Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
ICQ und MSN Trojaner

ICQ und MSN Trojaner


Plagegeister aller Art und deren Bekämpfung: ICQ und MSN Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.06.2010, 18:05   #1
hatsuharu
 
ICQ und MSN Trojaner - Standard

ICQ und MSN Trojaner


Hallo,

Ich habe seit gestern leider diesen hartnäckigen Messengertrojaner auf meinem PC und werde ihn nicht mehr los.
Ich habe mir dann hier ein paar Posts durchgelesen und OTL und Malwarebytes eingesetzt.

Das sind die logfiles:
OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.06.2010 15:27:42 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = c:\Users\hatsuharu\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,57 Gb Total Space | 107,48 Gb Free Space | 56,11% Space Free | Partition Type: NTFS
Drive D: | 94,80 Gb Total Space | 94,71 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HATSUHARU-PC
Current User Name: hatsuharu
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\hatsuharu\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Public\winscdvn.exe ()
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\winadm.exe (Müller)
PRC - c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\winadmd.exe (-)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\hatsuharu\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\Windows\System32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\Windows\System32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\Windows\System32\drivers\SE27bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1001211611\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.16 14:29:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.06.09 13:42:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 14:29:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.27 11:02:39 | 000,000,000 | ---D | M]
 
[2008.11.16 18:22:39 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\mozilla\Extensions
[2010.06.09 14:01:51 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\mozilla\Firefox\Profiles\xf40gbg2.default\extensions
[2010.05.05 21:36:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\hatsuharu\AppData\Roaming\mozilla\Firefox\Profiles\xf40gbg2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.05 21:36:44 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\hatsuharu\AppData\Roaming\mozilla\Firefox\Profiles\xf40gbg2.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.06.06 16:38:12 | 000,000,961 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin-1.xml
[2009.08.09 22:06:05 | 000,000,950 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin-2.xml
[2009.09.20 20:15:03 | 000,000,950 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin-3.xml
[2009.10.29 08:16:12 | 000,000,950 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin-4.xml
[2009.12.19 19:30:35 | 000,000,961 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin-5.xml
[2010.01.07 15:04:33 | 000,000,961 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin-6.xml
[2010.01.21 17:15:36 | 000,000,961 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin-7.xml
[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin.gif
[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin.src
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\icqplugin.xml
[2009.03.12 19:09:02 | 000,001,632 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\live-search.xml
[2009.11.30 18:30:42 | 000,003,915 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\Mozilla\FireFox\Profiles\xf40gbg2.default\searchplugins\sweetim.xml
[2010.01.21 17:11:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.21 17:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npsnapfish.dll
[2010.05.04 20:59:02 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.05.04 20:59:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.05.04 20:59:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.05.04 20:59:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.05.04 20:59:04 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1001211611\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1001211611\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [_winadm] C:\Windows\System32\winadm.exe (Müller)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [Windows Firewall Updates] C:\Users\Public\winscdvn.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\hatsuharu\Pictures\music and stuff\Korean\Jange Geun Suk\ca74d0abc83e766cb40e39fef44cb0b6_large.jpg
O24 - Desktop BackupWallPaper: C:\Users\hatsuharu\Pictures\music and stuff\Korean\Jange Geun Suk\ca74d0abc83e766cb40e39fef44cb0b6_large.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1e348749-db6a-11dd-8a9e-00140b40cb8b}\Shell - "" = AutoRun
O33 - MountPoints2\{1e348749-db6a-11dd-8a9e-00140b40cb8b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3f55b25e-7ae0-11de-8329-00140b40cb8b}\Shell - "" = AutoRun
O33 - MountPoints2\{3f55b25e-7ae0-11de-8329-00140b40cb8b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{77bb1c5b-bf01-11de-a3e7-00140b40cb8b}\Shell - "" = AutoRun
O33 - MountPoints2\{77bb1c5b-bf01-11de-a3e7-00140b40cb8b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8399a161-4bc0-11de-87a7-00140b40cb8b}\Shell - "" = AutoRun
O33 - MountPoints2\{8399a161-4bc0-11de-87a7-00140b40cb8b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = xefile] -- "C:\Windows\system32\Regsvr16.exe" "%1" %* ()
 
========== Files/Folders - Created Within 7 Days ==========
 
[2010.06.09 14:07:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.06.03 15:38:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.03 15:30:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
 
========== Files - Modified Within 7 Days ==========
 
[2010.06.09 15:30:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F4FD11F-F313-45D2-ABCE-96DA404C8465}.job
[2010.06.09 15:28:44 | 004,718,592 | -HS- | M] () -- C:\Users\hatsuharu\ntuser.dat
[2010.06.09 15:20:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.09 15:19:14 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E46FA71A-DECA-4585-8A5F-E343ED9DEF77}.job
[2010.06.09 14:59:06 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.09 14:59:06 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.09 13:59:25 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.09 13:59:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.09 13:59:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.09 13:58:58 | 3220,099,072 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.09 13:38:16 | 003,823,999 | -H-- | M] () -- C:\Users\hatsuharu\AppData\Local\IconCache.db
[2010.06.09 10:36:30 | 000,002,525 | ---- | M] () -- C:\Users\hatsuharu\Desktop\TubeBox! starten.lnk
[2010.06.08 22:15:39 | 000,000,206 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100608_221534.reg
[2010.06.08 20:54:16 | 000,000,206 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100608_205412.reg
[2010.06.08 20:38:11 | 000,000,206 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100608_203808.reg
[2010.06.08 19:49:36 | 000,066,067 | ---- | M] () -- C:\Windows\KernelMessage
[2010.06.08 18:02:42 | 000,027,136 | ---- | M] () -- C:\Users\hatsuharu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.07 23:39:47 | 000,000,206 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100607_233944.reg
[2010.06.07 23:39:32 | 000,000,206 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100607_233927.reg
[2010.06.07 23:39:12 | 000,002,918 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100607_233859.reg
[2010.06.04 15:07:44 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.04 15:07:44 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.04 15:07:44 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.04 15:07:44 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.04 15:07:43 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.03 17:23:11 | 000,027,715 | ---- | M] () -- C:\Users\hatsuharu\AppData\Roaming\nvModes.001
[2010.06.03 15:48:39 | 000,000,206 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100603_154835.reg
[2010.06.03 15:48:13 | 000,000,846 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100603_154811.reg
[2010.06.03 15:47:54 | 000,000,528 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100603_154751.reg
[2010.06.03 15:46:35 | 000,000,788 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100603_154632.reg
[2010.06.03 15:46:05 | 000,043,418 | ---- | M] () -- C:\Users\hatsuharu\Documents\cc_20100603_154559.reg
[2010.06.03 15:38:25 | 000,001,676 | ---- | M] () -- C:\Users\hatsuharu\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2010.06.08 22:15:36 | 000,000,206 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100608_221534.reg
[2010.06.08 20:54:14 | 000,000,206 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100608_205412.reg
[2010.06.08 20:38:09 | 000,000,206 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100608_203808.reg
[2010.06.07 23:39:46 | 000,000,206 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100607_233944.reg
[2010.06.07 23:39:30 | 000,000,206 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100607_233927.reg
[2010.06.07 23:39:02 | 000,002,918 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100607_233859.reg
[2010.06.03 15:48:37 | 000,000,206 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100603_154835.reg
[2010.06.03 15:48:12 | 000,000,846 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100603_154811.reg
[2010.06.03 15:47:53 | 000,000,528 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100603_154751.reg
[2010.06.03 15:46:34 | 000,000,788 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100603_154632.reg
[2010.06.03 15:46:02 | 000,043,418 | ---- | C] () -- C:\Users\hatsuharu\Documents\cc_20100603_154559.reg
[2010.06.03 15:38:25 | 000,001,676 | ---- | C] () -- C:\Users\hatsuharu\Desktop\CCleaner.lnk
[2010.02.02 18:48:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Mswinmask32.dll
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2008.12.06 17:49:42 | 000,018,944 | ---- | C] () -- C:\Windows\System32\wk32.dll
[2008.12.06 17:49:42 | 000,003,584 | ---- | C] () -- C:\Windows\System32\ic32.dll
[2008.08.31 14:36:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.04.14 20:05:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.04.14 17:31:16 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.03.28 19:41:32 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.03.14 20:07:28 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.06.02 09:41:14 | 000,039,936 | ---- | C] () -- C:\Windows\System32\dwlGina2.dll
 
========== LOP Check ==========
 
[2009.10.07 12:02:35 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\Artweaver
[2010.05.27 17:39:30 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\gtk-2.0
[2010.06.09 15:22:27 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\ICQ
[2008.05.25 19:04:17 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\ICQ Toolbar
[2008.04.14 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\InterVideo
[2010.03.29 21:51:54 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\PeerNetworking
[2009.02.03 17:28:55 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\Snapfish
[2008.12.01 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\SPORE
[2009.09.18 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\Teleca
[2008.10.20 07:46:36 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\Template
[2009.09.18 21:28:46 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\TubeBox
[2009.12.19 14:46:22 | 000,000,000 | ---D | M] -- C:\Users\hatsuharu\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2010.06.09 13:42:16 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.09 15:30:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4F4FD11F-F313-45D2-ABCE-96DA404C8465}.job
[2010.06.09 15:19:14 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E46FA71A-DECA-4585-8A5F-E343ED9DEF77}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.06.2010 15:27:42 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = c:\Users\hatsuharu\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,57 Gb Total Space | 107,48 Gb Free Space | 56,11% Space Free | Partition Type: NTFS
Drive D: | 94,80 Gb Total Space | 94,71 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HATSUHARU-PC
Current User Name: hatsuharu
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = xefile] -- C:\Windows\System32\Regsvr16.exe ()
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8E11D9-7F2B-48C8-BB05-3034278B9065}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1586E17F-F016-47F2-8617-ECBF409114CB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5B268ABA-D6F1-47FC-A58E-B2AB210662B4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{75ED7D0D-D292-4303-9BF5-19D93E6C1DA9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8555F5C8-71A7-49F0-9728-068DA2A9D91C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9C562200-4481-4115-97D9-C0990050CB9C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9E1DDDF8-F984-4ACD-BCF3-0B366BAEF698}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F93D150-22AE-4612-AD79-E051A6BD2067}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A277AF50-0F01-483A-A528-FDB1E7D7EFD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B7C4D431-4354-4D10-AC83-CD9918E420DE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B7EC7419-C5B5-4A8A-8F42-3FA04D72F914}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FDD0F271-A78B-4B3B-9469-4CE0A8943A29}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B058C4-85E4-44C8-88DB-04D026C20341}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{099D1501-8C58-48BD-AE30-1985EF5F31A2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{0FD79864-1C74-4149-96A0-BCE88F311B45}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{20456862-BF19-4680-8922-834EE86AA481}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{3B1281BB-FEA4-4574-98DD-F7B2E2DEF0F1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{5C9430D1-2535-404C-8888-892D9293C03A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6305AB71-DC81-49D1-BAF8-A8878EF9E1FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{731B4534-4094-49DF-B26C-80476F1FE099}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{7406CE3A-C295-4AD3-85B2-3F52E532932D}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{8148C58B-C2F5-4C91-BDD2-8BAE94FB0375}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8706609D-0239-440A-9616-3857CFC7984D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{BA8A5EAE-7E57-463C-81A4-0524603B153C}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe | 
"{BD23D0C6-838E-4E0F-AE4B-35E56A1AB101}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C5050756-BE11-41C2-91D4-255D0F86DAC1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{D1BBDF6A-F831-4CF7-85F4-1F2EC2199455}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{E8E69D25-162B-46E0-9156-FDCB165ECA61}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{EB43073E-EEA1-4B8B-8E80-DE0AC7B91AE2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{FE5D3FA7-DDD4-473F-80B4-7E0DEC186315}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{2BF40A6C-C13E-4521-A004-C6AB759CE871}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{38759326-02E2-4485-8FE9-7744D3D760F3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3C14FCF6-BDB2-4915-B1B1-1F50A49A37E8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{5BE12FAA-33D1-41FC-9200-D4D43C775829}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{667A597F-EF72-46C0-AC74-CE1492F7669C}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"TCP Query User{6B843830-7C0B-4E18-B106-C273FE4BAAD5}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{8E79C98A-11D8-4090-A050-A99A65387DA6}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A6EA4538-FF44-44A6-95F3-90B89E6A291F}E:\ttn.exe" = protocol=6 | dir=in | app=e:\ttn.exe | 
"TCP Query User{B86302AE-4DC8-470A-BC04-668780AFA963}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{EE19C11E-9F46-42E8-8ECF-4C730A578070}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{1C3F398B-0EAF-471D-8E01-1734B8C3F3C3}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{39561CCE-F888-4FC5-9921-E21B3A54804D}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6ADA8B99-B371-4AF2-9D4F-EB3F3041B141}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"UDP Query User{6E6CCE39-B1A5-4913-BB0C-FCF301FFC3C4}E:\ttn.exe" = protocol=17 | dir=in | app=e:\ttn.exe | 
"UDP Query User{77AD0B6A-9ADA-4DEC-A474-0AFDFD71CD51}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{8CB7A45D-79BE-4D41-B1F2-557C3C399A87}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{A4B3B654-3102-4F0E-9B39-855955C28226}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{A593D47A-07E0-484E-BB74-B8D847AD7A24}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D5732905-F46D-422D-B075-4B1CF487A7A1}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{F2D994BE-B717-4436-9369-85099001AA6B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46008F4B-A8C3-4282-ACE3-73821F860911}" = OpenOffice.org 2.4
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"Hotkey Utility_is1" = Hotkey Utility
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Light Sensor Utility 1.4_is1" = Light Sensor Utility 1.4
"LingoMaxx" = LingoMAXX
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Power Manager_is1" = Power Manager 2.1.10
"RealPlayer 12.0" = RealPlayer
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2010 16:31:15 | Computer Name = hatsuharu-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 09.06.2010 07:59:09 | Computer Name = hatsuharu-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 09.06.2010 08:01:21 | Computer Name = hatsuharu-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 09.06.2010 08:05:48 | Computer Name = hatsuharu-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 09.06.2010 08:05:48 | Computer Name = hatsuharu-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 09.06.2010 08:05:49 | Computer Name = hatsuharu-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 09.06.2010 08:05:51 | Computer Name = hatsuharu-PC | Source = usbperf | ID = 2004
Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit
 einem nicht unterstützten Abfragetyp aufgerufen.
 
Error - 09.06.2010 08:08:10 | Computer Name = hatsuharu-PC | Source = usbperf | ID = 2004
Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit
 einem nicht unterstützten Abfragetyp aufgerufen.
 
Error - 09.06.2010 08:14:10 | Computer Name = hatsuharu-PC | Source = usbperf | ID = 2004
Description = Fehler bei der usbperf-Datensammlung. Die Collect-Funktion wurde mit
 einem nicht unterstützten Abfragetyp aufgerufen.
 
Error - 09.06.2010 09:22:20 | Computer Name = hatsuharu-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
 0x4a6ce533, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0003b15f,  Prozess-ID 0xb94, Anwendungsstartzeit
 01cb07cb8164a601.
 
[ System Events ]
Error - 06.06.2010 07:08:08 | Computer Name = hatsuharu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 06.06.2010 07:08:08 | Computer Name = hatsuharu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 12, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 06.06.2010 07:08:08 | Computer Name = hatsuharu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 13, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 06.06.2010 07:08:22 | Computer Name = hatsuharu-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6
Description = 
 
Error - 08.06.2010 15:26:59 | Computer Name = hatsuharu-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.06.2010 um 21:26:09 unerwartet heruntergefahren.
 
Error - 08.06.2010 16:28:45 | Computer Name = hatsuharu-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.06.2010 um 22:27:52 unerwartet heruntergefahren.
 
Error - 09.06.2010 07:58:43 | Computer Name = hatsuharu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 09.06.2010 07:58:43 | Computer Name = hatsuharu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 12, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 09.06.2010 07:58:43 | Computer Name = hatsuharu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 13, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 09.06.2010 07:58:55 | Computer Name = hatsuharu-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6
Description = 
 
 
< End of report >
--- --- ---


Malwarebytes
Zitat:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4183

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

09.06.2010 17:37:26
mbam-log-2010-06-09 (17-37-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 253867
Laufzeit: 1 Stunde(n), 46 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
Nun wüsste ich gerne, wie ich weiter vorgehen muss.

Danke im Vorraus (:

Alt 10.06.2010, 10:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ICQ und MSN Trojaner - Standard

ICQ und MSN Trojaner


Hallo und

Du hast noch Malwarebytes 1.45, bitte gleich mal auf 1.46 updaten und dann auch die Datenbanken updaten!!

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Users\Public\winscdvn.exe ()
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\winadm.exe (Müller)
PRC - C:\Windows\System32\winadmd.exe (-)
SRV - (CLTNetCnService) --  File not found
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [_winadm] C:\Windows\System32\winadm.exe (Müller)
O4 - HKCU..\Run: [Windows Firewall Updates] C:\Users\Public\winscdvn.exe ()

:Files
C:\Users\Public\winscdvn.exe
C:\Windows\System32\winadm.exe
C:\Windows\System32\winadmd.exe
C:\Windows\System32\Mswinmask32.dll
C:\Windows\System32\dossec.dll
C:\Windows\System32\wk32.dll
C:\Windows\System32\ic32.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________

__________________
Alt 11.06.2010, 13:46   #3
hatsuharu
 
ICQ und MSN Trojaner - Standard

ICQ und MSN Trojaner


Danke (:

Hab ich gemacht.
Hier das logfile:

Zitat:
All processes killed
========== OTL ==========
No active process named winscdvn.exe was found!
Process ICQ Service.exe killed successfully!
Process winadm.exe killed successfully!
No active process named winadmd.exe was found!
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\_winadm deleted successfully.
Invalid CLSID key: _winadm
C:\Windows\System32\winadm.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Firewall Updates deleted successfully.
C:\Users\Public\winscdvn.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Public\winscdvn.exe not found.
File\Folder C:\Windows\System32\winadm.exe not found.
C:\Windows\System32\winadmd.exe moved successfully.
C:\Windows\System32\Mswinmask32.dll moved successfully.
C:\Windows\System32\dossec.dll moved successfully.
C:\Windows\System32\wk32.dll moved successfully.
C:\Windows\System32\ic32.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: hatsuharu
->Temp folder emptied: 180138 bytes
->Temporary Internet Files folder emptied: 101178 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38411138 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 643 bytes

User: hatsuharu14
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37,00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06112010_144035

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
War das so richtig?
__________________
Alt 11.06.2010, 14:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ICQ und MSN Trojaner - Standard

ICQ und MSN Trojaner


Hast Du das fettgedruckte übersehen?? Ich habs extra fettgedruckt damit Du das beachtest
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu ICQ und MSN Trojaner
acroiehelper.dll, adobe, alternate, antivir, avgntflt.sys, avira, bho, components, corp./icp, defender, desktop, error, fehler, firefox, firefox.exe, flash player, format, google chrome, home, home premium, iastor.sys, icq msn messenger virus trojaner, iexplore.exe, install.exe, location, malwarebytes' anti-malware, mozilla, nodrives, ntdll.dll, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl.exe, picasa, plug-in, programdata, realtek, registry, rundll, saver, sched.exe, searchplugins, shell32.dll, skype.exe, software, super, svchost.exe, trojane, trojaner, tubebox, udp, updates, usb, vista, vlc media player, windows-sicherheitscenter


« Messenger Bildvirus | Problem: Anti Malware Doctor lässt sich nicht entfernen »

Zum Thema ICQ und MSN Trojaner - Hallo, Ich habe seit gestern leider diesen hartnäckigen Messengertrojaner auf meinem PC und werde ihn nicht mehr los. Ich habe mir dann hier ein paar Posts durchgelesen und OTL und - ICQ und MSN Trojaner...
Archiv
Du betrachtest: ICQ und MSN Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27