Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.06.2010, 22:41   #1
Amazone007
 
Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack - Standard

Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack



Guten Abend.
Ich habe leider genau dasselbe Problem, ich doofe Kuh. Sohn öffnet Bild bei ICQ und zack, da isse die Malware.
Meine OTL Logfiles:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.06.2010 22:26:51 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\Fussel\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 137,71 Gb Free Space | 48,13% Space Free | Partition Type: NTFS
Drive D: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FUSSEL-PC
Current User Name: Fussel
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.09 22:25:35 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Fussel\Downloads\OTL.exe
PRC - [2010.06.09 21:57:03 | 000,169,472 | ---- | M] () -- C:\Users\Fussel\AppData\Local\Temp\Wlg.exe
PRC - [2010.06.09 21:57:01 | 000,164,864 | ---- | M] () -- C:\Windows\Wdecya.exe
PRC - [2010.06.09 21:56:04 | 000,101,376 | RHS- | M] () -- C:\Users\Public\winscdvn.exe
PRC - [2010.06.08 13:39:01 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.1\ICQ.exe
PRC - [2010.05.26 10:20:22 | 000,056,680 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2010.05.11 12:00:30 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.04.09 14:13:26 | 002,388,616 | ---- | M] (mobile concepts GmbH) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2010.03.31 15:05:00 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.03.18 05:52:18 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009.11.19 18:31:05 | 000,466,689 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.16 14:01:16 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.03 19:54:42 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009.04.03 19:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009.04.03 19:54:40 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009.03.05 09:43:32 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.02.11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2008.11.05 13:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008.09.23 14:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.02.12 15:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.10.10 15:11:08 | 000,827,392 | ---- | M] () -- C:\Windows\vsnp325.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.09 22:25:35 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Fussel\Downloads\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009.04.03 19:54:52 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\SysHook.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/rswin_3697.dll ()
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation)
DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\System32\drivers\snp325.sys (Sonix Co. Ltd.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys ()
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI)
DRV - (int15.sys) -- C:\Windows\System32\OEM\factory\int15.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0909&m=extensa_5635zg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.10 19:08:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.04.11 20:23:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.11 12:01:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.11 12:01:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.02 01:07:41 | 000,000,000 | ---D | M]
 
[2009.10.02 17:02:17 | 000,000,000 | ---D | M] -- C:\Users\Fussel\AppData\Roaming\mozilla\Extensions
[2010.06.09 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Fussel\AppData\Roaming\mozilla\Firefox\Profiles\mg4vub6x.default\extensions
[2009.10.04 20:52:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fussel\AppData\Roaming\mozilla\Firefox\Profiles\mg4vub6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.10 00:12:06 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Fussel\AppData\Roaming\mozilla\Firefox\Profiles\mg4vub6x.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010.04.01 14:27:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fussel\AppData\Roaming\mozilla\Firefox\Profiles\mg4vub6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.22 04:56:58 | 000,002,280 | ---- | M] () -- C:\Users\Fussel\AppData\Roaming\Mozilla\FireFox\Profiles\mg4vub6x.default\searchplugins\google-und-download-suche.xml
[2010.06.08 09:53:04 | 000,000,955 | ---- | M] () -- C:\Users\Fussel\AppData\Roaming\Mozilla\FireFox\Profiles\mg4vub6x.default\searchplugins\icqplugin.xml
[2010.06.03 20:37:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.02 17:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.02 01:07:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.08.09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\PDFNetC.dll
[2009.08.09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2009.12.18 18:01:22 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.18 18:01:22 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.18 18:01:22 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.18 18:01:22 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.18 18:01:22 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Fussel\AppData\Local\Temp\Wlg.exe ()
O4 - HKCU..\Run: [Windows Firewall Manager] C:\Users\Public\winscdvn.exe ()
O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fussel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fussel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.22 01:48:37 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0e546035-97ca-11de-a08e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0e546035-97ca-11de-a08e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{76848f31-2b57-11df-a2ba-d6f8f63da935}\Shell - "" = AutoRun
O33 - MountPoints2\{76848f31-2b57-11df-a2ba-d6f8f63da935}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{76848f40-2b57-11df-a2ba-d6f8f63da935}\Shell - "" = AutoRun
O33 - MountPoints2\{76848f40-2b57-11df-a2ba-d6f8f63da935}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8d4816d0-51cf-11df-af97-f1f0fd1cea34}\Shell - "" = AutoRun
O33 - MountPoints2\{8d4816d0-51cf-11df-af97-f1f0fd1cea34}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{963c9356-5db5-11df-8213-d38c16d55e61}\Shell\AutoRun\command - "" = aodvmh.exe
O33 - MountPoints2\{963c9356-5db5-11df-8213-d38c16d55e61}\Shell\explore\Command - "" = aodvmh.exe
O33 - MountPoints2\{963c9356-5db5-11df-8213-d38c16d55e61}\Shell\open\Command - "" = aodvmh.exe
O33 - MountPoints2\{981c1920-486f-11df-a4df-fc6cd591d733}\Shell\AutoRun\command - "" = explorer .
O33 - MountPoints2\{981c1920-486f-11df-a4df-fc6cd591d733}\Shell\mobile\command - "" = E:\MobileLaunch.exe -- File not found
O33 - MountPoints2\{ba75c75e-1c6a-11df-ac82-b9e65b4d1834}\Shell - "" = AutoRun
O33 - MountPoints2\{ba75c75e-1c6a-11df-ac82-b9e65b4d1834}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d4d66e5a-2c3a-11df-a73b-ad39bb6ccb3b}\Shell - "" = AutoRun
O33 - MountPoints2\{d4d66e5a-2c3a-11df-a73b-ad39bb6ccb3b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{f1923e31-b054-11de-a04c-00238bf71a34}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.09 22:31:47 | 000,000,000 | ---D | C] -- C:\Users\Fussel\AppData\Roaming\SUPERAntiSpyware.com
[2010.06.09 22:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.06.09 22:31:04 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.06.09 22:22:26 | 000,000,000 | ---D | C] -- C:\Users\Fussel\AppData\Roaming\Uniblue
[2010.06.09 22:22:08 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.06.05 04:06:38 | 000,000,000 | ---D | C] -- C:\Programme\Diablo II
[2010.06.03 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\Fussel\Documents\Stronghold Crusader
[2010.06.03 18:16:25 | 000,000,000 | ---D | C] -- C:\Programme\Firefly Studios
[2010.06.02 01:07:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.06.02 01:07:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.06.02 01:07:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.06.02 01:07:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.05.26 17:03:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.17 22:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.05.17 22:19:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2010.05.17 20:51:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Akamai
[2010.05.11 12:01:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared
[2009.12.26 22:10:08 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2009.12.26 22:10:08 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2009.12.26 22:10:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2009.04.26 18:30:10 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2005.09.13 01:45:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2004.02.16 21:59:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.09 22:33:57 | 003,145,728 | ---- | M] () -- C:\Users\Fussel\NTUSER.DAT
[2010.06.09 22:31:08 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.09 22:30:06 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.09 22:09:59 | 001,566,246 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.09 22:09:59 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.09 22:09:59 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.09 22:09:59 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.09 22:09:59 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.09 22:06:46 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.09 22:05:12 | 000,127,214 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.09 22:04:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.09 22:04:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.09 22:04:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.09 22:04:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.09 22:03:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.09 22:02:07 | 000,524,288 | -HS- | M] () -- C:\Users\Fussel\NTUSER.DAT{3b93c066-c60b-11de-830e-00238bf71a34}.TMContainer00000000000000000001.regtrans-ms
[2010.06.09 22:02:07 | 000,065,536 | -HS- | M] () -- C:\Users\Fussel\NTUSER.DAT{3b93c066-c60b-11de-830e-00238bf71a34}.TM.blf
[2010.06.09 22:01:52 | 005,107,251 | -H-- | M] () -- C:\Users\Fussel\AppData\Local\IconCache.db
[2010.06.09 21:57:01 | 000,164,864 | ---- | M] () -- C:\Windows\Wdecya.exe
[2010.06.09 21:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.09 21:32:29 | 000,127,214 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.08 17:44:37 | 000,100,864 | ---- | M] () -- C:\Users\Fussel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 15:34:28 | 000,041,516 | ---- | M] () -- C:\Users\Fussel\Desktop\Stundenplan_Schuljahr_2009-2010_KW23_2010_01.pdf
[2010.06.05 04:36:57 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010.06.05 04:36:57 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010.06.05 04:36:57 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.11 12:01:33 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.05.11 12:01:07 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.05.11 12:01:07 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
 
========== Files Created - No Company Name ==========
 
[2010.06.09 22:31:08 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.09 21:57:08 | 000,164,864 | ---- | C] () -- C:\Windows\Wdecya.exe
[2010.06.09 21:57:05 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.09 21:57:03 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.06 15:34:28 | 000,041,516 | ---- | C] () -- C:\Users\Fussel\Desktop\Stundenplan_Schuljahr_2009-2010_KW23_2010_01.pdf
[2010.06.05 04:15:07 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.06.05 04:15:07 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.06.05 04:15:07 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.04.08 18:46:06 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.04.08 18:45:49 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.03.10 00:30:27 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.03.02 01:01:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.03.02 00:58:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.02 00:58:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.26 22:28:42 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.12.26 22:28:42 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.12.26 22:10:09 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009.11.22 15:54:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.10.20 20:03:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.03 18:06:18 | 000,000,605 | ---- | C] () -- C:\Windows\WININIT.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.13 18:19:12 | 008,701,824 | ---- | C] () -- C:\Windows\System32\drivers\snpstd3.sys
[2004.02.28 01:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B623B5B8
< End of report >
         
--- --- ---


-> Wäre super, wenn ihr mir helfen könntet. LG

Alt 10.06.2010, 10:16   #2
Amazone007
 
Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack - Standard

Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack



Also hm.
Ich hab jetzt SUPERAntiSpyware durchlaufen lassen, der hat einiges gefunden und auch gelöscht.
Ist es jetzt sicher, dass das alles weg ist?
__________________


Alt 10.06.2010, 11:28   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack - Standard

Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack



Hallo und

Poste bitte das Log von SUPERAntiSpyware
__________________
__________________

Alt 10.06.2010, 14:31   #4
Amazone007
 
Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack - Standard

Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack



Ich glaube das ist das richtige oder?

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/10/2010 at 02:23 PM

Application Version : 4.38.1004

Core Rules Database Version : 5054
Trace Rules Database Version: 2866

Scan type : Quick Scan
Total Scan Time : 00:34:30

Memory items scanned : 720
Memory threats detected : 0
Registry items scanned : 563
Registry threats detected : 0
File items scanned : 24245
File threats detected : 2

Adware.Tracking Cookie
C:\Users\Fussel\AppData\Roaming\Microsoft\Windows\Cookies\fussel@doubleclick[2].txt
C:\Users\Fussel\AppData\Roaming\Microsoft\Windows\Cookies\fussel@atwola[1].txt

Alt 10.06.2010, 14:37   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack - Standard

Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack



Das waren nur Cookies und keine Schädlinge!!
hast Du Malwarebytes schon laufen lassen?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.06.2010, 15:41   #6
Amazone007
 
Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack - Standard

Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack



Ja wie gesagt, hab es alleine hinbekommen

Alt 10.06.2010, 15:44   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack - Standard

Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack



Wo hast Du das gesagt?
Hat SUPERAntiSpyware wirklich nur das gefunden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack
0 bytes, adblock, alternate, avgntflt.sys, components, corp./icp, cyberghost, d:\autorun.inf, excel.exe, fontcache, home premium, iastor.sys, launch, local\temp, location, mssql, nvlddmkm.sys, nvstor.sys, oldtimer, programdata, searchplugins, staropen



Ähnliche Themen: Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack


  1. Werbung öffnet sich sobald ich mit dem Coursor auf ein Bild fahre
    Plagegeister aller Art und deren Bekämpfung - 17.08.2015 (6)
  2. WIN7: Avira Funde TR/Trustezeb.118785 und TR/Crypt.ZACK.128114
    Log-Analyse und Auswertung - 08.04.2015 (21)
  3. Windows 7 CD von meinem Sohn verwenden?
    Diskussionsforum - 21.11.2014 (17)
  4. Sohn hat PC mit bonanzaAds infiziert
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (9)
  5. Weises Bild, beim hochfahren sehe ich nur ganz kurz den Desktop,dann nur noch weises bild.
    Log-Analyse und Auswertung - 22.10.2013 (6)
  6. Wlan lässt sich nicht mehr aktivieren seit mein Sohn eine Datei runtergeladen hat
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (22)
  7. Virus durch meinen Sohn
    Plagegeister aller Art und deren Bekämpfung - 27.09.2010 (1)
  8. Anscheinend unbekannter Schädling öffnet Tabs in Opera
    Log-Analyse und Auswertung - 25.07.2010 (6)
  9. Dropper.Gen und anscheinend Sasser
    Log-Analyse und Auswertung - 08.06.2010 (13)
  10. Crypt.ZACK.Gen eingefangen
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (12)
  11. TR/cryp.zack.gen lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.07.2009 (3)
  12. Bitte um Hilfe mein sohn kommt nicht mehr ins Internet
    Log-Analyse und Auswertung - 07.01.2006 (1)
  13. sasser infiziert! finde aber keine sasser-datei?
    Plagegeister aller Art und deren Bekämpfung - 05.12.2005 (4)
  14. Sasser
    Plagegeister aller Art und deren Bekämpfung - 01.03.2005 (7)

Zum Thema Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack - Guten Abend. Ich habe leider genau dasselbe Problem, ich doofe Kuh. Sohn öffnet Bild bei ICQ und zack, da isse die Malware. Meine OTL Logfiles: OTL Logfile: Code: Alles auswählen - Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack...
Archiv
Du betrachtest: Dropper.Gen und anscheinend Sasser - Sohn öffnet Bild bei ICQ und zack auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.