument per Doppelklick, Rechtsklick im Textfeld und "Einfügen".
• Speichere das Dokument und poste mir den Inhalt hier in den Thread.


Schritt 3

F-Secure Onlinescanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
• Unterstützte Betriebssysteme: Windows 2000, Windows XP und Windows Vista (32bit)
Bitte den Internet Explorer unbedingt mit Rechtsklick auf das Icon und als Administrator starten.
• Einen Haken bei "I have read and accepted the license terms".
• Den Button "Install" drücken.
• IE-User müssen die Installation des ActiveX Elements erlauben und auf "Installieren" klicken.
• Firefox-User müssen die Installation des Firefox Addons erlauben und anschließend den Firefox neu starten.
• Den Button "Start" drücken.
• "Full Scan" einstellen und den Button "Start" drücken.
• Die Signaturen werden heruntergeladen.
• Der Scan beginnt automatisch.
• Scanende (Finish).
• Bei Funden benutze => Automatische Bereinigung (Automatically)
• und klicke auf den Button "Next".
• Bericht anzeigen, indem Du auf den Button "Full report" klickst.
• Menü => Datei => Seite speichern unter
Dateityp auf Textdatei umstellen und
• auf dem Desktop als f-secure.txtspeichern.
• Log hier posten.Deinstallation
Firefox:
Addon über Extras => F-Secure deinstallieren.
Internet Explorer:
mit HJT folgenden Eintrag fixen:
O16 - DPF: {BDBDE413-7B1C-4V68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3)
Seitenanfang Seitenende
21.01.2010, 02:24
...neu hier

Beiträge: 9
#35 Servus.

Combofix:

Code


ComboFix 10-01-20.04 - Alex 21.01.2010   1:23.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.605 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Alex\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programme\Java\jre6\bin\jucheck.exe
c:\windows\system32\Ijl11.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2009-12-21 bis 2010-01-21  ))))))))))))))))))))))))))))))
.

2010-01-20 20:49 . 2010-01-20 20:49    --------    d-----w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\Malwarebytes
2010-01-20 20:49 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:49 . 2010-01-20 20:49    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-20 20:49 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-20 18:39 . 2010-01-20 18:39    --------    d-----w-    C:\_OTL
2010-01-20 15:50 . 2010-01-20 15:50    3803208    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-20 15:46 . 2009-03-30 08:33    96104    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-01-20 15:46 . 2009-02-13 10:29    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-01-20 15:46 . 2009-02-13 10:17    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-01-20 15:46 . 2010-01-20 15:46    --------    d-----w-    c:\programme\Avira
2010-01-20 15:46 . 2010-01-20 15:46    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-01-20 15:34 . 2009-11-25 10:19    56816    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-01-19 22:51 . 2010-01-20 20:49    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware
2010-01-19 22:45 . 2010-01-19 22:45    --------    d-----w-    c:\programme\[url="http://www.ccleaner.de"]CCleaner[/url]
2010-01-19 22:07 . 2010-01-19 22:07    --------    d-----w-    c:\programme\ClearProg
2010-01-19 21:59 . 2010-01-19 21:59    --------    d-----w-    c:\programme\Windows Defender
2010-01-19 21:58 . 2009-12-02 13:19    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2010-01-19 21:50 . 2009-12-02 13:19    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2010-01-19 21:50 . 2009-12-07 14:10    2953352    -c--a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-19 21:35 . 2010-01-19 21:50    --------    dc-h--w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-12 19:43 . 2009-11-21 15:54    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2009-12-26 14:34 . 2001-10-28 16:42    116224    ----a-w-    c:\windows\system32\pdfcmnnt.dll
2009-12-26 14:34 . 2009-12-26 14:34    --------    d-----w-    c:\programme\PDFCreator
2009-12-26 14:34 . 1998-07-06 17:56    125712    ----a-w-    c:\windows\system32\VB6DE.DLL
2009-12-26 14:34 . 1998-07-06 17:55    158208    ----a-w-    c:\windows\system32\MSCMCDE.DLL
2009-12-26 14:34 . 1998-07-06 17:55    64512    ----a-w-    c:\windows\system32\MSCC2DE.DLL
2009-12-26 14:34 . 1998-07-06 00:00    23552    ----a-w-    c:\windows\system32\MSMPIDE.DLL
2009-12-26 13:43 . 2009-12-26 13:43    609280    ----a-w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\uno_packages\8C.tmp_\sun-presenter-screen-win.oxt\PresenterScreen.uno.dll
2009-12-26 13:43 . 2009-12-26 13:43    655872    ----a-w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\uno_packages\8C.tmp_\sun-presenter-screen-win.oxt\msvcr90.dll
2009-12-26 13:43 . 2009-12-26 13:43    568832    ----a-w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\uno_packages\8C.tmp_\sun-presenter-screen-win.oxt\msvcp90.dll
2009-12-26 13:43 . 2009-12-26 13:43    224768    ----a-w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\uno_packages\8C.tmp_\sun-presenter-screen-win.oxt\msvcm90.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 00:17 . 2008-12-23 14:02    --------    d-----w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\WTablet
2010-01-20 21:57 . 2009-03-17 14:14    1    ----a-w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-20 15:50 . 2010-01-19 21:54    372280    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-20 15:50 . 2010-01-19 21:54    823928    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-19 22:41 . 2004-08-04 12:00    80108    ----a-w-    c:\windows\system32\perfc007.dat
2010-01-19 22:41 . 2004-08-04 12:00    448800    ----a-w-    c:\windows\system32\perfh007.dat
2010-01-19 22:39 . 2009-04-12 14:20    --------    d-----w-    c:\programme\VirtualCloneDrive
2010-01-19 21:54 . 2010-01-19 21:54    862040    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-19 21:54 . 2010-01-19 21:54    390288    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-19 21:54 . 2010-01-19 21:54    206944    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-19 21:54 . 2010-01-19 21:54    537576    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-19 21:54 . 2010-01-19 21:54    194104    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-19 21:54 . 2010-01-19 21:54    6296864    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-19 21:54 . 2010-01-19 21:54    933120    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-19 21:54 . 2010-01-19 21:54    816272    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-19 21:54 . 2010-01-19 21:54    1643272    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-19 21:54 . 2010-01-19 21:54    788880    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-19 21:54 . 2010-01-19 21:54    1181328    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-19 21:49 . 2009-02-05 16:02    --------    d-----w-    c:\programme\Lavasoft
2010-01-19 21:49 . 2008-05-04 12:16    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2010-01-16 14:14 . 2009-12-19 00:05    --------    d-----w-    c:\programme\Heroes of Newerth
2010-01-05 17:18 . 2009-11-22 16:22    --------    d-----w-    c:\programme\Foxit Reader
2010-01-03 12:19 . 2008-03-06 14:01    --------    d-----w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\dvdcss
2010-01-02 23:03 . 2007-12-04 16:53    --------    d-----w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\gtk-2.0
2009-12-20 12:46 . 2009-07-30 12:17    --------    d-----w-    c:\programme\PopCap Games
2009-12-06 14:39 . 2008-03-07 19:29    --------    d-----w-    c:\programme\Gemeinsame Dateien\Adobe
2009-12-05 12:16 . 2009-12-05 12:16    --------    d-----w-    c:\programme\MSXML 4.0
2009-11-25 20:27 . 2009-11-25 20:27    --------    d-----w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\Foxit Software
2009-11-22 16:22 . 2009-11-22 16:22    --------    d-----w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\Foxit
2009-11-21 15:54 . 2004-08-04 12:00    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
2009-11-14 15:12 . 2007-04-29 13:50    46656    ----a-w-    c:\dokumente und einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-11-14 00:47 . 2009-11-14 00:47    856064    ----a-w-    c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47    856064    ----a-w-    c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47    847872    ----a-w-    c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47    843776    ----a-w-    c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47    839680    ----a-w-    c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47    696320    ----a-w-    c:\windows\system32\DivX.dll
2009-11-11 22:07 . 2009-11-11 22:07    161632    ----a-w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
2009-11-11 22:07 . 2009-11-11 22:07    291696    ----a-w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2009-11-11 22:07 . 2009-11-11 22:07    36948    ----a-w-    c:\dokumente und einstellungen\Alex\Anwendungsdaten\Juniper Networks\setup\uninstall.exe
2009-10-30 12:56 . 2007-04-30 11:46    162559    ----a-w-    c:\windows\War3Unin.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Arcor Online"="c:\progra~1\ARCORO~1\Arcor.exe" [2009-05-11 84440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Russen\\hl.exe"=
"d:\\Age of Empires II Lan Version\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Warcraft III\\Frozen Throne.exe"=
"d:\\Warcraft III\\war3.exe"=
"d:\\Warcraft III Lan Version\\war3.exe"=
"d:\\Age of Empires II Lan Version\\empires2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programme\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\QIP\\qip.exe"=
"c:\\Programme\\Hamachi\\hamachi.exe"=
"d:\\Warcraft III Lan Version\\Frozen Throne.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\Heroes of Newerth\\hon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56646:TCP"= 56646:TCP:Pando Media Booster
"56646:UDP"= 56646:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19.01.2010 22:50 64288]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.01.2010 16:46 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [02.12.2009 14:19 1181328]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [23.12.2008 15:01 3032360]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [20.12.2007 11:45 802048]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [29.04.2007 15:15 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [12.10.2008 11:50 19928]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.07.2008 04:53 717296]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [29.04.2007 15:05 17408]
S3 jfdcd;jfdcd;\??\c:\dokume~1\Alex\LOKALE~1\Temp\jfdcd.sys --> c:\dokume~1\Alex\LOKALE~1\Temp\jfdcd.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [29.06.2007 01:01 42512]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [23.12.2008 15:01 15144]
.
Inhalt des "geplante Tasks" Ordners

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:50]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:50]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:50]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:50]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:50]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = www.google.de
mWindow Title = Arcor AG & Co. KG
uInternet Connection Wizard,ShellNext = hxxp://www.arcor.de/
TCP: {9C0485DC-AAF8-4900-86DC-00C397916276} = 195.50.140.178 195.50.140.114
FF - ProfilePath - c:\dokumente und einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\rvxpg0lu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-updateMgr - c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-Arcor Online - (no file)
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Native Instruments Traktor DJ Studio v2.5.3 - d:\trakto~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 01:27
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1801674531-1035525444-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d9,56,fe,b1,f4,26,e3,e2,3c,44,4a,f7,d1,37,6c,ad,6a,d1,25,ad,7e,e5,1c,
   bb,51,29,ad,58,67,81,cb,5f,57,6f,3e,36,29,7e,f1,95,62,3d,79,30,ea,5c,a4,58,\
"??"=hex:5a,23,4b,7e,53,3b,40,27,fa,99,62,4a,3f,07,a7,0c
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\gpkcsp.dll
c:\windows\system32\gpkrsrc.dll
.
Zeit der Fertigstellung: 2010-01-21  01:29:11
ComboFix-quarantined-files.txt  2010-01-21 00:29

Vor Suchlauf: 16 Verzeichnis(se), 40.971.481.088 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 40.947.957.760 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 6A543B856BCC0F38E2A0BA7EE5909FEF


gmer:

Code


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-21 01:38:02
Windows 5.1.2600 Service Pack 3
Running: 2ldbksmy.exe; Driver: C:\DOKUME~1\Alex\LOKALE~1\Temp\fgldqpow.sys


---- Modules - GMER 1.0.15 ----

Module   Lbd.sys (Boot Driver/Lavasoft AB)                                                                                                                               F760B000-F761A000 (61440 bytes)
Module   PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                                      F761B000-F7624000 (36864 bytes)
Module   \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)                                                          F65A5000-F6ABE000 (5345280 bytes)
Module   \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider)                                         F6569000-F6591000 (163840 bytes)
Module   \SystemRoot\system32\DRIVERS\3xHybrid.sys (3xHybrid/Philips Semiconductors GmbH)                                                                                F6481000-F6545000 (802816 bytes)
Module   \SystemRoot\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems)                                                                                  F6328000-F645E000 (1269760 bytes)
Module   \SystemRoot\system32\DRIVERS\fetnd5b.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc.              )                                                        F6AFE000-F6B09000 (45056 bytes)
Module   \SystemRoot\system32\drivers\wbscr.sys (Winbond Smartcard Driver/Winbond Electronics Corp.)                                                                     F7923000-F7928000 (20480 bytes)
Module   \SystemRoot\system32\DRIVERS\dsNcAdpt.sys (dsNcAdapter/Juniper Networks)                                                                                        F765B000-F7666000 (45056 bytes)
Module   \SystemRoot\system32\DRIVERS\wacomvhid.sys (Virtual Hid Device/Wacom Technology)                                                                                F7ACD000-F7ACF000 (8192 bytes)
Module   \SystemRoot\system32\DRIVERS\WacomVKHid.sys (Virtual Hid Device/Wacom Technology)                                                                               F7ACF000-F7AD1000 (8192 bytes)
Module   \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                          F793B000-F7940000 (20480 bytes)
Module   \SystemRoot\system32\DRIVERS\wacommousefilter.sys (Wacom Mouse Filter Driver/Wacom Technology)                                                                  F795B000-F7963000 (32768 bytes)
Module   \SystemRoot\system32\drivers\cmudax.sys (C-Media Audio WDM Driver/C-Media Inc.)                                                                                 EE0B4000-EE1EB000 (1273856 bytes)
Module   \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                      F798B000-F7991000 (24576 bytes)
Module   \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                         EDE15000-EDE31000 (114688 bytes)
Module   \??\C:\Programme\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                              F7AE7000-F7AE9000 (8192 bytes)
Module   \SystemRoot\System32\ati2dvag.dll (ATI Radeon WindowsNT Display Driver/ATI Technologies Inc.)                                                                   BF012000-BF062000 (327680 bytes)
Module   \SystemRoot\System32\ati2cqag.dll (Central Memory Manager / Queue Server Module/ATI Technologies Inc.)                                                          BF062000-BF0EF000 (577536 bytes)
Module   \SystemRoot\System32\atikvmag.dll (Virtual Command And Memory Manager/ATI Technologies Inc.)                                                                    BF0EF000-BF15E000 (454656 bytes)
Module   \SystemRoot\System32\atiok3x2.dll (Ring 0 x2 component/ATI Technologies Inc.)                                                                                   BF15E000-BF1A1000 (274432 bytes)
Module   \SystemRoot\System32\ati3duag.dll (ati3duag.dll/ATI Technologies Inc. )                                                                                         BF1A1000-BF57C000 (4042752 bytes)
Module   \SystemRoot\System32\ativvaxx.dll (Radeon Video Acceleration Universal Driver/ATI Technologies Inc. )                                                           BF57C000-BF7D8000 (2473984 bytes)
Module   \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated)                                                              BFFA0000-BFFE6000 (286720 bytes)
Module   \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                  EBAA9000-EBABD000 (81920 bytes)
Module   \SystemRoot\system32\DRIVERS\atksgt.sys                                                                                                                         EB3DE000-EB421000 (274432 bytes)
Module   \SystemRoot\system32\DRIVERS\lirsgt.sys                                                                                                                         F7963000-F7968000 (20480 bytes)
Module   \SystemRoot\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)  EB491000-EB49B000 (40960 bytes)
Module   \??\C:\DOKUME~1\Alex\LOKALE~1\Temp\catchme.sys                                                                                                                  F787B000-F7883000 (32768 bytes)
Module   \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                                                  F7AFB000-F7AFD000 (8192 bytes)
Module   \??\C:\DOKUME~1\Alex\LOKALE~1\Temp\fgldqpow.sys (GMER)                                                                                                          BA700000-BA717000 (94208 bytes)

---- Processes - GMER 1.0.15 ----

Process  C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Tablet user module for consumer driver/Wacom Technology, Corp.)                                                 220
Library  C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Tablet user module for consumer driver/Wacom Technology, Corp.)                                                 0x00400000

Process  C:\WINDOWS\system32\Pen_Tablet.exe (Tablet Service for consumer driver/Wacom Technology, Corp.)                                                                 832
Library  C:\WINDOWS\system32\Pen_Tablet.exe (Tablet Service for consumer driver/Wacom Technology, Corp.)                                                                 0x00400000

Process  C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation)                                                                                   900
Library  C:\WINDOWS\system32\Ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.)                                                                  0x10000000

Process  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                  1164
Library  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                  0x00400000
Library  C:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.)                                                                                              0x003B0000
Library  C:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.)                                                                               0x10000000

Process  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                         1336
Library  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                         0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH)                                                                                       0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH)                                                                         0x00C20000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                  0x00C40000
Library  C:\Programme\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH)                                                                                           0x00DB0000
Library  C:\Programme\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH)                                                                                             0x00DD0000
Library  C:\Programme\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH)                                                                                0x01230000
Library  C:\Programme\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x01360000
Library  C:\Programme\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                     0x013A0000
Library  C:\Programme\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                  0x013D0000
Library  C:\Programme\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                     0x01470000
Library  C:\Programme\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                     0x014A0000
Library  C:\Programme\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                     0x014F0000
Library  C:\Programme\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x01580000
Library  C:\Programme\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software)                                                            0x01600000
Library  C:\Programme\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                  0x01660000
Library  C:\Programme\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x016B0000
Library  C:\Programme\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                    0x018C0000
Library  C:\Programme\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                     0x01910000
Library  C:\Programme\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                     0x01980000
Library  C:\Programme\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                      0x01A00000
Library  C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                     0x01C20000

Process  C:\WINDOWS\system32\Pen_Tablet.exe (Tablet Service for consumer driver/Wacom Technology, Corp.)                                                                 1360
Library  C:\WINDOWS\system32\Pen_Tablet.exe (Tablet Service for consumer driver/Wacom Technology, Corp.)                                                                 0x00400000

Process  C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Network Connect Service/Juniper Networks)                                                           1420
Library  C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Network Connect Service/Juniper Networks)                                                           0x00400000

Process  C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.)                                                                      1564
Library  C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.)                                                                      0x00400000

Process  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                  1712
Library  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                  0x00400000
Library  C:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.)                                                                                              0x00C80000
Library  C:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.)                                                                               0x10000000
Library  C:\WINDOWS\system32\ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.)                                                                  0x00CB0000

Process  C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation)                                                                                   1852
Library  C:\WINDOWS\system32\CNMLM66.DLL (BJ Language Monitor/CANON INC.)                                                                                                0x66F40000
Library  C:\WINDOWS\system32\pdfcmnnt.dll                                                                                                                                0x10000000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD66.DLL (Canon BJ Print Processor Dispatcher/CANON INC.)                                                          0x009A0000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation)                                       0x3F420000

Process  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                   1924
Library  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                   0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH)                                                                         0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH)                                                                                       0x00BC0000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                  0x00D10000

Process  C:\Dokumente und Einstellungen\Alex\Desktop\2ldbksmy.exe                                                                                                        2500
Library  C:\Dokumente und Einstellungen\Alex\Desktop\2ldbksmy.exe                                                                                                        0x00400000

Process  C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft)                                                                                 3064
Library  C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft)                                                                                 0x00400000
Library  C:\Programme\Lavasoft\Ad-Aware\Resources.dll (Resource DLL                                                  /Lavasoft)                                          0x10000000

Process  C:\Programme\ArcorOnline\AOButler.exe (Arcor-Online Butler Version 5.007/Arcor AG & Co. KG)                                                                     3452
Library  C:\Programme\ArcorOnline\AOButler.exe (Arcor-Online Butler Version 5.007/Arcor AG & Co. KG)                                                                     0x00400000
Library  C:\WINDOWS\system32\AMCButton.ocx (C.A.R. Software Systems)                                                                                                     0x11000000
Library  C:\WINDOWS\system32\SBList30.ocx (Enhanced Listbox ActiveX control/Global Components (GlobalCom@pobox.com))                                                     0x10000000
Library  C:\WINDOWS\system32\WinRas32.ocx (WinRas ActiveX Control Module/Arcor Online GmbH)                                                                              0x017E0000
Library  C:\PROGRA~1\ARCORO~1\cmdial32.dll (customdial/Arcor Online GmbH)                                                                                                0x01A90000

Process  C:\WINDOWS\explorer.exe (Windows Explorer/Microsoft Corporation)                                                                                                3628
Library  C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.)                                                    0x10000000
Library  C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU (PDF Shell Extension/Adobe Systems, Inc.)                                                    0x02000000
Library  C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation)                                                       0x00F30000
Library  C:\Programme\WinRAR\rarext.dll                                                                                                                                  0x013A0000
Library  C:\Programme\Avira\AntiVir Desktop\shlext.dll (AntiVirus context menu/Avira GmbH)                                                                               0x01E60000
Library  C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll                                                                                                                     0x01B30000
Library  C:\Programme\Adobe\Reader 8.0\Reader\viewerps.dll                                                                                                               0x011D0000

Process  C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft)                                                                           3920
Library  C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft)                                                                           0x00400000
Library  C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll                                                                                                                        0x10000000
Library  C:\Programme\Lavasoft\Ad-Aware\Resources.dll (Resource DLL                                                  /Lavasoft)                                          0x00B10000
Library  C:\Programme\Lavasoft\Ad-Aware\lavalicense.dll (License solution (desktop edition)/Lavasoft)                                                                    0x019C0000
Library  C:\Programme\Lavasoft\Ad-Aware\ceapi.dll (CEAPI Dynamic Link Library/Lavasoft)                                                                                  0x02210000
Library  C:\Programme\Lavasoft\Ad-Aware\lavamessage.dll (Messaging system for client notification delivery/Lavasoft)                                                     0x05840000

---- Services - GMER 1.0.15 ----

Service  C:\WINDOWS\system32\DRIVERS\3xHybrid.sys (3xHybrid/Philips Semiconductors GmbH)                                                                                 [MANUAL] 3xHybrid
Service  C:\Programme\Adobe\Photoshop                                                                                                                                    [AUTO] AdobeActiveFileMonitor5.0
Service  C:\WINDOWS\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems)                                                                                   [MANUAL] AgereSoftModem
Service  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                   [AUTO] AntiVirSchedulerService
Service  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                         [AUTO] AntiVirService
Service  C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.)                                                                  [AUTO] Ati HotKey Poller
Service  C:\WINDOWS\system32\ati2sgag.exe                                                                                                                                [AUTO] ATI Smart
Service  C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)                                                           [MANUAL] ati2mtag
Service                                                                                                                                                                  Atierecord
Service  C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                                                          [AUTO] atksgt
Service  C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                  [SYSTEM] avgio
Service  C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                   [AUTO] avgntflt
Service  C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                          [SYSTEM] avipbb
Service  C:\WINDOWS\system32\Drivers\USBCRFT.SYS (Card Reader Filter/ICSI Technology Ltd.)                                                                               [MANUAL] CardReaderFilter
Service  C:\DOKUME~1\Alex\LOKALE~1\Temp\catchme.sys                                                                                                                      [MANUAL] catchme
Service  C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Audio WDM Driver/C-Media Inc.)                                                                                  [MANUAL] cmudax
Service  C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys (dsNcAdapter/Juniper Networks)                                                                                         [MANUAL] dsNcAdpt
Service  C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Network Connect Service/Juniper Networks)                                                           [AUTO] dsNcService
Service  C:\WINDOWS\system32\DRIVERS\fetnd5b.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc.              )                                                         [MANUAL] FETNDISB
Service                                                                                                                                                                  fwdrv
Service  C:\WINDOWS\system32\DRIVERS\hamachi.sys (Hamachi Virtual Network Interface Driver/LogMeIn, Inc.)                                                                [MANUAL] hamachi
Service  C:\WINDOWS\system32\drivers\HdAudio.sys (High Definition Audio Function Driver v1.0/Windows (R) Server 2003 DDK provider)                                       [MANUAL] HdAudAddService
Service  C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider)                                          [MANUAL] HDAudBus
Service  C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.)                                                                      [AUTO] JavaQuickStarterService
Service  C:\DOKUME~1\Alex\LOKALE~1\Temp\jfdcd.sys                                                                                                                        [MANUAL] jfdcd
Service                                                                                                                                                                  khips
Service  C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft)                                                                           [AUTO] Lavasoft Ad-Aware Service
Service  C:\WINDOWS\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB)                                                                                                   [BOOT] Lbd
Service  C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                                                          [AUTO] lirsgt
Service  C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft MPE to IP Filter/Microsoft Corporation)                                                                          [MANUAL] MPE
Service                                                                                                                                                                  MSDTC Bridge 3.0.0.0
Service  C:\WINDOWS\system32\drivers\npf.sys (npf.sys (NT5/6 x86) Kernel Driver/CACE Technologies)                                                                       [MANUAL] NPF
Service  C:\WINDOWS\system32\ntsim.sys (Network Device Monitor Utility/VIA Networking Technologies, Inc.       )                                                         [MANUAL] NTSIM
Service  C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                           [MANUAL] Ptilink
Service  C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                          [BOOT] PxHelp20
Service  C:\Programme\WinPcap\rpcapd.exe (Remote Packet Capture Daemon/CACE Technologies)                                                                                [MANUAL] rpcapd
Service  C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)   [AUTO] Secdrv
Service                                                                                                                                                                  ServiceModelEndpoint 3.0.0.0
Service                                                                                                                                                                  ServiceModelOperation 3.0.0.0
Service                                                                                                                                                                  ServiceModelService 3.0.0.0
Service                                                                                                                                                                  SMSvcHost 3.0.0.0
Service  C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony USB Lower Filter driver/Sony Corporation)                                                                        [MANUAL] SONYPVU1
Service  C:\WINDOWS\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)                                                                         [BOOT] sptd
Service  C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                       [SYSTEM] ssmdrv
Service  C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation)                                                                       [MANUAL] streamip
Service  C:\WINDOWS\system32\Pen_Tablet.exe (Tablet Service for consumer driver/Wacom Technology, Corp.)                                                                 [AUTO] TabletServicePen
Service  C:\WINDOWS\system32\DRIVERS\VClone.sys (VirtualCloneCD Driver/Elaborate Bytes AG)                                                                               [MANUAL] VClone
Service  C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys (Wacom HID Mouse Monitor Filter Driver/Wacom Technology)                                                          [MANUAL] wacmoumonitor
Service  C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys (Wacom Mouse Filter Driver/Wacom Technology)                                                                   [MANUAL] wacommousefilter
Service  C:\WINDOWS\system32\DRIVERS\wacomvhid.sys (Virtual Hid Device/Wacom Technology)                                                                                 [MANUAL] wacomvhid
Service  C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys (Virtual Hid Device/Wacom Technology)                                                                                [MANUAL] WacomVKHid
Service  C:\WINDOWS\system32\drivers\wbscr.sys (Winbond Smartcard Driver/Winbond Electronics Corp.)                                                                      [MANUAL] wbscr
Service                                                                                                                                                                  Windows Workflow Foundation 3.0.0.0
Service                                                                                                                                                                  Wmi
Service  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10 Module/X10)                                                                                                    [MANUAL] x10nets
Service  C:\WINDOWS\System32\Drivers\x10ufx2.sys (X10 USB Control Interface/X10 Wireless Technology, Inc.)                                                               [MANUAL] XUIF

---- EOF - GMER 1.0.15 ----

Nach dem Scan ist der PC wieder abgestürzt, weiss nicht ob das relevant ist.

F-Secure:

Code


Online Scanner - Scanning Report - Thursday, January 21, 2010 02:17:47Scanning
Report
Thursday, January 21, 2010 01:52:30 - 02:17:47
Computer name: NAM
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\ E:\ F:\



6 malware found
TrackingCookie.Advertising (spyware)
  System (Disinfected)
TrackingCookie.Adtech (spyware)
  System (Disinfected)
TrackingCookie.Doubleclick (spyware)
  System (Disinfected)
TrackingCookie.Revsci (spyware)
  System (Disinfected)
TrackingCookie.Zanox (spyware)
  System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
  System (Disinfected)



Statistics
Scanned:
  Files: 30957
  System: 3533
  Not scanned: 6
Actions:
  Disinfected: 6
  Renamed: 0
  Deleted: 0
  Not cleaned: 0
  Submitted: 0
Files not scanned:
  C:\PAGEFILE.SYS
  C:\WINDOWS\SYSTEM32\CONFIG\SAM
  C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT



Options
Scanning engines:
Scanning options:
  Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
  VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
  MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
  TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT
  CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
  Use advanced heuristics



  Copyright © 1998-2009 Product support | Send virus sample to F-Secure
  F-Secure assumes no responsibility for material created or published by third
  parties that F-Secure World Wide Web pages have a link to. Unless you have
  clearly stated otherwise, by submitting material to any of our servers, for
  example by E-mail or via our F-Secure's CGI E-mail, you agree that the
  material you make available may be published in the F-Secure World Wide Pages
  or hard-copy publications. You will reach F-Secure public web site by clicking
  on underlined links. While doing this, your access will be logged to our
  private access statistics with your domain name. This information will not be
  given to any third party. You agree not to take action against us in relation
  to material that you submit. Unless you have clearly stated otherwise, by
  submitting material you warrant that F-Secure may incorporate any concepts
  described in it in the F-Secure products/publications without liability.


So, ich hoffe es gibt nichts mehr zu bemängeln, ich frage mich immernoch wie du irgendwas aus diesen Zeilen entnehmen kannst^^

Ich schaue heute Abend mal wieder rein.
Dankeee
Seitenanfang Seitenende
22.01.2010, 00:09
Moderator

Beiträge: 5694
#36 Das ist wie ein spannendes Buch zu lesen ;)

Nimm mich wunder obe Superantispyware noch was findet:

Grundreinigung mit SUPERAntiSpyware
• Bitte lade Dir SUPERAntiSpyware FREE Edition von SUPERAntiSpyware Website herunter.
• Eine bebilderte Anleitung findest Du hier.
• Installiere das Programm.
• Überzeuge Dich davon, dass alle Anwendungen und Dein Webbrowser geschlossen sind.
• Klicke auf den 'Check for Updates'-Button.
• Wenn das Update beendet ist, schließe SUPERAntiSpyware.
• Lasse den Scan noch NICHT laufen!
• Öffne SUPERAntiSpyware und klicke auf den 'Scan your Computer'-Button.
• Setze ein Häkchen bei 'Perform Complete Scan', klicke nun auf "Weiter".
• Achte unbedingt darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf "Weiter".
• Klicke auf 'Finish', das bringt Dich wieder ins Hauptfenster.
• Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
• Um das Logfile zu erhalten, musst du erst auf 'Preferences' und dann auf den 'Statistics/Logs'-Button klicken.
• Klicke auf das datierte Logfile, drücke auf 'View Log'. Nun erscheint ein Textfenster.
• Bitte kopiere diesen Bericht hier in den Thread.



Hast Du noch Probleme?
Seitenanfang Seitenende
22.01.2010, 14:46
...neu hier

Beiträge: 9
#37 Hmm nach so vielen verschiedenen Scans gibt es anscheinend immernoch Trojaner :/

Code


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/22/2010 at 02:39 PM

Application Version : 4.33.1000

Core Rules Database Version : 4505
Trace Rules Database Version: 2318

Scan type       : Complete Scan
Total Scan Time : 00:26:59

Memory items scanned      : 459
Memory threats detected   : 0
Registry items scanned    : 5171
Registry threats detected : 5
File items scanned        : 23845
File threats detected     : 25

Adware.Tracking Cookie
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@click.fastpartner[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@clickpayz3.91457.blueseek[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@zanox-affiliate[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@doubleclick[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@ad.zanox[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@content.yieldmanager[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@tracking.quisma[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@ak[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@zanox[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@clickpayz6.91447.blueseek[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@advertising[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@zedo[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@traffictrack[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@ad.yieldmanager[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@bluestreak[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@clickpayz7.91447.blueseek[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@revsci[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@ad.adition[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@eas.apm.emediate[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@adfarm1.adition[2].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@collective-media[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@clicks.smartbizsearch[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@adtech[1].txt
    C:\Dokumente und Einstellungen\Alex\Cookies\alex@tmobile[1].txt

Trojan.Agent/Gen-Alureon
    HKU\.DEFAULT\Software\h8srt
    HKU\S-1-5-19\Software\h8srt
    HKU\S-1-5-20\Software\h8srt
    HKU\S-1-5-21-1801674531-1035525444-725345543-1004\Software\h8srt
    HKU\S-1-5-18\Software\h8srt

Trojan.Agent/Gen-Nullo[Short]
    D:\SYSTEM VOLUME INFORMATION\_RESTORE{ACDB9CB0-2594-4984-B222-2A3C8BCD739D}\RP583\A0162214.EXE

Aber wird immer besser ;)
Seitenanfang Seitenende
22.01.2010, 15:52
Moderator

Beiträge: 5694
#38 Das ist nichts mehr schlimmes ;) Zum einen Cookies, welche immer wieder kommen, dann solche die in der Systemwiederherstellung stecken.

Schritt 1

Rootkitscan mit RootRepeal
• Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
• Entpacke die Datei auf Deinen Desktop.
• Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
• Klicke auf den Reiter Report und dann auf den Button Scan.
• Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT

.
• Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
• Wähle C:\ und klicke wieder Ok.
• Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
• Wenn der Suchlauf beendet ist, klicke auf Save Report.
• Speichere das Logfile als RootRepeal.txt auf dem Desktop.
• Kopiere den Inhalt hier in den Thread.


Schritt 2

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code

:filefind
*h8srt*
h8srt

:regfind
*h8srt*
h8srt
• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
Seitenanfang Seitenende
23.01.2010, 13:58
...neu hier

Beiträge: 9
#39 Hallo Swiss,

Code


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/01/23 13:46
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDC6C000    Size: 98304    File Visible: No    Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B05000    Size: 8192    File Visible: No    Signed: -
Status: -

Name: PCI_PNP4912
Image Path: \Driver\PCI_PNP4912
Address: 0x00000000    Size: 0    File Visible: No    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF69B1000    Size: 49152    File Visible: No    Signed: -
Status: -

Name: spbt.sys
Image Path: spbt.sys
Address: 0xF739A000    Size: 1048576    File Visible: No    Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000    Size: 0    File Visible: No    Signed: -
Status: -

SSDT
-------------------
#: 041    Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7b76f5e

#: 053    Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7b76f54

#: 063    Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7b76f63

#: 065    Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7b76f6d

#: 071    Function Name: NtEnumerateKey
Status: Hooked by "spbt.sys" at address 0xf73b9ca2

#: 073    Function Name: NtEnumerateValueKey
Status: Hooked by "spbt.sys" at address 0xf73ba030

#: 098    Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7b76f72

#: 119    Function Name: NtOpenKey
Status: Hooked by "spbt.sys" at address 0xf739b0c0

#: 122    Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7b76f40

#: 128    Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7b76f45

#: 160    Function Name: NtQueryKey
Status: Hooked by "spbt.sys" at address 0xf73ba108

#: 177    Function Name: NtQueryValueKey
Status: Hooked by "spbt.sys" at address 0xf73b9f88

#: 193    Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7b76f7c

#: 204    Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7b76f77

#: 247    Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7b76f68

#: 257    Function Name: NtTerminateProcess
Status: Hooked by "C:\Programme\SUPERAntiSpyware\SASKUTIL.sys" at address 0xedd6c0b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System    Address: 0x86f531f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System    Address: 0x86c981f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System    Address: 0x86db5500    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System    Address: 0x86db5500    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86db5500    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86db5500    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System    Address: 0x86db5500    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86db5500    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System    Address: 0x86db5500    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System    Address: 0x86fc31f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System    Address: 0x869ae1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System    Address: 0x869ae1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x869ae1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x869ae1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System    Address: 0x869ae1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System    Address: 0x869ae1f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System    Address: 0x86db4500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System    Address: 0x86db4500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86db4500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86db4500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System    Address: 0x86db4500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86db4500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System    Address: 0x86db4500    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System    Address: 0x8669a1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_CREATE]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_CLOSE]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_READ]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_CLEANUP]
Process: System    Address: 0x869ef1f8    Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ䵃慖, IRP_MJ_PNP]
Process: System    Address: 0x869ef1f8    Size: 121

==EOF==


SystemLook hat irgendwann "einen Fehler verursacht und musste geschlossen werden",
danach war aber ein Log auf dem Deskop abgespeichert.

Code


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:53 on 23/01/2010 by Alex (Administrator - Elevation successful)

========== filefind ==========

Searching for "*h8srt*"
No files found.

Searching for "h8srt"
No files found.

========== regfind ==========

Searching for "*h8srt*"
No data found.

Searching for "h8srt"

Nochmal vielen Dank für die Hilfe ;)
Ich habe jetzt immer Ad-Aware, Avira und SuperAntispyware am laufen, ist es genug um sowas nicht wieder
vorkommenzulassen, oder ist das schon zu viel oder so?
Seitenanfang Seitenende
24.01.2010, 00:29
Moderator

Beiträge: 5694
#40 Nein das ist gut mit den Programmen.

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
24.01.2010, 12:35
...neu hier

Beiträge: 9
#41 Servus

Code


OTL logfile created on: 24.01.2010 12:27:48 - Run 2
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Dokumente und Einstellungen\Alex\Desktop\logs & progs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 439,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,55 Gb Total Space | 43,12 Gb Free Space | 57,83% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 117,35 Gb Free Space | 78,73% Space Free | Partition Type: NTFS
Drive E: | 74,49 Gb Total Space | 37,87 Gb Free Space | 50,84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NAM
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Dokumente und Einstellungen\Alex\Desktop\logs & progs\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\ArcorOnline\AOButler.exe (Arcor AG & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\QIP\qip.exe (The Author of QIP)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Dokumente und Einstellungen\Alex\Desktop\logs & progs\OTL.exe (OldTimer Tools)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (AdobeActiveFileMonitor5.0) --  File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (cmudax) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Technologies, Inc.              )
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (NTSIM) -- C:\WINDOWS\system32\ntsim.sys (VIA Networking Technologies, Inc.       )
DRV - (wbscr) -- C:\WINDOWS\system32\drivers\wbscr.sys (Winbond Electronics Corp.)
DRV - (SONYPVU1) Sony USB-Filtertreiber (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.backup.ftp: "141.13.16.201"
FF - prefs.js..network.proxy.backup.ftp_port: 3127
FF - prefs.js..network.proxy.backup.gopher: "141.13.16.201"
FF - prefs.js..network.proxy.backup.gopher_port: 3127
FF - prefs.js..network.proxy.backup.socks: "141.13.16.201"
FF - prefs.js..network.proxy.backup.socks_port: 3127
FF - prefs.js..network.proxy.backup.ssl: "141.13.16.201"
FF - prefs.js..network.proxy.backup.ssl_port: 3127
FF - prefs.js..network.proxy.ftp: "149.157.205.5"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "149.157.205.5"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "149.157.205.5"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "149.157.205.5"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "149.157.205.5"
FF - prefs.js..network.proxy.ssl_port: 80


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.01.15 16:39:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.01.07 10:25:36 | 00,000,000 | ---D | M]

[2008.08.01 11:25:55 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Extensions
[2010.01.22 22:22:06 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\rvxpg0lu.default\extensions
[2009.02.15 11:16:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\rvxpg0lu.default\extensions\OberonGameHost@OberonGames.com
[2010.01.22 22:22:06 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.22 17:21:45 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009.09.07 00:06:52 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009.09.10 23:30:08 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.09.10 23:30:08 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.09.10 23:30:08 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.10 23:30:08 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.09.10 23:30:08 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.01.06 17:31:03 | 00,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [Arcor Online] C:\Programme\ArcorOnline\Arcor.exe (Arcor AG & Co. KG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.29 12:35:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.01.22 21:03:24 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\.jordan
[2010.01.22 01:53:10 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.01.22 01:52:50 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\SUPERAntiSpyware.com
[2010.01.22 01:52:50 | 00,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.01.21 22:03:10 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010.01.21 21:54:43 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Desktop\logs & progs
[2010.01.21 01:52:19 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2010.01.21 01:21:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010.01.21 01:17:47 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.01.21 01:17:46 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.01.21 01:17:46 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.01.21 01:17:46 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.01.21 01:17:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.01.21 01:15:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010.01.20 21:49:39 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Malwarebytes
[2010.01.20 21:49:35 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.20 21:49:33 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.20 21:49:33 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.01.20 19:39:21 | 00,000,000 | ---D | C] -- C:\_OTL
[2010.01.20 16:46:13 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.01.20 16:46:13 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.01.20 16:46:13 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.01.20 16:46:12 | 00,000,000 | ---D | C] -- C:\Programme\Avira
[2010.01.20 16:46:12 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.01.20 16:34:13 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.01.20 12:20:41 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Alex\Recent
[2010.01.20 01:19:54 | 12,371,736 | ---- | C] (Sunbelt Software                                             ) -- C:\Dokumente und Einstellungen\All Users\Dokumente\counterspy.exe
[2010.01.19 23:51:20 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.01.19 23:45:20 | 00,000,000 | ---D | C] -- C:\Programme\[url="http://www.ccleaner.de"]CCleaner[/url]
[2010.01.19 23:18:30 | 00,000,000 | ---D | C] -- C:\Programme\HijackThis
[2010.01.19 23:07:39 | 00,000,000 | ---D | C] -- C:\Programme\ClearProg
[2010.01.19 22:59:12 | 00,000,000 | ---D | C] -- C:\Programme\Windows Defender
[2010.01.19 22:50:25 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.01.19 22:35:39 | 00,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010.01.12 20:43:19 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.01.06 17:52:57 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Desktop\Optisches Fließen
[2009.12.26 15:34:16 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2009.12.26 15:34:16 | 00,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2009.12.26 15:34:13 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCDE.DLL
[2009.12.26 15:34:13 | 00,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL
[2009.12.26 15:34:13 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2DE.DLL
[2009.12.26 15:34:13 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2009.12.26 15:34:13 | 00,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2009.11.19 21:47:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.04.30 14:17:30 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2008.09.17 11:24:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2007.04.30 13:04:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Symantec
[2007.04.29 12:38:25 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2007.04.29 12:35:54 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.01.24 12:24:55 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.01.24 12:24:55 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.01.24 12:24:55 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.01.24 12:24:54 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.01.24 12:24:54 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.01.24 12:24:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.24 12:24:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.24 12:24:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.24 12:24:00 | 00,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.01.24 01:23:38 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Alex\ntuser.ini
[2010.01.24 01:23:37 | 11,534,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\Alex\NTUSER.DAT
[2010.01.24 01:22:58 | 00,605,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\.recently-used.xbel
[2010.01.24 00:34:57 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.01.24 00:04:09 | 00,103,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.23 20:33:37 | 00,000,476 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Verknüpfung mit We Feed the World.lnk
[2010.01.23 20:33:35 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.23 20:33:07 | 00,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Verknüpfung mit Toedliches.Kommando.The.Hurt.Locker.DVDRiP.MD.German.XViD-LEX.lnk
[2010.01.22 16:40:31 | 03,212,387 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Optisches Fließen.odp
[2010.01.21 01:27:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.01.21 01:21:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010.01.20 21:45:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010.01.20 01:20:49 | 12,371,736 | ---- | M] (Sunbelt Software                                             ) -- C:\Dokumente und Einstellungen\All Users\Dokumente\counterspy.exe
[2010.01.19 23:41:12 | 01,042,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.01.19 23:41:12 | 00,448,800 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.01.19 23:41:12 | 00,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.19 23:41:12 | 00,080,108 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.01.19 23:41:12 | 00,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.17 23:51:44 | 00,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2010.01.14 19:31:58 | 00,032,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Ablage.doc
[2010.01.07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.01.24 01:22:58 | 00,605,488 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\.recently-used.xbel
[2010.01.23 20:33:37 | 00,000,476 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Verknüpfung mit We Feed the World.lnk
[2010.01.23 20:33:07 | 00,000,575 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Verknüpfung mit Toedliches.Kommando.The.Hurt.Locker.DVDRiP.MD.German.XViD-LEX.lnk
[2010.01.22 13:57:05 | 03,212,387 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Optisches Fließen.odp
[2010.01.21 01:21:39 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010.01.21 01:21:37 | 00,262,448 | ---- | C] () -- C:\cmldr
[2010.01.21 01:17:47 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.01.21 01:17:46 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.01.21 01:17:46 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.01.21 01:17:46 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.01.21 01:17:46 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.01.19 22:58:30 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.01.19 22:54:59 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.01.19 22:54:59 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.01.19 22:54:58 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.01.19 22:54:57 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.01.17 23:51:44 | 00,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2009.12.26 15:34:16 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.03.25 12:28:51 | 00,000,017 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\AVSDVDPlayer.m3u
[2009.03.25 12:26:47 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.03.25 12:26:47 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.01.24 18:56:39 | 00,000,193 | ---- | C] () -- C:\WINDOWS\bat2exe.INI
[2008.12.07 14:50:30 | 00,000,116 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3.INI
[2008.12.07 14:41:28 | 00,000,130 | ---- | C] () -- C:\WINDOWS\magix.ini
[2008.12.07 14:41:26 | 00,000,887 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.11.04 19:08:39 | 00,001,331 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\mdb.bin
[2008.10.31 21:14:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\P2kRotate.ini
[2008.10.07 10:48:10 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008.10.07 10:48:10 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008.10.07 10:45:25 | 00,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.07.07 04:53:47 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.06.27 22:51:40 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.12.20 11:45:18 | 00,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2007.12.20 11:45:12 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.12.16 00:47:48 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.12.11 20:27:12 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.11.14 13:45:31 | 00,000,022 | ---- | C] () -- C:\WINDOWS\CITEMP.INI
[2007.11.08 19:22:45 | 00,442,368 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2007.08.30 21:15:11 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007.08.30 16:59:34 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\iplCubePX.dll
[2007.08.30 16:59:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\iplCubeA6.dll
[2007.08.30 16:59:34 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\iplCubeM6.dll
[2007.08.30 16:59:34 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\iplCubeP6.dll
[2007.08.30 16:59:34 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\iplCubeM5.dll
[2007.08.30 16:59:34 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\iplCubeP5.dll
[2007.08.30 16:59:34 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\iplCube.dll
[2007.08.30 16:59:33 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007.08.27 12:31:47 | 00,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2007.08.27 12:31:09 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2007.08.25 00:37:33 | 00,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.08.25 00:37:33 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.06.29 01:01:48 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.05.05 13:33:11 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.04.30 13:52:41 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\KERNELH2.DLL
[2007.04.29 21:04:18 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2007.04.29 20:43:54 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.04.29 20:38:05 | 00,103,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.29 15:15:18 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2007.04.29 15:05:32 | 00,000,269 | ---- | C] () -- C:\WINDOWS\Dit.INI

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2008.01.30 21:42:07 | 00,000,162 | -H-- | M] ()(C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$?????? ? ???????? ? 50.doc) -- C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$ёнушке и Иванушке к 50.doc
[2008.01.30 21:42:07 | 00,000,162 | -H-- | C] ()(C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$?????? ? ???????? ? 50.doc) -- C:\Dokumente und Einstellungen\Alex\Eigene Dateien\~$ёнушке и Иванушке к 50.doc

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 319 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
< End of report >

Code


OTL Extras logfile created on: 24.01.2010 12:27:48 - Run 2
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Dokumente und Einstellungen\Alex\Desktop\logs & progs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 439,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,55 Gb Total Space | 43,12 Gb Free Space | 57,83% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 117,35 Gb Free Space | 78,73% Space Free | Partition Type: NTFS
Drive E: | 74,49 Gb Total Space | 37,87 Gb Free Space | 50,84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NAM
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56646:TCP" = 56646:TCP:*:Enabled:Pando Media Booster
"56646:UDP" = 56646:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56646:TCP" = 56646:TCP:*:Enabled:Pando Media Booster
"56646:UDP" = 56646:UDP:*:Enabled:Pando Media Booster

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Russen\hl.exe" = D:\Russen\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Age of Empires II Lan Version\age2_x1.exe" = D:\Age of Empires II Lan Version\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\Warcraft III\Frozen Throne.exe" = D:\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"D:\Warcraft III\war3.exe" = D:\Warcraft III\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"D:\Warcraft III Lan Version\war3.exe" = D:\Warcraft III Lan Version\war3.exe:*:Enabled:Warcraft III -- (HeLLkiLLeR)
"D:\Age of Empires II Lan Version\empires2.exe" = D:\Age of Empires II Lan Version\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\Hamachi\hamachi.exe" = C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"D:\Warcraft III Lan Version\Frozen Throne.exe" = D:\Warcraft III Lan Version\Frozen Throne.exe:*:Enabled:Frozen Throne.exe -- (Blizzard Entertainment)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\Heroes of Newerth\hon.exe" = C:\Programme\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{30120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System (Beta)
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510407-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 SR-1 [DEU]
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{CD815603-AB71-4CFB-B3AC-522298037ACC}" = W83L518D
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Generic USB CardReader 2.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Agfa ScanWise 1.50" = Agfa ScanWise 1.50
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"[url="http://www.ccleaner.de"]CCleaner[/url]" = [url="http://www.ccleaner.de"]CCleaner[/url]
"ClearProg" = ClearProg 1.6.0 Final
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX Unified" = EAX Unified
"FL Studio 5" = FL Studio 5
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Hamachi" = Hamachi 1.0.2.2
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Mafia Game" = Mafia Game
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NSSSetup.{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan (Symantec Corporation)
"Pen Tablet Driver" = Stifttablett
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 400" = Portal
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WAV to MP3" = WAV to MP3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinPcapInst" = WinPcap 4.0.1
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"QIP 2005" = QIP 2005 8092
"Steam App 10" = Counter-Strike
"Warcraft III" = Warcraft III: All Products

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 20.01.2010 13:12:28 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung flash_disinfector.exe, Version 0.0.0.0,
fehlgeschlagenes Modul flash_disinfector.exe, Version 0.0.0.0, Fehleradresse 0x00021dd0.

Error - 20.01.2010 14:26:44 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung flash_disinfector.exe, Version 0.0.0.0,
fehlgeschlagenes Modul flash_disinfector.exe, Version 0.0.0.0, Fehleradresse 0x00021dd0.

Error - 20.01.2010 14:41:50 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung flash_disinfector.exe, Version 0.0.0.0,
fehlgeschlagenes Modul flash_disinfector.exe, Version 0.0.0.0, Fehleradresse 0x00021dd0.

Error - 20.01.2010 15:03:25 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung flash_disinfector.exe, Version 0.0.0.0,
fehlgeschlagenes Modul flash_disinfector.exe, Version 0.0.0.0, Fehleradresse 0x00021dd0.

Error - 20.01.2010 15:03:27 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung flash_disinfector.exe, Version 0.0.0.0,
fehlgeschlagenes Modul flash_disinfector.exe, Version 0.0.0.0, Fehleradresse 0x00021dd0.

Error - 20.01.2010 15:03:34 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung flash_disinfector.exe, Version 0.0.0.0,
fehlgeschlagenes Modul flash_disinfector.exe, Version 0.0.0.0, Fehleradresse 0x00021dd0.

Error - 20.01.2010 20:42:03 | Computer Name = NAM | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3642, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 23.01.2010 08:52:59 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung systemlook.exe, Version 0.0.0.0, fehlgeschlagenes
Modul systemlook.exe, Version 0.0.0.0, Fehleradresse 0x00007aa4.

Error - 23.01.2010 08:53:53 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung systemlook.exe, Version 0.0.0.0, fehlgeschlagenes
Modul systemlook.exe, Version 0.0.0.0, Fehleradresse 0x00007aa4.

Error - 23.01.2010 13:24:45 | Computer Name = NAM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung systemlook.exe, Version 0.0.0.0, fehlgeschlagenes
Modul systemlook.exe, Version 0.0.0.0, Fehleradresse 0x00007aa4.

[ System Events ]
Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ati2mtag | ID = 43009
Description = Invalid display type

Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ACPI | ID = 0
Description =

Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ACPI | ID = 0
Description =

Error - 24.01.2010 07:24:28 | Computer Name = NAM | Source = ACPI | ID = 0
Description =


< End of report >
Seitenanfang Seitenende
24.01.2010, 23:55
Moderator

Beiträge: 5694
#42 Schritt 1


Tool-Bereinigung mit OTM

Wir werden nun die CleanUp!-Funktion von OTM nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
• Bitte lade Dir (falls noch nicht vorhanden) OTM von OldTimer herunter.
Speichere es auf Deinem Desktop.
• Doppelklick auf OTM.exe um das Programm auszuführen.
Vista-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
• Klicke auf den Button "CleanUp!"
• OTM fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTM und andere Helferprogramme, die Du
im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden
entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch
welche übrig geblieben sein, lösche sie manuell.


Schritt 2

Hast Du noch Probleme?
Seitenanfang Seitenende
25.01.2010, 00:35
...neu hier

Beiträge: 9
#43 Keine Probleme mehr, danke!

Ich bewundere deine uneigennützige Hilfsbereitschaft, die wohl das Gegenpol zu den Leuten darstellt, die Viren in die Welt setzen ;)
Genug geschleimt^^ Ich meld mich wieder wenn was nicht geht, (selbst Schuld wenn ihr so gut seit)

Ciao
Seitenanfang Seitenende
25.01.2010, 01:55
Moderator

Beiträge: 5694
#44 ;) Danke Dir für Deine Worte. Ja leider sind wir immer ein ganz wenig hinter den VirenHersteller.

Hier noch einige nützliche Infos:

Nachsorge

Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra ;).

Falls bei Dir noch nicht installiert, solltest Du Dir die folgenden Programme installieren.
Spybot Search&Destroy
ist ein gutes Tool, welches bösartige Software sucht und unschädlich macht. Bei der
Installation darauf achten, dass der TeaTimer nicht aktiviert wird. Lasse das Tool in
regelmäßige Abständen (z. B. einmal pro Woche) laufen und lasse vor der Überprüfung
immer nach Updates suchen, Details siehe ausführliche Anleitung.
Um Dein System frei von temporären Dateien zu halten, empfehle ich [url="http://www.CCleaner.de"]CCleaner[/url], (Toolbar nicht mitinstallieren) eine Freeware-
Software zur Optimierung und zum Aufräumen von Windows, Einzelheiten siehe die
Anleitung von Hijackthis-Forum.de. Bei Java (Sun) immer nur die aktuellste Version auf dem Rechner haben, alle anderen
deinstallieren.

Verwende einen alternativen Browser, ich empfehle Firefox. Es gibt eine große Anzahl von Erweiterungen,
wie z. B. Adblock Plus und NoScript. Mit der Erweiterung
IE Tab ist sogar das Windows- und Office-Upate über Firefox möglich. Die Erweiterung QuickJava sorgt dafür, dass Du Java und Java-Skript nur bei Bedarf
einschalten kannst. Eine alternatives E-Mail-Programm ist Thunderbird. Auch dafür gibt es viele sehr gute
Erweiterungen.

Als Alternative für die ganzen Messenger kommen Miranda-IM oder Trillian infrage. Miranda ist ein malwarefreier OpenSource Instant-Messenger, der mit Protokollen von AOL, ICQ, IRC, MSN und Yahoo zusammen arbeitet. Mit dem ebenfalls malwarefreien Trillian kannst du mit Nutzern von ICQ, AIM, Yahoo Messenger, MSN und IRC chatten.

"Wie konnte die Malware auf meinen Rechner kommen?", ist die wohl am häufigsten gestellte Frage. Malware gelangt in erster Linie über sogenannte Browser Exploits auf einen Rechner, also über Sicherheitslücken im Browser selbst. Weitere Schleusen sind E-Mail-Anhänge, Lecks im Betriebssystem oder Dateidownloads aus unsicheren Quellen.

Durch Einsatz Deines Köpfchens und folgende simple Maßnahmen kannst Du den Schutz optimieren:

• System immer auf aktuellem Stand halten (Windows Update regelmäßig machen und Software aktualisieren).
• Programme wenn möglich "benutzerdefiniert" installieren und Toolbars und Sponsoren abwählen.
• Internet Explorer sicher konfigurieren.
• Nur Original-Software nutzen und auf Programme aus dubiosen Quellen konsequent verzichten.
• Programme, die Du nicht mehr nutzt, über Systemsteuerung => Software entfernen/deinstallieren.
• Nicht alles anklicken, wo klickmich draufsteht!
• Gesunden Menschenverstand und Vorsicht walten lassen,
• insbesondere bei Dateien, die Du Dir auf den PC holst, also E-Mails, Downloads etc.,
• am besten auf Filesharing über P2P-Programme ganz verzichten.
• Router durch Vergabe eines Kennwortes vor Änderungen von außen schützen.
• Nicht benötigte Dienste und Programme gar nicht erst starten.
Bezüglich der Dienste ist es allerdings nötig, sich damit ausführlich zu beschäftigen, ansonsten die Dienste lieber lassen, wie sie sind.
• Nicht benötigte "Ports" (am eventuell vorhandenen DSL-Router), Freigaben u. ä. schließen.
Port-Scan-Test.
WLAN absichern.
Sichere Passwörter vergeben.
• Nicht mehr als einen Virenscanner mit Hintergrundwächter installieren.
• Nicht mehr als ein Antispyware-Programm mit Hintergrundwächter ständig laufen lassen.
• Das System hin und wieder zusätzlich mit einem dieser kostenlosen Online Scanner überprüfen.
• Datensicherung nicht vergessen!
Immer eine saubere Datensicherung als zurückspielbares Image auf Lager haben.


Spenden:


Da häufig die Frage nach einer Spendenmöglichkeit auftaucht, hier ein kleiner Hinweis dazu:
Wenn Dir unser Support gefallen hat und Du dazu beitragen möchtest, dass dieser
kostenlose Service aufrecht erhalten wird, kannst Du das mit einer freiwilligen kleinen
Spende an Protecus tun. Entscheidest Du
Dich für einen Zustupf an meine Wenigkeit dann geht dies über dieses
Pay-Pal Konto.
Seitenanfang Seitenende
19.05.2010, 17:00
...neu hier

Beiträge: 4
#45 So, ich habe seit ca. 3 Stunden das gleiche Problem, keine Ahnung wie es dazu kam.
Ich sehe, dass hier viele Leute ihre Logfiles posten, und da ich wirklich gar keinen Schimmer von dem Stoff hier habe, mach ich das auch mal.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:50:49, on 19.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Pql.exe
C:\WINDOWS\Pjivua.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ug6zlw4.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\avp.exe
C:\FRAPS\FRAPS.EXE
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Logitech\SetPoint II\SetpointII.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\mIRC\mirc.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\HiJackThis204.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15421&l=dis
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sdra64.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: C:\WINDOWS\system32\a4rfuirql.dll - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\WINDOWS\system32\a4rfuirql.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [XML Bootrecovery] runtime.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Programme\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [mcexecwin] rundll32.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\p29ccfi8ct.dll, RestoreWindows
O4 - HKCU\..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ug6zlw4.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Pql.exe
O4 - HKCU\..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\avp.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech-Produktregistrierung.lnk = C:\Programme\Gemeinsame Dateien\LogiShared\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://80.237.209.20/objects/NpFv501.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - http://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: har98fefiesjfs93s8i9sejsdf - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\WINDOWS\system32\a4rfuirql.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCO scheduler service - Unknown owner - C:\Programme\PCOptimizer\PCoptimizerService.exe (file missing)
O23 - Service: Sukoku Service - Unknown owner - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sukoku\sukoku123.exe (file missing)

--
End of file - 9964 bytes



Vielen Dank schonmal im Voraus,
WhiteShine
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: