Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: sdra64.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.05.2010, 02:53   #1
Werft
 
sdra64.exe - Standard

sdra64.exe



Hallo,
ich habe grade entdeckt, dass ich mir wohl ein ziemlich schlimmes Ding eingefangen habe. Hab eben schon einiges drüber gelesen und bin verzweifelt! sdra64.exe.
Was mach ich denn jetzt? Ich hab keine Ahnung von Computern geschweige denn davon, was ich jetzt machen soll.

Hier mal mein Logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:47:55, on 17.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\ATI-CPanel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: GMX Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Programme\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ICQ Lite] C:\PROGRA~1\ICQLite\ICQLite.exe -trayboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ICQ Lite] C:\PROGRA~1\ICQLite\ICQLite.exe -trayboot (User 'Default user')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_803138DCE93649E4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programme\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - hxxp://picasaweb.google.ca/s/v/56.20/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - hxxp://picasaweb.google.com/s/v/48.11/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{138C17CF-A9D4-45AE-AD22-6DC816A63E0D}: NameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{138C17CF-A9D4-45AE-AD22-6DC816A63E0D}: NameServer = 213.191.74.18 62.109.123.196
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS

--
End of file - 10472 bytes

Alt 17.05.2010, 08:31   #2
Angel21
 
sdra64.exe - Standard

sdra64.exe



Hallo

Benutze Malwarebytes nach der Anleitung. Wenn Malwarebytes durch ist und das Log erscheint gehe auf "Auswahl entfernen" und poste bei Scan-Berichte das Log in deinen Thread.

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 17.05.2010, 13:22   #3
Werft
 
sdra64.exe - Standard

sdra64.exe



Malwarebytes Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4108

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.05.2010 13:20:13
mbam-log-2010-05-17 (13-20-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146455
Laufzeit: 10 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 3
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Infizierte Dateien:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
__________________

Alt 17.05.2010, 14:00   #4
Werft
 
sdra64.exe - Standard

sdra64.exe



Code:
ATTFilter
OTL logfile created on: 17.05.2010 13:29:15 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 581,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1534 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 10,04 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NAME-5DDB2F17FD
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE (Sophos Plc)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\ATI-CPanel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (SWEEPSRV.SYS) -- C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS (Sophos Plc)
SRV - (SweepNet) -- C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE (Sophos Plc)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 250(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (tffsport) -- C:\WINDOWS\system32\DRIVERS\tffsport.sys (M-Systems)
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (InterCheck Control) -- C:\Programme\Sophos SWEEP for NT\ICNTDRV5.SYS (Sophos Plc)
DRV - (InterCheck Filter) -- C:\Programme\Sophos SWEEP for NT\ICNTFLT5.SYS (Sophos Plc)
DRV - (InterCheck Support 12) -- C:\Programme\Sophos SWEEP for NT\ICNTST12.SYS (Sophos Plc)
DRV - (InterCheck Support 11) -- C:\Programme\Sophos SWEEP for NT\ICNTST11.SYS (Sophos Plc)
DRV - (InterCheck Support 10) -- C:\Programme\Sophos SWEEP for NT\ICNTST10.SYS (Sophos Plc)
DRV - (InterCheck Support 09) -- C:\Programme\Sophos SWEEP for NT\ICNTST09.SYS (Sophos Plc)
DRV - (InterCheck Support 08) -- C:\Programme\Sophos SWEEP for NT\ICNTST08.SYS (Sophos Plc)
DRV - (InterCheck Support 07) -- C:\Programme\Sophos SWEEP for NT\ICNTST07.SYS (Sophos Plc)
DRV - (InterCheck Support 06) -- C:\Programme\Sophos SWEEP for NT\ICNTST06.SYS (Sophos Plc)
DRV - (InterCheck Support 05) -- C:\Programme\Sophos SWEEP for NT\ICNTST05.SYS (Sophos Plc)
DRV - (InterCheck Support 04) -- C:\Programme\Sophos SWEEP for NT\ICNTST04.SYS (Sophos Plc)
DRV - (InterCheck Support 03) -- C:\Programme\Sophos SWEEP for NT\ICNTST03.SYS (Sophos Plc)
DRV - (InterCheck Support 02) -- C:\Programme\Sophos SWEEP for NT\ICNTST02.SYS (Sophos Plc)
DRV - (InterCheck Support 01) -- C:\Programme\Sophos SWEEP for NT\ICNTST01.SYS (Sophos Plc)
DRV - (SiSRaid2) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys (Silicon Integrated Systems Corp)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (w22n51) Intel(R) -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel® Corporation)
DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro )
DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 9B 8B F7 A1 69 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {0200c2a9-70da-4f6d-b527-f5f7d7877228}:0.4.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.no_proxies_on: ".***.de"
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.01.19 22:19:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.20 22:15:01 | 000,000,000 | ---D | M]
 
[2009.10.13 00:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.04.28 19:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\extensions
[2009.10.13 00:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\extensions\{0200c2a9-70da-4f6d-b527-f5f7d7877228}
[2009.09.13 01:27:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.13 00:32:02 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.28 18:11:04 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\searchplugins\icqplugin-1.xml
[2008.07.17 02:04:18 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\searchplugins\icqplugin-2.xml
[2008.09.25 01:25:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\searchplugins\icqplugin-3.xml
[2008.11.16 21:35:07 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\searchplugins\icqplugin-4.xml
[2008.12.18 14:00:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\searchplugins\icqplugin-5.xml
[2008.12.26 17:00:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\searchplugins\icqplugin-6.xml
[2010.01.19 22:21:05 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\searchplugins\icqplugin-7.xml
[2010.01.20 05:50:13 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\searchplugins\icqplugin-8.xml
[2009.07.13 18:12:02 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\z8dpfy2k.default\searchplugins\icqplugin.xml
[2010.04.28 18:11:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.26 12:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.01.08 02:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
[2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.12.09 13:13:28 | 000,290,354 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 9998 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (GMX Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [little_helper2.exe]  File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [T-DSL SpeedMgr] C:\Programme\T-DSL SpeedManager\SpeedMgr.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [ares] C:\Programme\Ares\Ares.exe File not found
O4 - HKCU..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe File not found
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan.lnk = C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.ca/s/v/56.20/uploader2.cab (UploadListView Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/48.11/uploader2.cab (UploadListView Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.16 08:06:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CANOTPRS.
File not found -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CAAV2XYP.
File not found -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CAA7276T.
[2010.05.17 13:12:42 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.05.17 13:07:03 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.05.16 16:28:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\***
[2010.05.15 17:10:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\***
[2010.05.11 00:10:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.05.02 21:20:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Facebook
[2005.09.16 01:59:53 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CANOTPRS.
File not found -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CAAV2XYP.
File not found -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CAA7276T.
[2010.05.17 13:25:44 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.05.17 13:25:26 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.17 13:25:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.17 13:24:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.17 13:23:27 | 014,680,064 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.05.17 13:23:27 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.05.17 13:12:53 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.05.17 13:07:06 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.05.17 02:44:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.17 01:48:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.17 00:48:27 | 000,457,832 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\***.pdf
[2010.05.17 00:26:19 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010.05.16 23:31:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010.05.16 23:31:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010.05.16 16:57:59 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.05.15 17:34:34 | 000,000,542 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\alice.lnk
[2010.05.12 18:13:46 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Word.lnk
[2010.05.11 16:20:49 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.05.11 03:02:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.05.10 21:04:03 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml
[2010.05.09 16:54:36 | 000,001,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.05.04 17:15:39 | 000,040,448 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\***.doc
[2010.05.04 16:31:57 | 004,021,248 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\***.doc
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.20 22:15:02 | 000,001,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.17 00:48:27 | 000,457,832 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\***.pdf
[2010.05.15 17:34:34 | 000,000,542 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\alice.lnk
[2010.05.09 16:54:36 | 000,001,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.20 22:15:02 | 000,001,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.02.02 18:59:16 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.05.08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.04.30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008.07.28 03:41:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.03.29 23:10:27 | 000,001,063 | ---- | C] () -- C:\WINDOWS\WaveRec.ini
[2007.12.17 01:59:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2007.11.25 20:06:33 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.11.25 20:06:33 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2007.11.23 20:46:40 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007.09.14 20:59:20 | 000,000,180 | ---- | C] () -- C:\WINDOWS\MusicMaker.INI
[2007.09.14 20:51:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2007.09.14 20:51:24 | 000,000,330 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2007.09.14 20:14:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2007.09.08 20:52:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll
[2006.11.07 00:49:36 | 000,000,302 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006.10.10 19:11:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006.09.28 08:07:11 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\BOCOF.DLL
[2006.03.03 19:21:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006.02.10 23:22:20 | 000,000,068 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006.02.06 01:51:23 | 000,000,630 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.10.13 16:03:15 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.10.12 12:19:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC66SeriesEuro.ini
[2005.10.10 22:45:18 | 000,139,288 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005.10.05 01:48:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.10.04 21:07:21 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.10.04 21:07:20 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005.10.04 21:07:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005.09.16 08:54:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.09.16 08:33:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.09.16 08:31:42 | 000,006,537 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005.09.16 08:22:44 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.09.16 08:09:54 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.09.16 08:02:50 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.09.16 01:59:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2005.09.16 01:59:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005.09.16 01:56:10 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.08.10 00:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.07.14 13:31:20 | 000,027,648 | RHS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2005.06.21 23:37:42 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >
         




Code:
ATTFilter
OTL Extras logfile created on: 17.05.2010 13:29:15 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 581,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1534 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 10,04 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NAME-5DDB2F17FD
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"20:TCP" = 20:TCP:*:Enabled:o2 DSL FTP 20
"23:TCP" = 23:TCP:*:Enabled:o2 DSL Telnet 23
"80:TCP" = 80:TCP:*:Enabled:o2 DSL HTTP 80
"161:UDP" = 161:UDP:*:Enabled:o2 DSL SNMP 161
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\emule\emule.exe" = C:\Programme\emule\emule.exe:*:Enabled:eMule -- File not found
"C:\Programme\eDonkey2000\edonkey2000.exe" = C:\Programme\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000 -- File not found
"C:\Dokumente und Einstellungen\***\Eigene Dateien\KoQ\koqmirc\koqmirc\mIRC\mirc.exe" = C:\Dokumente und Einstellungen\***\Eigene Dateien\KoQ\koqmirc\koqmirc\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Programme\Java\jre1.5.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{6D74E1F4-32D5-44D0-9054-8D57E981F59F}_is1" = Flash Saving Plugin
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CleanUp!" = CleanUp!
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC66 Referenzhandbuch" = ESC66 Referenzhandbuch
"ESC66 Softwarehandbuch" = ESC66 Softwarehandbuch
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"FLVPlayer" = FLV Player 1.3.3
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"JDiskReport 1.3.0" = JGoodies JDiskReport 1.3.0
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PrimoPDF3.2" = PrimoPDF
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.2
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 20.11.2009 04:39:59 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 hxxp://www.youtube.com/get_video_info?video_id=J0NIDI8GhCc&hl=de_DE&el=detailpage
 failed, 0000A413.  
 
Error - 21.11.2009 22:21:08 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MICROSOFT\VORLAGEN\NORMAL.DOT
 failed, 00000005.  
 
Error - 21.11.2009 22:21:08 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOKUMENTE UND EINSTELLUNGEN\***\DESKTOP\***\***.DOC
 failed, 00000005.  
 
Error - 20.01.2010 14:18:13 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Z8DPFY2K.DEFAULT\EXTENSIONS\{0200C2A9-70DA-4F6D-B527-F5F7D7877228}\DEFAULTS\PREFERENCES\FIREUPLOADER.JS
 failed, 00000005.  
 
Error - 20.01.2010 14:18:15 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Z8DPFY2K.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
 failed, 00000005.  
 
Error - 20.01.2010 14:18:16 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Z8DPFY2K.DEFAULT\PREFS.JS
 failed, 00000005.  
 
Error - 24.02.2010 16:38:05 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\WINDOWS\SoftwareDistribution\Download\67833e173e19742f5d4c008528ebc408\BIT7.tmp
 failed, 00000026.  
 
Error - 24.02.2010 16:38:25 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\WINDOWS\SoftwareDistribution\Download\d7ec2671b1dec4d8250e0dfe2b973c02\BIT8.tmp
 failed, 00000026.  
 
Error - 24.02.2010 16:38:52 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\WINDOWS\SoftwareDistribution\Download\d7ec2671b1dec4d8250e0dfe2b973c02\BIT8.tmp
 failed, 00000026.  
 
Error - 24.02.2010 16:39:17 | Computer Name = NAME-5DDB2F17FD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\WINDOWS\SoftwareDistribution\Download\d7ec2671b1dec4d8250e0dfe2b973c02\BIT8.tmp
 failed, 00000026.  
 
[ Application Events ]
Error - 12.05.2010 12:13:36 | Computer Name = NAME-5DDB2F17FD | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winword.exe, Version 9.0.0.2823, fehlgeschlagenes
 Modul winword.exe, Version 9.0.0.2823, Fehleradresse 0x00331949.
 
Error - 15.05.2010 11:39:21 | Computer Name = NAME-5DDB2F17FD | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 15.05.2010 11:39:21 | Computer Name = NAME-5DDB2F17FD | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 15.05.2010 11:40:18 | Computer Name = NAME-5DDB2F17FD | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 15.05.2010 11:40:19 | Computer Name = NAME-5DDB2F17FD | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 15.05.2010 11:40:19 | Computer Name = NAME-5DDB2F17FD | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 15.05.2010 11:40:19 | Computer Name = NAME-5DDB2F17FD | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 15.05.2010 11:40:19 | Computer Name = NAME-5DDB2F17FD | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 15.05.2010 11:40:19 | Computer Name = NAME-5DDB2F17FD | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 15.05.2010 11:44:07 | Computer Name = NAME-5DDB2F17FD | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 15.05.2010 07:35:42 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
Error - 15.05.2010 11:09:32 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
Error - 15.05.2010 11:26:21 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
Error - 15.05.2010 18:57:44 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
Error - 16.05.2010 06:07:32 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
Error - 16.05.2010 09:01:56 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
Error - 16.05.2010 14:22:08 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
Error - 17.05.2010 06:49:31 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
Error - 17.05.2010 07:25:53 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   iaStor  IntelIde  SiSRaid2  viamraid
 
Error - 17.05.2010 07:25:53 | Computer Name = NAME-5DDB2F17FD | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Sophos Anti-Virus" wurde mit folgendem dienstspezifischem
 Fehler beendet: 0 (0x0).
 
 
< End of report >
         

Alt 17.05.2010, 17:01   #5
Werft
 
sdra64.exe - Standard

sdra64.exe



Nochmal ich! Hab Folgendes eben gefunden, allerdings selbst noch nicht ausprobiert! glaubt ihr das könnte helfen?
How to remove sdra64.exe yourself - for free
This is an off-topic post about how to remove the virus sdra64.exe which somehow ends up in c:\windows\system32\sdra64.exe and you can't delete or rename it.

I searched online for 'remove sdra64.exe' and get bombarded by stupid-ass companies who all want to rip you off, by making you think you need their software. Some even say its free.. You use their software, it tells you you have problems (surprise surprise!) and then tells you you need to buy a license to do anything about it. Either that or you just end up on a page that makes out it is about tech support, but is actually just trying to get you there so it can show you no content and a million ads.

Well this lil post is the official screw-you to all those douchebags.

First off, this virus is so-say a keystroke logger, so whatever you do - don't do anything which involves typing passwords or sensitive data until we have removed it.


Step 1 - Print off these instructions.

Step 2 - Bring your PC up in safe mode: That means go to Start > Run > and type:

msconfig

This will bring up the msconfig utility.

On the General tab, select 'Selective Startup' and UNCHECK all the 4 boxes with checks in them so they are empty. Then go to the BOOT.INI tab and check /SAFEBOOT and MINIMAL (next to it).

Click apply and OK.

It will ask you if you want to reboot. Say yes.

Step 3 - When your PC has rebooted, go to Start > Run > and type regedit.

This brings up registry editor.

Now navigate down this path:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

There will be a registry key in there called userinit. Its data will look like this:

C:\Windows\System32\Userinit.exe,C:\Windows\System32sdra64.exe,

Now what you need to do is remove the second bit I have highlighted in red(C:\Windows\System32sdra64.exe,)

BUT - as soon as you do **poof** it will add itself back in !!

(If you have just tried to remove that part - now click away to another folder in regedit and back into winlogon so you can see it back there again).

So what to do ??

This is where we get sneaky.

Keep regedit open on the userinit key we want to edit - we are coming back to it in a sec.

Press Ctrl Alt & Del and open the task manager. Go to the processes tab. End process on a few of the svchost.exe processes.

When you have done one or two of them you will get a message saying the PC is about to reboot in 60 seconds.

Go back to regedit - double click the userinit key to edit it.

The idea here is to remove the unwanted part (C:\Windows\System32sdra64.exe,) so you are just left with

C:\Windows\System32\Userinit.exe,

but DON'T click ok UNTIL the timer has almost completely run out.

We want to remove it with so little time left that the virus doesn't have time to add it back in again!!

I clicked OK somewhere between 1 and 0 seconds left.

Your PC will reboot now and come back up in safe mode again.

Step 4 - Check regedit to see if the change you made to the registry key in step 3 has worked. If not.. do it again.

If it has worked, you should see that all you have is

C:\Windows\System32\Userinit.exe,

Step 5 - Now go to Start > Run > and type C:\Windows\System32\ hit enter.

Find the file sdra64.exe (which now shouldn't be in use because we removed the command for it to load in Step 3).

Rename it to sdra64.bla and hit enter. It should let you because it isn't in use.

Step 6 - Now delete it.

Step 7 - Now go to your recycle bin and delete it from there too.

Step 8 - Delete all temporary internet files in Internet Explorer. (In Internet Explorer > Tools > Internet Options > and under browsing history click Delete.

Step 9 - Reboot your PC again. It will still be in safe mode.

When it comes back up, check to make sure that sdra64.exe is gone from C:\Windows\System32\

If it has, then you can remove the safeboot option.

Start > Run > type msconfig

Select Normal Startup

Hopefully you should now be rid of that god damn virus.

This is how I did it. Hopefully it will work for you too.

If you have any more info or tips that helped you, post them in the comments.

PEACE!


Alt 17.05.2010, 18:17   #6
Angel21
 
sdra64.exe - Standard

sdra64.exe



Bitte keine anderen Schritte durchführen, als wie wir sie beschreiben. Vergiss diese Schritte, die sdra64.exe wurde durch Malwarebytes gekillt.

Folgendes, mache wie in der Anleitung stehend ein GMER Rootkit Scan. Ich will sicher gehen, dass sich auf Deinem System kein Rootkit eingenistet hatte.
__________________
--> sdra64.exe

Alt 18.05.2010, 01:42   #7
Werft
 
sdra64.exe - Standard

sdra64.exe



GMER Rootkit Scan

Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-18 01:36:30
Windows 5.1.2600 Service Pack 3
Running: xuzoky63.exe; Driver: C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\kfayaaog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwClose [0xA9CA86B8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateKey [0xA9CA8574]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDeleteValueKey [0xA9CA8A52]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDuplicateObject [0xA9CA814C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenKey [0xA9CA864E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenProcess [0xA9CA808C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenThread [0xA9CA80F0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwQueryValueKey [0xA9CA876E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwRestoreKey [0xA9CA872E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwSetValueKey [0xA9CA88AE]

---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\o2mmb.sys                                                                         entry point in "init" section [0xF71B2320]
.text           C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                      section is writeable [0xA9B0F000, 0x328BA, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                      entry point in ".pklstb" section [0xA9B53000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                      unknown last section [0xA9B6F000, 0x8E, 0x42000040]
?               C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\kfayaaod.sys                                                               Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\Explorer.EXE[284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                      [02452F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\Explorer.EXE[284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]             [02452C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\Explorer.EXE[284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                           [02452CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\Explorer.EXE[284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                 [02452CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT             C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00380002
IAT             C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                       SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                       SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{1454a5b7-3445-436f-b097-67e478c49c4e}@Model                                      71
Reg             HKLM\SOFTWARE\Classes\CLSID\{1454a5b7-3445-436f-b097-67e478c49c4e}@Therad                                     32
Reg             HKLM\SOFTWARE\Classes\CLSID\{1454a5b7-3445-436f-b097-67e478c49c4e}@MData                                      0x2B 0x8F 0x78 0x29 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk                                     0xCF 0x3C 0x2E 0x37 ...

---- EOF - GMER 1.0.15 ----
         

Alt 18.05.2010, 14:52   #8
Angel21
 
sdra64.exe - Standard

sdra64.exe



Das schaut OK aus.
  • ESET Online Scanner
    • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
    • Button "ESET Online Scanner" drücken.
    • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
    • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Der Scan beginnt automatisch.
    • Finish drücken.
    • Browser schließen.
    • Explorer öffnen.
    • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
    • Logfile hier posten.
    • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
    • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
    • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 18.05.2010, 14:55   #9
Werft
 
sdra64.exe - Standard

sdra64.exe



Vielen vielen Dank für deine Hilfe !!!

Alt 18.05.2010, 14:58   #10
Angel21
 
sdra64.exe - Standard

sdra64.exe



Bitte poste nicht andere Threads während ich dein Problem bearbeite, ich kann leider nunmal nicht 24 stunden rund um die Uhr da sein, bitte Gedulde dich bis ich wieder da bin alles analysieren kann und in ruhe weitere Schritte posten kann.
Ich hab nunmal genauso wie Du ein Privatleben
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 18.05.2010, 22:23   #11
Werft
 
sdra64.exe - Standard

sdra64.exe



Tschuldige. Lag wohl daran, dass der eventuelle Befall meines Computers mich bisschen nervös gemacht hat

Hier also das Log des ESET Online Scans

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=74c4f7f6ea67014a8f1f68ef5781a46c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-18 08:19:07
# local_time=2010-05-18 10:19:07 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775125 100 89 577 210492489 9142 0
# compatibility_mode=8192 67108863 100 0 178 178 0 0
# compatibility_mode=9217 16777214 25 9 96781523 96781523 0 0
# scanned=106402
# found=6
# cleaned=6
# scan_time=13416
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Accoona.zip	Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\NewDotNet.zip	Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\5f315a54-69d8a9c8	Java/TrojanDownloader.Agent.NAZ trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36\5cfba6a4-2879f0f1	a variant of Java/TrojanDownloader.Agent.NAX trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\***\Eigene Dateien\Codecs\HSS-1.07-install-anchorfree-76-conduit.exe	a variant of Win32/HotSpotShield application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\pdfupd.exe	Win32/Spy.Zbot.UN trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 19.05.2010, 11:51   #12
Angel21
 
sdra64.exe - Standard

sdra64.exe



Gut, weiter im Takt

Wie fühlt sich der PC mittlerweile an? So als zwischenergebnis...

Panda Active Scan
Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 19.05.2010, 14:16   #13
Werft
 
sdra64.exe - Standard

sdra64.exe



Bin grade am Scannen...

Alt 19.05.2010, 14:32   #14
Angel21
 
sdra64.exe - Standard

sdra64.exe



Du hast meine Frage, wie es deinem PC im Halbzeitstand so geht nicht beantwortet.
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 19.05.2010, 14:47   #15
Werft
 
sdra64.exe - Standard

sdra64.exe



Fühlt sich an wie vorher als ich was drauf hatte Nicht besonders langsam oder sonstige Anzeichen...

Oje, bin immer noch mitten im Scan. Wurden allerdings schon 6 infizierte Dateien gefunden
Doch noch nicht alles gut???

Antwort

Themen zu sdra64.exe
adobe, antivirus, avast, avast!, computer, computern, download, explorer, free download, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, logfile, monitor, object, programme, saving, sdra64.exe, security, security scan, software, system, usb, windows xp



Ähnliche Themen: sdra64.exe


  1. sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (1)
  2. sdra64.exe auf dem laptop aber malwarebytes stürzt ab.
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (21)
  3. SDRA64.exe, Trojan-Downloader.Win32.Piker.ciq
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (10)
  4. C:\WINDOWS\system32\sdra64.exe u.v.a.
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (3)
  5. Trojaner sdra64
    Plagegeister aller Art und deren Bekämpfung - 19.07.2010 (12)
  6. sdra64.exe wird andauernd von Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 31.05.2010 (2)
  7. trojan.js agent apa /sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (3)
  8. sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (15)
  9. sdra64 entfernen, aber wie?
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (6)
  10. sdra64.exe und andere Trojaner
    Log-Analyse und Auswertung - 01.05.2010 (13)
  11. sdra64.exe ++
    Log-Analyse und Auswertung - 01.05.2010 (17)
  12. Infektion durch Exploit mit sdra64.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (20)
  13. C:\WINDOWS\system32\sdra64.exe mit TR/Spy.ZBot.ahgi infiziert
    Log-Analyse und Auswertung - 19.04.2010 (12)
  14. sdra64.exe, msmsgrs.exe
    Plagegeister aller Art und deren Bekämpfung - 08.04.2010 (10)
  15. sdra64.exe... was nun?
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (1)
  16. Windows Vista: Desktop schwarz und sdra64.exe
    Log-Analyse und Auswertung - 11.01.2010 (1)
  17. TR/Dropper.Gen in twex.exe, twext.exe und sdra64.exe + mehr
    Plagegeister aller Art und deren Bekämpfung - 15.11.2009 (4)

Zum Thema sdra64.exe - Hallo, ich habe grade entdeckt, dass ich mir wohl ein ziemlich schlimmes Ding eingefangen habe. Hab eben schon einiges drüber gelesen und bin verzweifelt! sdra64.exe. Was mach ich denn jetzt? - sdra64.exe...
Archiv
Du betrachtest: sdra64.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.