| |
| |||||||
Log-Analyse und Auswertung: iexplore.exe MeldungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.06.2010, 14:16
| #1 |
| |  iexplore.exe Meldungen Hallo, habe ein ähnliches Problem wie rawn. Hatt ekürzlich einen trojaner und ich dachte ich hätte mittels Spy Doctor alle problematische dateien gelöscht, aber die iexplore.exe hat das Programm leider nicht gefunden. Hier mal die HiJack-Daten: HiJackthis Logfile: Code: Alles auswählenLarusso Modus HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:49, on 11.06.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast5\AvastSvc.exe C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\RunDll32.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\spoolsv.exe D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe D:\Programme\Spyware Doctor\pctsAuxs.exe D:\Programme\Spyware Doctor\pctsSvc.exe D:\Programme\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\Programme\Java\jre6\bin\jucheck.exe D:\Programme\Spyware Doctor\pctsGui.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Programme\CloneDVD\CloneDVD2\CloneDVD2.exe C:\Programme\dvd43\DVD43_Tray.exe D:\Programme\VLC-Player\vlc.exe C:\WINDOWS\system32\dwwin.exe D:\Downloads\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programme\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - D:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing) O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - D:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISTray] "D:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ccleaner] "D:\Programme\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127591421669 O17 - HKLM\System\CCS\Services\Tcpip\..\{3344C36B-47ED-4B05-9695-841889F84296}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3344C36B-47ED-4B05-9695-841889F84296}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{3344C36B-47ED-4B05-9695-841889F84296}: NameServer = 192.168.1.1 O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programme\Spyware Doctor\pctsSvc.exe -- End of file - 7876 bytes --- --- --- Die Meldung heißt: iexplore.exe - Abbild fehlerhaft: Die Anmeldung oder DLL globalroot/systemroot/PRAGMA...dll ist keinme gültige Windows-Datei. Überprüfen Sie dies mit der Installationsdiskette. Wenn ich sie wegklicke, kommt sie immer wieder. Nach einiger Zeit kommt dann folgende Meldung: ... hat ein Problem festgestellt und muss beendet werden. ... senden oder nicht senden. Dazu kommt, dass ich den IE nie benutze und Firefox dauert etwa 10 Min. bis er erscheint. Ich konnte leider bei HiJack keine auffällige Datei finden, aber vlt. wisst Ihr Rat? |
|
11.06.2010, 14:18
| #2 |
| /// Malware-holic   | iexplore.exe Meldungen ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "run Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide, falls zu groß, aufteilen. |
|
11.06.2010, 14:58
| #3 |
| | iexplore.exe Meldungen So,
__________________hab den Scan durchlaufen lassen. Hier die 2 Dateien. 1. OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.06.2010 15:24:15 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = D:\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 255,00 Mb Total Physical Memory | 42,00 Mb Available Physical Memory | 16,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): D:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 7,87 Gb Total Space | 2,46 Gb Free Space | 31,23% Space Free | Partition Type: NTFS Drive D: | 115,01 Gb Total Space | 35,28 Gb Free Space | 30,68% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 3,77 Gb Total Space | 0,31 Gb Free Space | 8,26% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMMANDER Current User Name: Crusader Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Downloads\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\Spyware Doctor\pctsGui.exe (PC Tools) PRC - D:\Programme\VLC-Player\vlc.exe () PRC - D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - D:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) PRC - D:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - D:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe () ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - D:\Programme\Spyware Doctor\PCTGMhk.dll (PC Tools) MOD - D:\Programme\Spyware Doctor\smum32.dll (PC Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd) MOD - C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUDL32A.DLL () ========== Win32 Services (SafeList) ========== SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (Browser Defender Update Service) -- D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (sdCoreService) -- D:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- D:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (cmudau) -- C:\WINDOWS\system32\drivers\cmudau.sys (C-Media Inc) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.) DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1606980848-725345543-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKU\S-1-5-21-1606980848-725345543-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&_trksid=m37 IE - HKU\S-1-5-21-1606980848-725345543-682003330-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll (IE Toolbar) IE - HKU\S-1-5-21-1606980848-725345543-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=77&ru=http%3A%2F%2Fmy.ebay.de%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26guest%3D1&pageType=3984|hxxp://www.vfb.de/de/|hxxp://www.heise.de/|hxxp://www.gmx.net/?status=login" FF - prefs.js..extensions.enabledItems: {EC1B67CA-A2CD-4931-915A-63D5341D1285}:1.0.0.5 FF - prefs.js..extensions.enabledItems: {411F2F11-830F-4AB5-B7F0-FBC77B870B5A}:1.0.6.0 FF - prefs.js..extensions.enabledItems: {3F4D6A2C-841D-403C-8CD8-48E54192DDEB}:1.0.5.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: {BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}:1.0.5.0 FF - prefs.js..extensions.enabledItems: {7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}:1.0.0.6 FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.7 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.06 19:09:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.05 19:36:09 | 000,000,000 | ---D | M] [2008.08.31 21:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Extensions [2010.05.31 14:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions [2010.02.08 19:06:06 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} [2010.05.02 15:33:08 | 000,000,000 | ---D | M] (Buyertools) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A} [2010.02.08 19:06:07 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} [2010.03.13 13:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d} [2010.02.08 19:06:07 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0} [2010.05.02 15:33:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008.06.01 13:31:52 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285} [2010.04.18 10:54:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\isreaditlater@ideashower.com [2010.05.10 18:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\LDSI_plashcor@gmail.com [2010.05.31 14:46:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.01.17 15:43:49 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} [2006.01.17 15:43:49 | 000,000,000 | ---D | M] (Buyertools) -- C:\Programme\Mozilla Firefox\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A} [2006.01.17 15:43:49 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} [2006.01.17 15:43:49 | 000,000,000 | ---D | M] (eBay Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0} [2006.01.17 15:43:49 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285} [2008.03.24 20:21:00 | 002,889,088 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll [2010.03.14 17:03:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 17:03:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.14 17:03:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 17:03:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 17:03:36 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.13 00:22:12 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll (IE Toolbar) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (metaspinner GmbH) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - D:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL File not found O2 - BHO: (metaspinner GmbH) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - D:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL File not found O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll (IE Toolbar) O3 - HKU\S-1-5-21-1606980848-725345543-682003330-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKU\S-1-5-21-1606980848-725345543-682003330-1003\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll (IE Toolbar) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CmUsbSound] File not found O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [ISTray] D:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [Jet Detection] C:\Programme\Creative\SBLive\Program\ADGJDet.exe () O4 - HKLM..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe () O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKU\S-1-5-21-1606980848-725345543-682003330-1003..\Run: [ccleaner] D:\Programme\CCleaner\CCleaner.exe (Piriform Ltd) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1606980848-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 O8 - Extra context menu item: &ICQ Toolbar Search - D:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127591421669 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\SysInternals\procexp.exe (Sysinternals) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.09.25 03:11:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2005.09.25 03:10:22 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found MsConfig - Services: "ose" MsConfig - Services: "Browser Defender Update Service" MsConfig - StartUpReg: avast5 - hkey= - key= - C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Programme\Avira\AntiVir Desktop\avgnt.exe File not found MsConfig - StartUpReg: Data Protection - hkey= - key= - C:\Programme\Data Protection\datprot.exe File not found MsConfig - StartUpReg: dvd43 - hkey= - key= - C:\Programme\dvd43\DVD43_Tray.exe () MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) MsConfig - StartUpReg: ICQ Lite - hkey= - key= - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) MsConfig - StartUpReg: ISTray - hkey= - key= - D:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Programme\iTunes\iTunesHelper.exe File not found MsConfig - StartUpReg: M5T8QL3YW3 - hkey= - key= - C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Temp\Eh1.exe () MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\K-Lite Codec Pack\QuickTime\qttask.exe (Apple Computer, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: VIDC.IV40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Ligos Corporation) Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com) Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com) Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Error starting restore point: 31 Error closing restore point: The sequence number is invalid. ========== Files/Folders - Created Within 30 Days ========== [2010.06.11 14:22:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\vlc [2010.06.11 11:41:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Crusader\Recent [2010.05.22 22:08:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\Threat Expert [2010.05.22 22:06:44 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll [2010.05.22 22:06:42 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2010.05.22 22:06:42 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old [2010.05.22 22:06:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2010.05.22 22:00:45 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2010.05.22 22:00:10 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2010.05.22 22:00:10 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2010.05.22 21:59:28 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010.05.22 21:58:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools [2010.05.22 21:58:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\PC Tools [2010.05.22 21:51:18 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Wichtige Dokumente [2010.05.22 21:42:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Desktop\Marktforschung [2010.05.22 19:14:02 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Betrug [2010.05.16 16:28:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2010.05.16 16:27:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.05.16 16:19:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\GetRightToGo [2010.05.15 20:00:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.05.15 16:43:50 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010.05.15 16:43:49 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010.05.15 16:43:47 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010.05.15 16:43:44 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010.05.15 16:43:34 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010.05.15 16:43:34 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010.05.15 16:43:28 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010.05.15 16:39:11 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010.05.15 16:39:11 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010.05.15 16:37:22 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software [2010.05.15 16:37:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.05.15 15:03:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010.05.15 12:56:06 | 000,000,000 | ---D | C] -- C:\Programme\Data Protection [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.11 14:51:04 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.11 14:26:42 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini [2010.06.11 14:26:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.06.11 14:26:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.06.11 13:59:04 | 000,000,455 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.06.11 13:47:01 | 000,000,085 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.06.11 11:42:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.06.11 11:41:34 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.06.11 11:41:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.06.11 11:41:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.06.11 11:41:21 | 000,359,094 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor [2010.05.25 11:57:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.22 22:14:50 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000002-80661102}.rfx [2010.05.22 22:14:50 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000002-80661102}.rfx [2010.05.22 22:14:50 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000002-80661102}.rfx [2010.05.22 22:14:50 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000D-00001102-00000002-80661102}.rfx [2010.05.22 22:14:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.05.22 22:14:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.05.22 22:14:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80661102}.dat [2010.05.22 22:14:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80661102}.dat [2010.05.22 22:14:19 | 003,670,016 | -H-- | M] () -- C:\Dokumente und Einstellungen\Crusader\NTUSER.DAT [2010.05.22 22:14:19 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Crusader\ntuser.ini [2010.05.22 21:59:41 | 000,000,601 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk [2010.05.20 17:00:22 | 001,386,410 | -H-- | M] () -- C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.05.15 16:43:39 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.11 13:59:04 | 000,000,455 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.05.22 22:06:56 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2010.05.22 22:06:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml [2010.05.22 22:06:44 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml [2010.05.22 22:06:43 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip [2010.05.22 22:06:43 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip [2010.05.22 22:00:45 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat [2010.05.22 22:00:10 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat [2010.05.22 22:00:10 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat [2010.05.22 21:59:41 | 000,000,601 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk [2010.05.22 21:59:28 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat [2010.05.16 14:00:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.15 12:55:18 | 000,000,294 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2009.01.18 22:07:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2007.07.02 18:02:33 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI [2006.10.22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.10.22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.10.22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.10.22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.10.22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.10.22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.10.22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.08.16 23:17:51 | 000,000,569 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2006.01.19 15:58:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005.10.11 13:27:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL [2005.10.02 15:08:33 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll [2005.10.02 15:08:01 | 000,002,307 | R--- | C] () -- C:\WINDOWS\Cmudau.ini [2005.09.26 18:17:31 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2005.09.25 16:42:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2005.09.24 23:22:21 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005.09.24 23:22:16 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2005.09.24 23:22:16 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005.09.24 23:22:15 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005.09.24 23:22:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2005.09.24 23:22:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005.09.24 23:03:15 | 000,000,512 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.09.24 22:47:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2005.09.24 22:44:15 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2005.09.24 22:42:18 | 000,035,766 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2005.09.24 22:42:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005.09.24 22:42:02 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2005.09.24 22:42:02 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2005.09.24 22:41:35 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2004.08.04 00:57:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2003.02.20 15:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL ========== LOP Check ========== [2010.05.15 16:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.06.11 15:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2006.08.28 17:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\digital publishing [2006.04.04 22:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Elaborate Bytes [2010.05.16 16:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\GetRightToGo [2008.11.12 21:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\ICQ Toolbar [2006.04.13 20:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\ICQLite [2006.07.30 16:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Leadertech [2006.02.11 22:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mp3tag [2005.09.28 20:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Opera [2010.04.21 19:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\SlySoft [2006.08.21 16:34:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Vorlagen Explorer [2010.06.11 14:51:04 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.02.03 18:47:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Adobe [2007.01.28 19:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\AdobeUM [2006.01.19 15:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Ahead [2005.12.24 16:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Apple Computer [2005.09.24 22:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Creative [2006.08.28 17:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\digital publishing [2006.04.04 22:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Elaborate Bytes [2010.05.16 16:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\GetRightToGo [2007.10.25 17:20:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Help [2008.11.12 21:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\ICQ Toolbar [2006.04.13 20:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\ICQLite [2005.09.25 03:34:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Identities [2006.07.30 16:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Leadertech [2005.12.13 17:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Macromedia [2005.10.02 21:09:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Media Player Classic [2009.03.31 20:17:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Microsoft [2008.08.31 21:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla [2006.02.11 22:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mp3tag [2005.09.28 20:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Opera [2010.05.22 21:58:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\PC Tools [2005.10.18 20:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Real [2010.04.21 19:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\SlySoft [2005.09.27 17:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Sun [2010.06.11 14:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\vlc [2006.08.21 16:34:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Vorlagen Explorer < %APPDATA%\*.exe /s > [2007.01.28 19:14:52 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2008.04.15 14:49:02 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}\chrome\buyertools.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USERINIT.EXE > [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VIAMRAID.SYS > [2005.04.26 11:22:00 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys < MD5 for: WS2IFSL.SYS > [2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005.09.25 04:28:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005.09.25 04:28:13 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005.09.25 04:28:13 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2004.08.04 00:57:30 | 001,392,671 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\WINDOWS:A89517A411705AD7 @Alternate Data Stream - 187 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 < End of report > 2. Extras; OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.06.2010 15:24:15 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
255,00 Mb Total Physical Memory | 42,00 Mb Available Physical Memory | 16,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): D:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 7,87 Gb Total Space | 2,46 Gb Free Space | 31,23% Space Free | Partition Type: NTFS
Drive D: | 115,01 Gb Total Space | 35,28 Gb Free Space | 30,68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,77 Gb Total Space | 0,31 Gb Free Space | 8,26% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMMANDER
Current User Name: Crusader
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found
[HKEY_USERS\S-1-5-21-1606980848-725345543-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Star Wars Battlefront\GameData\Battlefront.exe" = D:\Star Wars Battlefront\GameData\Battlefront.exe:*:Enabled:Battlefront -- ()
"D:\Programme\GameSpy Arcade\Aphex.exe" = D:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"D:\TrackMania Nations ESWC\TmNationsESWC.exe" = D:\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- File not found
"D:\Programme\ICQLite\ICQLite.exe" = D:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6D579CC9-BC37-11D7-ABE1-0080C8274868}" = Samsung Digimax 300
"{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Breed" = Breed
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Browser Mouse Browser Mouse" = Browser Mouse Browser Mouse 1.1
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"CCleaner" = CCleaner
"C-Media USB Sound" = Pionstep USB Headset
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"CSCLIB" = Canon Camera Support Core Library
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.6.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"FileZilla" = FileZilla (remove only)
"FreePDF_XP" = FreePDF XP (Remove only)
"GameSpy Arcade" = GameSpy Arcade
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"HijackThis" = HijackThis 2.0.2
"ICQLite" = ICQ 5.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.38
"Mortal Kombat Trilogy" = Mortal Kombat Trilogy
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.36a
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NeroVision!UninstallKey" = Nero Digital
"NVIDIA Drivers" = NVIDIA Drivers
"Nvidia Omega Drivers for Windows 2k-XPv1.6693" = Nvidia Omega Drivers Setup Files
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Securit-It1.24" = Securit-It
"ShockwaveFlash" = Macromedia Flash Player 8
"Spyware Doctor" = Spyware Doctor 7.0
"ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ Toolbar
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.05.2010 08:51:45 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ebfe406.
Error - 31.05.2010 08:51:45 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ebfe406.
Error - 31.05.2010 08:57:14 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ebfe406.
Error - 31.05.2010 08:57:15 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ebfe406.
Error - 31.05.2010 09:14:43 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 11.06.2010 07:13:25 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
Error - 11.06.2010 08:03:51 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
Error - 11.06.2010 08:32:39 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
Error - 11.06.2010 08:51:12 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
Error - 11.06.2010 09:18:14 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
[ System Events ]
Error - 31.05.2010 08:23:57 | Computer Name = COMMANDER | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 31.05.2010 08:28:52 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
TfFsMon TfSysMon
Error - 31.05.2010 08:31:08 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 31.05.2010 08:31:35 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc.
Error - 31.05.2010 08:32:06 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst sdCoreService.
Error - 31.05.2010 08:35:12 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 31.05.2010 08:35:28 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 31.05.2010 08:41:04 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 11.06.2010 05:41:42 | Computer Name = COMMANDER | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 11.06.2010 05:45:04 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
TfFsMon TfSysMon
< End of report >
|
|
11.06.2010, 15:15
| #4 |
| /// Malware-holic | iexplore.exe Meldungen Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKLM..\Run: [CmUsbSound] File not found MsConfig - StartUpReg: M5T8QL3YW3 - hkey= - key= - C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Temp\Eh1.exe () [2010.06.11 14:51:04 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job @Alternate Data Stream - 72 bytes -> C:\WINDOWS:A89517A411705AD7 @Alternate Data Stream - 187 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP  FC5A2B2@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 :Files C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Temp\Eh1.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [start explorer] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Run Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten |
|
11.06.2010, 15:48
| #5 |
| | iexplore.exe Meldungen So, hier ist der Bericht nach Neustart. Die iexplore.exe Meldungen mit der Installationsdiskette sind derzeit weg. Dafür werde ich aber mit iexplore.exe hat ein Problem festgestellt... Meldungen bombardiert. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CmUsbSound deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\M5T8QL3YW3\ deleted successfully. C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully. ADS C:\WINDOWS:A89517A411705AD7 deleted successfully. Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2 . ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully. ========== FILES ========== C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Temp\Eh1.exe moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Crusader ->Flash cache emptied: 5171 bytes User: Default User User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Crusader ->Temp folder emptied: 1237310 bytes ->Temporary Internet Files folder emptied: 34449 bytes ->Java cache emptied: 10680297 bytes ->FireFox cache emptied: 76834815 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33597 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 10028730 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2114764 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 255 bytes RecycleBin emptied: 7955814 bytes Total Files Cleaned = 104,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06112010_163338 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
11.06.2010, 16:13
| #6 |
| /// Malware-holic | iexplore.exe Meldungen bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
11.06.2010, 16:19
| #7 |
| | iexplore.exe Meldungen Hab ein kleines Problem. Combofix sagt mir das AntiVir classic läuft (4 Stück), dabei habe ich es schon einige Zeit gar nicht mehr installiert. Ich soll es erst deaktivieren, bloß ich habe es ja gar nicht mehr. Soll ich trotzdem OK drücken? |
|
11.06.2010, 16:22
| #8 |
| /// Malware-holic | iexplore.exe Meldungen ja, klicke ok. |
|
11.06.2010, 17:28
| #9 |
| | iexplore.exe Meldungen Hier ist das Textdokument. Scheint alles wieder zu funktionieren. Combofix Logfile: Code:
ATTFilter ComboFix 10-06-10.06 - Crusader 11.06.2010 17:50:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.255.66 [GMT 2:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleansweep.exe
c:\cleansweep.exe\cleansweep.exe
c:\cleansweep.exe\config.bin
c:\dokumente und einstellungen\All Users\Anwendungsdaten\pragmamfeklnmal.dll
c:\programme\Data Protection
c:\programme\Data Protection\about.ico
c:\programme\Data Protection\activate.ico
c:\programme\Data Protection\buy.ico
c:\programme\Data Protection\dat.db
c:\programme\Data Protection\datext.dll
c:\programme\Data Protection\dathook.dll
c:\programme\Data Protection\help.ico
c:\programme\Data Protection\scan.ico
c:\programme\Data Protection\settings.ico
c:\programme\Data Protection\splash.mp3
c:\programme\Data Protection\update.ico
c:\programme\Data Protection\virus.mp3
c:\windows\icon.ico
c:\windows\PRAGMAnxrpfpfuln
c:\windows\PRAGMAnxrpfpfuln\pragmabbr.dll
c:\windows\PRAGMAnxrpfpfuln\PRAGMAc.dll
c:\windows\PRAGMAnxrpfpfuln\PRAGMAcfg.ini
c:\windows\PRAGMAnxrpfpfuln\PRAGMAd.sys
c:\windows\PRAGMAnxrpfpfuln\pragmaserf.dll
c:\windows\PRAGMAnxrpfpfuln\PRAGMAsrcr.dat
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_PRAGMAnxrpfpfuln
-------\Legacy_PRAGMAnxrpfpfuln
-------\Legacy_SSHNAS
((((((((((((((((((((((( Dateien erstellt von 2010-05-11 bis 2010-06-11 ))))))))))))))))))))))))))))))
.
2010-06-11 14:53 . 2010-06-11 14:53 503808 ----a-w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-66645970-n\msvcp71.dll
2010-06-11 14:53 . 2010-06-11 14:53 61440 ----a-w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-236cbd7c-n\decora-sse.dll
2010-06-11 14:53 . 2010-06-11 14:53 499712 ----a-w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-66645970-n\jmc.dll
2010-06-11 14:53 . 2010-06-11 14:53 12800 ----a-w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-236cbd7c-n\decora-d3d.dll
2010-06-11 14:53 . 2010-06-11 14:53 348160 ----a-w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-66645970-n\msvcr71.dll
2010-06-11 14:51 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-11 14:43 . 2010-06-11 14:43 79488 ----a-w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\jre1.6.0_20\gtapi.dll
2010-06-11 12:22 . 2010-06-11 14:31 -------- d-----w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\vlc
2010-05-22 20:08 . 2010-05-22 20:08 -------- d-----w- c:\dokumente und einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-05-22 20:06 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-22 20:06 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-22 20:06 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-05-22 20:06 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-05-22 20:06 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-22 20:06 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-22 20:00 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-22 20:00 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-22 20:00 . 2009-09-23 14:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-22 19:59 . 2010-02-05 07:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-22 19:58 . 2010-05-22 20:07 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2010-05-22 19:58 . 2010-05-22 19:58 -------- d-----w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\PC Tools
2010-05-16 14:28 . 2010-05-22 19:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-05-16 14:27 . 2010-06-11 15:34 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-05-16 14:19 . 2010-05-16 14:25 -------- d-----w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\GetRightToGo
2010-05-16 12:00 . 2010-05-25 09:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-15 18:00 . 2010-05-16 12:50 -------- d-----w- c:\windows\system32\NtmsData
2010-05-15 14:43 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-15 14:43 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-15 14:43 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-15 14:43 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-15 14:43 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-15 14:43 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-15 14:43 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-15 14:39 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-15 14:39 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-15 14:37 . 2010-05-15 14:37 -------- d-----w- c:\programme\Alwil Software
2010-05-15 14:37 . 2010-05-15 14:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Alwil Software
2010-05-15 13:03 . 2010-05-15 13:03 -------- d--h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 16:06 . 2005-09-24 23:19 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80661102}.dat
2010-06-11 16:06 . 2005-09-24 23:19 288 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80661102}.dat
2010-06-11 14:50 . 2005-09-24 21:32 -------- d-----w- c:\programme\Java
2010-05-10 16:10 . 2007-06-21 19:53 -------- d-----w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\uTorrent
2010-04-21 17:38 . 2006-02-12 16:45 -------- d-----w- c:\dokumente und einstellungen\Crusader\Anwendungsdaten\SlySoft
2010-04-21 16:51 . 2010-04-21 16:51 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-04-21 16:51 . 2010-04-21 16:51 -------- d-----w- c:\programme\dvd43
2010-03-28 12:18 . 2001-08-23 12:00 48156 ----a-w- c:\windows\system32\perfc007.dat
2010-03-28 12:18 . 2001-08-23 12:00 316594 ----a-w- c:\windows\system32\perfh007.dat
2010-03-19 13:31 . 2010-03-19 13:31 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="d:\programme\CCleaner\CCleaner.exe" [2010-04-23 1668920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="c:\programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 356352]
"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]
"Jet Detection"="c:\programme\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-05-06 20:59 2815192 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47 57344 ----a-w- c:\programme\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-23 17:34 827904 ----a-w- c:\programme\dvd43\DVD43_Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 09:15 3144800 ----a-w- d:\programme\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 12:14 1286608 ----a-w- d:\programme\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 17:58 282624 ----a-w- c:\programme\K-Lite Codec Pack\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"Browser Defender Update Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\eMule\\eMule.exe"=
"d:\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"d:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"d:\\Programme\\ICQLite\\ICQLite.exe"=
"d:\\Programme\\Azureus\\Azureus.exe"=
"d:\\Programme\\uTorrent\\utorrent.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22.05.2010 22:00 207280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.05.2010 16:43 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.05.2010 16:43 19024]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;d:\programme\Spyware Doctor\pctsAuxs.exe [22.05.2010 21:59 365280]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 Browser Defender Update Service;Browser Defender Update Service;d:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [22.05.2010 22:06 112592]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&_trksid=m37
IE: &ICQ Toolbar Search - d:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
TCP: {3344C36B-47ED-4B05-9695-841889F84296} = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\
FF - prefs.js: browser.startup.homepage - hxxps://signin.ebay.de/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=77&ru=http%3A%2F%2Fmy.ebay.de%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26guest%3D1&pageType=3984|hxxp://www.vfb.de/de/|hxxp://www.heise.de/|hxxp://www.gmx.net/?status=login
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programme\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programme\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: d:\programme\VLC-Player\npvlc.dll
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
MSConfigStartUp-avgnt - c:\programme\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-Data Protection - c:\programme\Data Protection\datprot.exe
MSConfigStartUp-iTunesHelper - d:\programme\iTunes\iTunesHelper.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-11 18:10
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1606980848-725345543-682003330-1003\Software\Zepter Software\RegLib*d0e63bf2\CloneDVD2/2]
"1"=dword:4469f022
"2"=dword:46406804
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="48A1687E13D0E05C080725DAA670FEF237360EAB45BFDE5EF8948BE7795A9434002345162FFC5BEB6A7342F3B80698536A2ED1351C862C8CBB2B484A365E9AA4EF948E3DA96A00358123F9981EC34F1443DC7DE7D50F71999472A2BD07DA9CF06824D8CD110B17FAA2B38F1BFC5C2D423DF0A2AFCB6E91F9C0CC99E698E5FB150E02B14809161EE4F7C8BA750CC669CD261E459DEBFB2488551E9D8FAF574AF45AE416CE4985C67E7D8729C117BFF40B211DE0E6B5547580B9CE15279FCD52561A85F9A89B9677B6079C79BF7FC3F033A4A75FE341D70406294B5B3EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933A6171C11EC38DE3D5410EFBA74A44529E220A80802844ED162E4751A10845C45425B8EAEADA5EC9C048D1A10CF06A8BF52E03ADB8640DF6B6071F7500AC957D19888F3B50EF065421D8FEB4771DADC62992812BE2E23CC7AE2472A63277B86CFEA61842BC165040D78AC43EDC8F50943C3EFE8AAAB3227E84B5B4154816E8B000EFE143CE3C9153B83402DFA98AF43B5F2F22AFB07F6764490EE258A847D78CBEEBF2876E76858A9BC6A6BC4F7639A345DB2F4F49DFB33BFBC00F3CF7185D23B8B47774F1490825DBA8CF589507090D9C9F21EBA9DD34D2F6D55FC54DD689780F87AF21C00143B00A3CF77E8613B9769193BABD78912A38DD577C5A7B18CB56CDC03B99A9BCB1EDAB41D4CE53EA99B473958DA37BCCF0FF9BBB484C129D80EF4F2CFA368A78E3CDF3E25896BCDA977FBB1D998AB5FA859B4F99C287DD6BEF9B78B93380ABA3E1921A4DAF3C44AA87E339A948A6B733F3E237D8551189D2DC3F1884335E5BDBCAB585FF487A1C21C73402220080ECC37F151CA87D135B79BAA8662198DC76E6F6260FB6E719719FA109608D81B1312B81A6B7601B459310261FCA21564DEDEC21BB99907941E05C081CFA35F05D9BF71D043AA91B6F0E95F8E00E976953FF425AA86EC42879211ED69295C17B9292511A3502720464918B4CD5E6B462E60EA0858113D6695349C055C02B0A7DD2AE5CB942BBC55899545872E8BEECCEE9C4EE1E14469FE3C28D98E63DF307FCFE9FBDC9A92D19D586B4C62B21DCE18CDB37FAEF5AFDEDA2EF54E957A6B03CB9D592F7E9DE761A940C5DDD151CE797B73C9B56DB908A38DD20CD62A947360048BCEA271FEB179F0800301E77780F40D3F657A1FC325CFEE44B8A1DE1666965D118349FA8D98BCA90EE40D3A02B2D5A541F2AB4B21028F98CFB1314D565B06D45915E9E411EAE05411122EE2450FC8E4BE407B7CD0BE23EA7A0EDC10A48823AB4305A0F9C29AB02F6795E5FE86DD0D2C3382EEC1C7205D08784CCDC6C1CDF965E3B75E0CD03F894020DC"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(768)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3464)
c:\programme\Browser Mouse\Browser Mouse\1.1\MOUDL32A.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-11 18:22:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-06-11 16:22
Vor Suchlauf: 2.563.952.640 Bytes frei
Nach Suchlauf: 2.491.334.656 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - BD62CEDCAD8064FB625DE9F33A9AB4F3
|
|
11.06.2010, 17:42
| #10 |
| /// Malware-holic | iexplore.exe Meldungen hi, da avast einiges nicht erkannt hat. öffne arbeitsplatz, c: dort ist ein ordner qoobox, wähle zu qoobox.zip oder rar hinzufügen. lad diese zu uns hoch: http://www.trojaner-board.de/54791-a...ner-board.html wie unter punkt2 beschrieben, außer das archiv sollte zu groß sein :-) gib bescheid wenn fertig |
|
11.06.2010, 17:59
| #11 |
| | iexplore.exe Meldungen So, hab es mal hochgeladen, zu groß ist er zum Glück nicht. |
|
11.06.2010, 18:03
| #12 |
| /// Malware-holic | iexplore.exe Meldungen bist du dir sicher das es erfolgreich war? |
|
11.06.2010, 19:26
| #13 |
| /// Malware-holic | iexplore.exe Meldungen malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. registerkarte scanner, komplett scan, funde löschen, log posten. |
|
11.06.2010, 20:36
| #14 |
| | iexplore.exe Meldungen full scan scheint ewig zu dauern, reicht nicht quick scan aus? Muss dann morgen oder nächste Woche weitermachen |
|
11.06.2010, 20:46
| #15 |
| /// Malware-holic | iexplore.exe Meldungen nein, full scan. |
|
| Themen zu iexplore.exe Meldungen |
| abbild fehlerhaft, adobe, antivirus, avast, avast!, bho, browser, browser guard, canon, dateien gelöscht, defender, excel, explorer, firefox, hkus\s-1-5-18, iexplore.exe, internet, internet explorer, logfile, mozilla, plug-in, problem, programm, rundll, security, senden, software, spyware, system, trojaner, vlc-player, windows, windows xp |
Linear-Darstellung
