Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.4060291 entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.09.2010, 13:03   #1
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



Hallo

Heute habe ich versehentlich den IE gestartet (sonst nehme ich Opera), worauf mein F-secure sofort einen Virusbefall von sysdat.dll mit trojan.generic.4060291 meldete und ihn auch entfernte. Leider reproduziert sich der Virus selbst und beim erneuten Start des IE wiederholt sich alles. F-secure meldet sich aber nur, wenn der IE geöffnet wird.

Weiss jemand Rat, wie ich das System frei kriege?

Alt 16.09.2010, 16:36   #2
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



Ich hoffe, das ist richtig, dass ich erstmal das OTL logfile Poste:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.09.2010 16:42:15 - Run 1
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 304,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 48,98 Gb Free Space | 65,73% Space Free | Partition Type: NTFS
Drive D: | 6,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP-GMELIN
Current User Name: Dr. Ulrich Gmelin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.16 16:39:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
PRC - [2010.08.28 13:17:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010.08.23 19:01:37 | 000,058,024 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
PRC - [2010.08.23 18:53:27 | 000,783,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
PRC - [2010.08.23 18:53:27 | 000,492,200 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
PRC - [2010.07.27 02:00:06 | 000,247,808 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010.07.27 00:41:12 | 000,107,568 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010.07.14 16:03:24 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
PRC - [2010.06.23 04:48:08 | 000,322,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010.06.23 04:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009.10.14 15:20:43 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2009.07.09 11:34:54 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
PRC - [2009.07.09 11:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2009.07.09 11:34:52 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE
PRC - [2009.07.09 11:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
PRC - [2009.04.23 06:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 06:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.04.20 17:20:40 | 002,327,552 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.04.10 18:25:42 | 002,852,200 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.10 14:43:16 | 002,191,360 | ---- | M] (Zimmer Elektromedizin) -- \\Empfang\d\ZIMMER\TERMIN\Termin.exe
PRC - [2005.02.16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004.05.23 20:15:42 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.10.01 14:29:48 | 000,376,832 | ---- | M] (Philips Speech Processing) -- C:\WINDOWS\system32\pspcontr.exe
PRC - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.16 16:39:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
MOD - [2009.07.09 11:35:14 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Spam Control\fsscoepl.dll
MOD - [2009.07.09 11:34:16 | 000,330,336 | ---- | M] () -- \\?\c:\program files\f-secure internet security\hips\fshook32.dll
MOD - [2009.04.10 18:28:14 | 000,161,128 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\dgniedct.dll
MOD - [2009.04.10 18:27:02 | 000,062,824 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\nlutmgrhook.dll
MOD - [2009.04.10 18:26:22 | 000,193,896 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\dd10hook.dll
MOD - [2009.04.10 18:26:20 | 000,234,856 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\dd10axa.dll
MOD - [2009.04.10 18:20:18 | 000,401,462 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Nuance\NaturallySpeaking10\Program\msvcp60.dll
MOD - [2008.04.14 02:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008.04.14 02:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nwprovau.dll
MOD - [2008.04.14 02:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008.04.14 02:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008.04.14 02:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008.04.14 02:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008.04.14 02:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008.04.14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004.05.23 20:15:36 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.08.23 19:01:37 | 000,058,024 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010.07.27 02:00:06 | 000,247,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010.07.27 00:41:20 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010.06.23 04:48:08 | 000,322,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.06.23 04:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009.10.14 15:20:43 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009.07.09 11:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009.07.09 11:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010.08.31 12:00:52 | 000,041,624 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010.08.03 13:09:03 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010.06.23 04:48:00 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010.06.23 04:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.07.09 11:34:18 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009.07.09 11:33:14 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009.07.09 11:31:24 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009.07.09 11:31:24 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009.04.09 13:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 13:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004.06.02 17:07:28 | 001,240,938 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004.05.23 20:10:36 | 000,182,720 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004.03.19 06:27:34 | 001,657,344 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2004.01.18 04:48:08 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.05.06 19:46:38 | 000,027,008 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wbsd.sys -- (WBSD) Winbond Secure Digital Storage (SD/MMC)
DRV - [2003.05.03 18:16:00 | 001,170,464 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.03.31 21:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003.03.31 21:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003.03.15 16:00:02 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001.08.17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
IE - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure Internet Security\NRS\litmus-ff@f-secure.com [2010.09.07 15:49:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.19 11:02:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.31 19:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010.09.16 13:35:14 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PspContr] C:\WINDOWS\System32\pspcontr.exe (Philips Speech Processing)
O4 - HKLM..\Run: [PspUsbCf] C:\WINDOWS\System32\pspusbcf.exe (Philips Speech Processing)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003..\Run: [RecordNow!]  File not found
O4 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Dr. Ulrich Gmelin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250188737217 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 91.89.91.89
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.08.13 19:26:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d1e206f2-47ea-11df-9da3-000fb0427036}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.16 16:39:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
[2010.09.16 13:49:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.16 13:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010.09.16 13:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.09.16 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.09.15 07:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SSH
[2010.09.15 07:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\SSH Secure Shell
[2010.09.14 21:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\SSHTunnelClient
[2010.09.07 20:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.09.07 20:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Conduit
[2010.09.07 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Hotspot_Shield
[2010.09.07 20:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot_Shield
[2010.09.07 20:36:56 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010.09.07 20:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010.09.01 10:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.09.01 09:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2010.08.28 21:38:21 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL
[2010.08.28 21:38:21 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2010.08.28 21:38:20 | 000,217,088 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2010.08.28 21:38:20 | 000,118,784 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartWeb.dll
[2010.08.28 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2010.08.28 21:38:19 | 000,516,784 | R--- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2010.08.28 21:38:19 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010.08.28 21:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2010.08.28 19:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Photo Recovery
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.16 16:39:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
[2010.09.16 16:25:01 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.16 15:37:35 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dragon Medical 10.0.lnk
[2010.09.16 15:03:11 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DATA.INI
[2010.09.16 14:07:31 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.09.16 14:07:30 | 000,001,114 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.16 14:06:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.16 14:05:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.16 14:05:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.16 14:05:45 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.16 14:04:42 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\NTUSER.DAT
[2010.09.16 14:04:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\ntuser.ini
[2010.09.16 09:32:57 | 000,001,235 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SAS7_000.DAT
[2010.09.15 22:45:09 | 000,237,056 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.15 21:06:24 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BabasChess.lnk
[2010.09.15 07:45:13 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure File Transfer Client.lnk
[2010.09.15 07:45:13 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure Shell Client.lnk
[2010.09.15 03:04:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.09.14 21:58:11 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\PUTTY.RND
[2010.09.14 13:53:44 | 000,011,616 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Renneinstellungen.ods
[2010.09.11 13:29:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.09.09 14:28:00 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.09.09 14:28:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010.09.03 14:00:37 | 000,448,586 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.03 14:00:37 | 000,074,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.03 14:00:36 | 000,532,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.02 07:27:41 | 005,292,840 | -H-- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\IconCache.db
[2010.09.01 10:01:01 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk
[2010.09.01 10:01:01 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk
[2010.08.31 12:00:52 | 000,041,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010.08.29 17:31:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.28 21:38:21 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector smart recovery.lnk
[2010.08.28 21:31:13 | 000,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2010.08.28 20:55:18 | 000,079,410 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Stellar Phoenix Photo Recovery Scan.DAT
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.15 07:45:13 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure File Transfer Client.lnk
[2010.09.15 07:45:13 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure Shell Client.lnk
[2010.09.14 21:50:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\PUTTY.RND
[2010.09.02 19:04:48 | 000,011,616 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Renneinstellungen.ods
[2010.09.01 10:01:01 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk
[2010.09.01 10:01:01 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk
[2010.08.29 17:31:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.28 21:38:20 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010.08.28 21:38:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DartWeb.oca
[2010.08.28 21:38:18 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector smart recovery.lnk
[2010.08.28 21:31:17 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2010.08.28 21:31:13 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2010.08.28 20:55:17 | 000,079,410 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Stellar Phoenix Photo Recovery Scan.DAT
[2009.12.05 12:22:56 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\burnaware.ini
[2009.10.12 10:11:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.09.23 09:56:46 | 000,000,142 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2009.09.06 18:45:23 | 000,001,235 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SAS7_000.DAT
[2009.09.06 18:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusblb.ini
[2009.09.06 18:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusbct.ini
[2009.09.06 18:03:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[2009.09.06 18:03:53 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[2009.09.06 18:03:53 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[2009.09.06 18:03:53 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
[2009.09.06 18:03:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspprefq.ini
[2009.09.06 15:15:35 | 000,237,056 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 18:53:00 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\fusioncache.dat
[2009.08.14 13:50:14 | 000,000,254 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.14 13:50:13 | 000,006,855 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2009.08.14 13:49:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DATA.INI
[2009.08.14 11:17:17 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2009.08.14 11:17:16 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2009.08.13 20:27:09 | 000,041,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009.08.13 19:54:05 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.08.13 19:46:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2009.08.13 19:40:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2004.06.02 17:28:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.01.18 04:39:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004.01.06 01:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003.03.31 21:00:00 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\sysadt.dll
[2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< :files >
 
< C:\Windows\System32\*.tmp >
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
< C:\Windows\*.tmp >
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< :Commands >
 
< [purity] >
 
< [EMPTYFLASH]  >
 
< [emptytemp] >
 
< [Reboot] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24211BA
< End of report >
         
--- --- ---
__________________


Alt 16.09.2010, 16:46   #3
markusg
/// Malware-holic
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



moment ich hab nen fehler gemacht
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide logs
ich hatte den falschen text kopiert, also vergiss alles von oben.
__________________

Alt 16.09.2010, 18:42   #4
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



Die OTL.txt



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.09.2010 19:30:36 - Run 2
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 451,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 48,99 Gb Free Space | 65,75% Space Free | Partition Type: NTFS
Drive D: | 6,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP-GMELIN
Current User Name: Dr. Ulrich Gmelin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\pspcontr.exe (Philips Speech Processing)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\F-Secure Internet Security\Spam Control\fsscoepl.dll (F-Secure Corporation)
MOD - \\?\c:\program files\f-secure internet security\hips\fshook32.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FSORSPClient) -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (FSDFWD) -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys ()
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (F-Secure HIPS) -- C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys ()
DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\System32\drivers\btkrnl.sys (WIDCOMM, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (w22n51) Intel(R) -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel® Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WBSD) Winbond Secure Digital Storage (SD/MMC) -- C:\WINDOWS\system32\drivers\wbsd.sys (Winbond Electronics Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation       )
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
IE - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure Internet Security\NRS\litmus-ff@f-secure.com [2010.09.07 15:49:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.19 11:02:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.31 19:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010.09.16 13:35:14 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHot1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PspContr] C:\WINDOWS\System32\pspcontr.exe (Philips Speech Processing)
O4 - HKLM..\Run: [PspUsbCf] C:\WINDOWS\System32\pspusbcf.exe (Philips Speech Processing)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003..\Run: [RecordNow!]  File not found
O4 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Dr. Ulrich Gmelin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1957994488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250188737217 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 91.89.91.89
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.08.13 19:26:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d1e206f2-47ea-11df-9da3-000fb0427036}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.smlpcbb - C:\WINDOWS\System32\smlpcbb.acm (Philips Speech Processing)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: pspctrlc - C:\WINDOWS\System32\pspusbct.dll (Philips Speech Processing)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.16 16:39:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
[2010.09.16 13:49:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.16 13:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010.09.16 13:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.09.16 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.09.15 07:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SSH
[2010.09.15 07:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\SSH Secure Shell
[2010.09.14 21:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\SSHTunnelClient
[2010.09.07 20:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.09.07 20:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Conduit
[2010.09.07 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Hotspot_Shield
[2010.09.07 20:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot_Shield
[2010.09.07 20:36:56 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010.09.07 20:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010.09.01 10:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.09.01 09:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2010.08.28 21:38:21 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL
[2010.08.28 21:38:21 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2010.08.28 21:38:20 | 000,217,088 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2010.08.28 21:38:20 | 000,118,784 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartWeb.dll
[2010.08.28 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2010.08.28 21:38:19 | 000,516,784 | R--- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2010.08.28 21:38:19 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010.08.28 21:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2010.08.28 19:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Photo Recovery
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.16 19:25:00 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.16 16:39:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop\OTL.exe
[2010.09.16 15:37:35 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dragon Medical 10.0.lnk
[2010.09.16 15:03:11 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DATA.INI
[2010.09.16 14:07:31 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2010.09.16 14:07:30 | 000,001,114 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.16 14:06:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.16 14:05:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.16 14:05:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.16 14:05:45 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.16 14:04:42 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\NTUSER.DAT
[2010.09.16 14:04:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\ntuser.ini
[2010.09.16 09:32:57 | 000,001,235 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SAS7_000.DAT
[2010.09.15 22:45:09 | 000,237,056 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.15 21:06:24 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BabasChess.lnk
[2010.09.15 07:45:13 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure File Transfer Client.lnk
[2010.09.15 07:45:13 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure Shell Client.lnk
[2010.09.15 03:04:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.09.14 21:58:11 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\PUTTY.RND
[2010.09.14 13:53:44 | 000,011,616 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Renneinstellungen.ods
[2010.09.11 13:29:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.09.09 14:28:00 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.09.09 14:28:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010.09.03 14:00:37 | 000,448,586 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.03 14:00:37 | 000,074,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.03 14:00:36 | 000,532,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.02 07:27:41 | 005,292,840 | -H-- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\IconCache.db
[2010.09.01 10:01:01 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk
[2010.09.01 10:01:01 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk
[2010.08.31 12:00:52 | 000,041,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010.08.29 17:31:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.28 21:38:21 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector smart recovery.lnk
[2010.08.28 21:31:13 | 000,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2010.08.28 20:55:18 | 000,079,410 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Stellar Phoenix Photo Recovery Scan.DAT
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.15 07:45:13 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure File Transfer Client.lnk
[2010.09.15 07:45:13 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SSH Secure Shell Client.lnk
[2010.09.14 21:50:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\PUTTY.RND
[2010.09.02 19:04:48 | 000,011,616 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Renneinstellungen.ods
[2010.09.01 10:01:01 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vodafone SMS.lnk
[2010.09.01 10:01:01 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vodafone Mobile Connect.lnk
[2010.08.29 17:31:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.28 21:38:20 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010.08.28 21:38:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DartWeb.oca
[2010.08.28 21:38:18 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector smart recovery.lnk
[2010.08.28 21:31:17 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2010.08.28 21:31:13 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2010.08.28 20:55:17 | 000,079,410 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\My Documents\Stellar Phoenix Photo Recovery Scan.DAT
[2009.12.05 12:22:56 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\burnaware.ini
[2009.10.12 10:11:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.09.23 09:56:46 | 000,000,142 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2009.09.06 18:45:23 | 000,001,235 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SAS7_000.DAT
[2009.09.06 18:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusblb.ini
[2009.09.06 18:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusbct.ini
[2009.09.06 18:03:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[2009.09.06 18:03:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[2009.09.06 18:03:53 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[2009.09.06 18:03:53 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[2009.09.06 18:03:53 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
[2009.09.06 18:03:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspprefq.ini
[2009.09.06 15:15:35 | 000,237,056 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 18:53:00 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Local Settings\Application Data\fusioncache.dat
[2009.08.14 13:50:14 | 000,000,254 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.14 13:50:13 | 000,006,855 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2009.08.14 13:49:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DATA.INI
[2009.08.14 11:17:17 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2009.08.14 11:17:16 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2009.08.13 20:27:09 | 000,041,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009.08.13 19:54:05 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.08.13 19:46:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2009.08.13 19:40:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2004.06.02 17:28:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.01.18 04:39:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004.01.06 01:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003.03.31 21:00:00 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\sysadt.dll
[2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.04.10 10:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular
[2009.08.13 20:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2009.09.06 20:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009.08.14 16:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009.08.14 16:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010.09.16 15:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.09.01 10:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.04.01 21:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\ChessBase
[2010.04.10 10:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\elsterformular
[2010.08.28 21:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\F-Secure
[2009.12.22 08:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\GetRightToGo
[2009.09.23 09:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\InterVideo
[2009.08.14 16:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Nuance
[2009.08.14 13:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\OpenOffice.org
[2009.09.14 11:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Opera
[2010.09.16 06:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SSH
[2009.08.14 07:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Thunderbird
[2010.05.17 20:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Vodafone
[2010.05.17 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.01.26 10:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010.03.31 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010.03.31 20:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010.04.10 10:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular
[2009.08.13 20:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010.05.17 20:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009.09.06 20:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009.08.14 16:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009.08.13 22:06:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009.08.14 16:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009.08.14 16:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010.07.24 16:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010.03.31 06:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.09.16 15:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.09.01 10:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009.08.13 20:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.03.04 04:00:34 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
[2010.08.07 14:38:21 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
[2008.11.17 17:06:20 | 001,021,216 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
[2007.03.20 14:25:36 | 000,205,744 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\dwusplay.exe
[2008.11.17 17:06:22 | 000,279,840 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISDM.exe
[2008.11.17 17:06:26 | 000,079,136 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\issch.exe
 
< %APPDATA%\*. >
[2009.09.15 07:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Adobe
[2010.03.31 20:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Apple Computer
[2010.04.01 21:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\ChessBase
[2010.04.10 10:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\elsterformular
[2010.08.28 21:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\F-Secure
[2010.05.17 20:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\FLEXnet
[2009.12.22 08:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\GetRightToGo
[2010.07.15 13:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Google
[2010.05.06 17:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Help
[2009.08.13 19:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Identities
[2009.09.23 09:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\InterVideo
[2009.08.13 21:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Macromedia
[2010.09.16 13:34:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Microsoft
[2010.03.31 19:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Mozilla
[2009.08.14 16:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Nuance
[2009.08.14 13:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\OpenOffice.org
[2009.09.14 11:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Opera
[2010.07.24 16:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Skype
[2010.07.24 15:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\skypePM
[2009.10.23 16:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Sonic
[2010.09.16 06:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\SSH
[2009.08.13 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Sun
[2009.08.14 07:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Talkback
[2009.08.14 07:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Thunderbird
[2010.08.29 08:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\U3
[2010.05.17 20:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\Vodafone
 
< %APPDATA%\*.exe /s >
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\U3\temp\cleanup.exe
[2007.10.23 10:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Dr. Ulrich Gmelin\Application Data\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.08.13 21:34:44 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.08.14 06:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.08.13 21:34:44 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009.08.14 06:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2003.03.31 21:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009.08.13 21:34:44 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.08.14 06:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.08.13 21:34:44 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009.08.14 06:54:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 09:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll
[2005.03.02 20:20:03 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=74202EB1BD67E8BE9509E38C8D2234B0 -- C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp1qfe\user32.dll
[2005.03.02 20:20:03 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=74202EB1BD67E8BE9509E38C8D2234B0 -- C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp1qfe\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2004.08.04 09:56:46 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 09:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2003.03.31 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003.03.31 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.08.13 21:01:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.08.13 21:01:31 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.08.13 21:01:31 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2003.03.31 21:00:00 | 000,458,752 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\sysadt.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24211BA
< End of report >
         
--- --- ---

Alt 16.09.2010, 18:43   #5
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



Extras.txt:


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.09.2010 19:30:36 - Run 2
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Documents and Settings\Dr. Ulrich Gmelin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 451,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 48,99 Gb Free Space | 65,75% Space Free | Partition Type: NTFS
Drive D: | 6,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP-GMELIN
Current User Name: Dr. Ulrich Gmelin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1454471165-1957994488-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:*:Enabled:MFP Bot Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13621:UDP" = 13621:UDP:*:Enabled:MFP Bot Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\common\jedi academy\GameData\jasp.exe" = C:\Program Files\Steam\SteamApps\common\jedi academy\GameData\jasp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- (Activision Inc)
"C:\Program Files\Steam\SteamApps\common\jedi academy\GameData\jamp.exe" = C:\Program Files\Steam\SteamApps\common\jedi academy\GameData\jamp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- (Activision Inc)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{32178A6E-5DE4-443E-AA50-8FFFD7CCC32A}" = Fritz10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{56A20A80-9582-4016-8022-2F103B73A983}" =  ASKA SmartMike
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{8F5B91A9-164F-4624-AD17-D8A220562544}" = Fritz10
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Bluetooth by hp
"{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A053F79A-9618-46F2-AD41-C33C3FB3B6D8}" = PrintServer Utilities
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{BDE813B0-BF65-11D2-92B4-0060B0686AFB}" = SpeechMike Application
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD815603-AB71-4CFB-B3AC-522298037ACC}" = W83L518D
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"BurnAware Free_is1" = BurnAware Free 2.4.2
"Databuch" = Databuch
"ElsterFormular 11.3.0.4235" = ElsterFormular
"F-Secure Product 444" = F-Secure Internet Security 2010
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"HotspotShield" = Hotspot Shield 1.49
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PraxisOrganizer" = PraxisOrganizer
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.09.2010 06:18:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 09.09.2010 06:18:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 09.09.2010 07:35:36 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 09.09.2010 07:35:36 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 09.09.2010 08:13:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 09.09.2010 08:13:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 09.09.2010 09:14:36 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 09.09.2010 09:14:36 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 09.09.2010 10:10:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 09.09.2010 10:10:49 | Computer Name = LAPTOP-GMELIN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
[ System Events ]
Error - 13.09.2010 12:13:11 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.34.48.32 for the Network Card with network
 address 00FF0AC17DA8 has been  denied by the DHCP server 10.46.87.254 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 14.09.2010 00:42:28 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.46.80.15 for the Network Card with network
 address 00FF0AC17DA8 has been  denied by the DHCP server 10.48.31.254 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 14.09.2010 05:17:55 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.48.24.76 for the Network Card with network
 address 00FF0AC17DA8 has been  denied by the DHCP server 10.2.31.254 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 14.09.2010 06:28:12 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.2.24.80 for the Network Card with network 
address 00FF0AC17DA8 has been  denied by the DHCP server 10.6.63.254 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 14.09.2010 07:55:52 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.6.56.19 for the Network Card with network 
address 00FF0AC17DA8 has been  denied by the DHCP server 10.12.39.254 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 15.09.2010 00:29:45 | Computer Name = LAPTOP-GMELIN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Windows Internet Explorer 7 for Windows XP.
 
Error - 15.09.2010 00:59:33 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.12.32.17 for the Network Card with network
 address 00FF0AC17DA8 has been  denied by the DHCP server 10.62.15.254 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 15.09.2010 12:39:41 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.62.8.55 for the Network Card with network 
address 00FF0AC17DA8 has been  denied by the DHCP server 10.14.71.254 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 15.09.2010 14:56:33 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.14.64.4 for the Network Card with network 
address 00FF0AC17DA8 has been  denied by the DHCP server 10.35.23.254 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 16.09.2010 00:52:50 | Computer Name = LAPTOP-GMELIN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.35.16.96 for the Network Card with network
 address 00FF0AC17DA8 has been  denied by the DHCP server 10.51.23.254 (The DHCP Server
 sent a DHCPNACK message).
 
 
< End of report >
         
--- --- ---


Alt 16.09.2010, 18:52   #6
markusg
/// Malware-holic
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



welche f-secure version nutzt du?
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Alt 16.09.2010, 19:20   #7
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



F secure Internet security 2010 (logfile kommt noch)

Alt 16.09.2010, 19:25   #8
markusg
/// Malware-holic
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



ok, da machen wir noch ein upgrade auf die version 2011

Alt 16.09.2010, 20:18   #9
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



Hier das combofixlogfile




Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-16.03 - Dr. Ulrich Gmelin 16.09.2010  20:42:27.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.1023.554 [GMT 2:00]
ausgeführt von:: c:\documents and settings\Dr. Ulrich Gmelin\Desktop\ComboFix.exe
AV: F-Secure Internet Security 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW:  *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG608D.tmp
c:\windows\system\bantam.dll
c:\windows\system\blw32.dll
c:\windows\system\idapi32.dll
c:\windows\system\idodbc32.dll
c:\windows\system\idr20007.dll
c:\windows\system\idr20009.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-16 bis 2010-09-16  ))))))))))))))))))))))))))))))
.

2010-09-16 11:34 . 2010-09-16 11:34	--------	d-----w-	c:\program files\Enigma Software Group
2010-09-16 11:34 . 2010-09-16 11:49	--------	d-----w-	c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-09-16 11:33 . 2010-09-16 11:33	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-09-15 05:46 . 2010-09-16 04:48	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\SSH
2010-09-15 05:44 . 2010-09-15 05:45	--------	d-----w-	c:\program files\SSH Secure Shell
2010-09-15 05:43 . 2010-09-15 05:43	--------	d-----w-	c:\documents and settings\DR6590~1~ULR\LOCALS~1
2010-09-15 05:43 . 2010-09-15 05:43	--------	d-----w-	c:\documents and settings\DR6590~1~ULR
2010-09-14 19:29 . 2010-09-14 20:04	--------	d-----w-	c:\program files\SSHTunnelClient
2010-09-07 18:39 . 2010-09-07 18:39	--------	d-----w-	c:\program files\Conduit
2010-09-07 18:39 . 2010-09-07 18:39	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Conduit
2010-09-07 18:39 . 2010-09-16 11:47	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Hotspot_Shield
2010-09-07 18:39 . 2010-09-16 11:48	--------	d-----w-	c:\program files\Hotspot_Shield
2010-09-07 18:36 . 2010-09-07 18:39	--------	d-----w-	C:\Hotspot Shield
2010-09-07 18:36 . 2010-09-07 18:39	--------	d-----w-	c:\program files\Hotspot Shield
2010-09-01 08:00 . 2010-09-01 08:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Vodafone
2010-09-01 07:59 . 2010-09-01 07:59	--------	d-----w-	c:\program files\Vodafone
2010-08-28 19:38 . 2000-10-02 10:27	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2010-08-28 19:38 . 1998-06-17 22:00	89360	----a-w-	c:\windows\system32\VB5DB.DLL
2010-08-28 19:38 . 2010-08-28 19:38	--------	d-----w-	c:\program files\Convar
2010-08-28 19:38 . 2002-02-28 07:46	217088	----a-w-	c:\windows\system32\DartSock.dll
2010-08-28 19:38 . 2002-02-21 08:12	118784	----a-w-	c:\windows\system32\DartWeb.dll
2010-08-28 19:38 . 1998-06-13 20:53	44544	----a-w-	c:\windows\system32\Gif89.dll
2010-08-28 19:38 . 2003-07-18 11:58	516784	----a-r-	c:\windows\system32\XceedCry.dll
2010-08-28 19:31 . 2010-08-28 19:31	--------	d-----w-	c:\program files\PC Inspector File Recovery
2010-08-28 17:51 . 2010-08-28 19:30	--------	d-----w-	c:\program files\Stellar Phoenix Photo Recovery

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 13:37 . 2009-08-14 14:23	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-09-16 12:08 . 2010-07-22 14:04	--------	d-----w-	c:\program files\Steam
2010-09-16 11:53 . 2009-08-14 05:11	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-09-16 10:26 . 2009-08-14 14:52	1	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-16 07:32 . 2009-09-06 16:45	1235	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\SAS7_000.DAT
2010-09-15 05:45 . 2009-08-13 17:40	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-09 12:27 . 2009-09-14 09:33	--------	d-----w-	c:\program files\Opera
2010-09-01 09:39 . 2010-05-17 18:33	--------	d-----w-	c:\program files\MWconn
2010-08-31 10:00 . 2009-08-13 18:27	41624	----a-w-	c:\windows\system32\drivers\fsbts.sys
2010-08-29 06:15 . 2010-03-04 16:39	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\U3
2010-08-28 19:20 . 2009-08-13 19:16	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\F-Secure
2010-08-17 13:17 . 2003-03-31 19:00	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-15 08:10 . 2009-08-13 17:25	87340	----a-w-	c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-08-08 09:53 . 2010-08-08 09:53	61440	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7ddcd765-n\decora-sse.dll
2010-08-08 09:53 . 2010-08-08 09:53	503808	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5d04deb7-n\msvcp71.dll
2010-08-08 09:53 . 2010-08-08 09:53	499712	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5d04deb7-n\jmc.dll
2010-08-08 09:53 . 2010-08-08 09:53	348160	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5d04deb7-n\msvcr71.dll
2010-08-08 09:53 . 2010-08-08 09:53	12800	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7ddcd765-n\decora-d3d.dll
2010-08-07 12:42 . 2010-03-31 18:02	--------	d-----w-	c:\program files\Safari
2010-08-07 12:38 . 2010-08-07 12:38	72488	----a-w-	c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-03 05:19 . 2009-08-13 18:27	--------	d-----w-	c:\program files\Common Files\Java
2010-08-03 05:19 . 2009-08-13 18:27	--------	d-----w-	c:\program files\Java
2010-07-25 16:37 . 2010-04-03 12:50	14776	---ha-w-	c:\windows\system32\mlfcache.dat
2010-07-24 14:00 . 2010-03-23 14:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2010-07-24 14:00 . 2010-03-23 14:56	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Skype
2010-07-24 13:56 . 2010-03-23 14:59	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\skypePM
2010-07-22 15:49 . 2003-03-31 19:00	590848	----a-w-	c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-08-14 05:33	5120	----a-w-	c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-06-25 05:15	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2003-03-31 19:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-23 13:44 . 2003-03-31 19:00	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-23 02:48 . 2010-06-23 02:48	37376	----a-w-	c:\windows\system32\drivers\HssDrv.sys
2010-06-23 02:47 . 2010-06-23 02:47	32768	----a-w-	c:\windows\system32\drivers\taphss.sys
2010-06-21 15:27 . 2003-03-31 19:00	354304	----a-w-	c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-09-16 2735200]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-09-16 11:48	2735200	----a-w-	c:\program files\Hotspot_Shield\tbHot1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-09-16 2735200]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-09-16 2735200]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-28 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-03 88267]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-23 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-23 536576]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-02 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 335872]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2009-07-09 199264]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2009-07-09 2349664]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"PspContr"="PspContr.Exe" [2003-10-01 376832]
"PspUsbCf"="PspUsbCf.exe" [2003-10-01 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Dr. Ulrich Gmelin\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\jedi academy\\GameData\\jasp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\jedi academy\\GameData\\jamp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13621:UDP"= 13621:UDP:MFP Bot Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [13.08.2009 20:27 41624]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [13.08.2009 20:19 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [13.08.2009 20:18 68064]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20.04.2009 17:20 9216]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [13.08.2009 20:17 124072]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [13.08.2009 19:48 27008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.07.2010 13:20 136176]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [13.08.2009 20:18 58024]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17.05.2010 20:05 7680]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [17.05.2010 20:07 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [17.05.2010 20:06 105344]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [13.08.2009 20:17 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [13.08.2009 20:17 25184]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - winevvii
.
Inhalt des "geplante Tasks" Ordners

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 11:19]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 11:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
IE: Senden an &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
TCP: {C789C896-85AD-4677-AFA1-B37C64724A90} = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-RecordNow! - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-16 20:48
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????????4?|H]?|?????? ???B???????????????B? ?????? 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1704)
c:\windows\system32\COMRes.dll
c:\program files\f-secure internet security\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(1760)
c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
c:\program files\f-secure internet security\hips\fshook32.dll
.
Zeit der Fertigstellung: 2010-09-16  20:50:44
ComboFix-quarantined-files.txt  2010-09-16 18:50

Vor Suchlauf: 52.499.468.288 bytes free
Nach Suchlauf: 54.395.953.152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 2259CDAF3EEAF7452945E9137CBF17E0
         
--- --- ---

Alt 16.09.2010, 20:22   #10
markusg
/// Malware-holic
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



Lade SystemLook von jpshortstuff herunter und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe
Doppelklick auf die SystemLook.exe, um das Tool zu starten.
user von windows seven und vista rechtsklick und als admin ausführen.
kopiere ein:

:filefind
sysdat.dll
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert, diese posten.

Alt 16.09.2010, 20:41   #11
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



SystemLook 04.09.10 by jpshortstuff
Log created at 21:38 on 16/09/2010 by Dr. Ulrich Gmelin
Administrator - Elevation successful

========== filefind ==========

Searching for "sysdat.dll"
No files found.

-= EOF =-

Alt 17.09.2010, 08:08   #12
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



Die sysdat.dll wurde nicht gefunden, auch nicht durch die Windows - Suche. Beim Start des IE wird dennoch weiterhin Alarm geschlagen.

Alt 17.09.2010, 08:51   #13
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



Mist!!!!!

Ich habe Mist gebaut. Die Datei heisst sysadt.dll (ist aber auch link!). Die datei entsteht nach Neustart des Computers immer wieder neu, um dann nach IE-Start von Fsecure wieder gelöscht zu werden.


Hier das logfile:

SystemLook 04.09.10 by jpshortstuff
Log created at 09:47 on 17/09/2010 by Dr. Ulrich Gmelin
Administrator - Elevation successful

========== filefind ==========

Searching for "sysadt.dll"
C:\WINDOWS\system32\sysadt.dll ------- 458752 bytes [19:00 31/03/2003] [19:00 31/03/2003] (Unable to calculate MD5)

-= EOF =-

Alt 17.09.2010, 10:13   #14
markusg
/// Malware-holic
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



passt schon.

start programme zubehör editor, kopiere rein:

Killall::
Rootkit::
C:\WINDOWS\system32\sysadt.dll

Datei speichern unter, typ alle dateien, speicherort, dort wo sich combofix.exe befindet.
name
cfscript.txt
ziehe cfscript auf combofix, programm startet, log posten.

Alt 17.09.2010, 11:49   #15
Uli2222
 
Trojan.Generic.4060291 entfernen - Standard

Trojan.Generic.4060291 entfernen



Da isses


Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-16.03 - Dr. Ulrich Gmelin 17.09.2010  12:35:35.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.1023.716 [GMT 2:00]
ausgeführt von:: c:\documents and settings\Dr. Ulrich Gmelin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\documents and settings\Dr. Ulrich Gmelin\Desktop\cfscript.txt
AV: F-Secure Internet Security 2011 10.50 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2011 10.50 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-17 bis 2010-09-17  ))))))))))))))))))))))))))))))
.

2010-09-16 11:34 . 2010-09-16 11:34	--------	d-----w-	c:\program files\Enigma Software Group
2010-09-16 11:34 . 2010-09-16 11:49	--------	d-----w-	c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-09-16 11:33 . 2010-09-16 11:33	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-09-15 05:46 . 2010-09-16 04:48	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\SSH
2010-09-15 05:44 . 2010-09-15 05:45	--------	d-----w-	c:\program files\SSH Secure Shell
2010-09-15 05:43 . 2010-09-15 05:43	--------	d-----w-	c:\documents and settings\DR6590~1~ULR\LOCALS~1
2010-09-15 05:43 . 2010-09-15 05:43	--------	d-----w-	c:\documents and settings\DR6590~1~ULR
2010-09-14 19:29 . 2010-09-14 20:04	--------	d-----w-	c:\program files\SSHTunnelClient
2010-09-07 18:39 . 2010-09-07 18:39	--------	d-----w-	c:\program files\Conduit
2010-09-07 18:39 . 2010-09-07 18:39	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Conduit
2010-09-07 18:39 . 2010-09-17 05:57	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Local Settings\Application Data\Hotspot_Shield
2010-09-07 18:39 . 2010-09-16 11:48	--------	d-----w-	c:\program files\Hotspot_Shield
2010-09-07 18:36 . 2010-09-07 18:39	--------	d-----w-	C:\Hotspot Shield
2010-09-07 18:36 . 2010-09-07 18:39	--------	d-----w-	c:\program files\Hotspot Shield
2010-09-01 08:00 . 2010-09-01 08:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\Vodafone
2010-09-01 07:59 . 2010-09-01 07:59	--------	d-----w-	c:\program files\Vodafone
2010-08-28 19:38 . 2000-10-02 10:27	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2010-08-28 19:38 . 1998-06-17 22:00	89360	----a-w-	c:\windows\system32\VB5DB.DLL
2010-08-28 19:38 . 2010-08-28 19:38	--------	d-----w-	c:\program files\Convar
2010-08-28 19:38 . 2002-02-28 07:46	217088	----a-w-	c:\windows\system32\DartSock.dll
2010-08-28 19:38 . 2002-02-21 08:12	118784	----a-w-	c:\windows\system32\DartWeb.dll
2010-08-28 19:38 . 1998-06-13 20:53	44544	----a-w-	c:\windows\system32\Gif89.dll
2010-08-28 19:38 . 2003-07-18 11:58	516784	----a-r-	c:\windows\system32\XceedCry.dll
2010-08-28 19:31 . 2010-08-28 19:31	--------	d-----w-	c:\program files\PC Inspector File Recovery
2010-08-28 17:51 . 2010-08-28 19:30	--------	d-----w-	c:\program files\Stellar Phoenix Photo Recovery

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 10:42 . 2010-07-22 14:04	--------	d-----w-	c:\program files\Steam
2010-09-17 08:48 . 2009-08-14 14:23	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-09-17 08:19 . 2009-08-13 18:27	41624	----a-w-	c:\windows\system32\drivers\fsbts.sys
2010-09-17 08:15 . 2009-08-13 18:17	--------	d-----w-	c:\program files\F-Secure Internet Security
2010-09-17 08:11 . 2009-08-13 18:19	81800	----a-w-	c:\windows\system32\drivers\fsdfw.sys
2010-09-17 08:08 . 2009-08-13 18:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\fssg
2010-09-17 08:03 . 2009-08-14 05:11	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-09-17 07:32 . 2009-09-06 16:45	1235	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\SAS7_000.DAT
2010-09-17 07:13 . 2009-08-14 14:52	1	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-15 05:45 . 2009-08-13 17:40	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-09 12:27 . 2009-09-14 09:33	--------	d-----w-	c:\program files\Opera
2010-09-01 09:39 . 2010-05-17 18:33	--------	d-----w-	c:\program files\MWconn
2010-08-29 06:15 . 2010-03-04 16:39	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\U3
2010-08-28 19:20 . 2009-08-13 19:16	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\F-Secure
2010-08-17 13:17 . 2003-03-31 19:00	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-15 08:10 . 2009-08-13 17:25	87340	----a-w-	c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-08-08 09:53 . 2010-08-08 09:53	61440	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7ddcd765-n\decora-sse.dll
2010-08-08 09:53 . 2010-08-08 09:53	503808	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5d04deb7-n\msvcp71.dll
2010-08-08 09:53 . 2010-08-08 09:53	499712	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5d04deb7-n\jmc.dll
2010-08-08 09:53 . 2010-08-08 09:53	348160	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5d04deb7-n\msvcr71.dll
2010-08-08 09:53 . 2010-08-08 09:53	12800	----a-w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7ddcd765-n\decora-d3d.dll
2010-08-07 12:42 . 2010-03-31 18:02	--------	d-----w-	c:\program files\Safari
2010-08-07 12:38 . 2010-08-07 12:38	72488	----a-w-	c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-03 05:19 . 2009-08-13 18:27	--------	d-----w-	c:\program files\Common Files\Java
2010-08-03 05:19 . 2009-08-13 18:27	--------	d-----w-	c:\program files\Java
2010-07-25 16:37 . 2010-04-03 12:50	14776	---ha-w-	c:\windows\system32\mlfcache.dat
2010-07-24 14:00 . 2010-03-23 14:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2010-07-24 14:00 . 2010-03-23 14:56	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\Skype
2010-07-24 13:56 . 2010-03-23 14:59	--------	d-----w-	c:\documents and settings\Dr. Ulrich Gmelin\Application Data\skypePM
2010-07-22 15:49 . 2003-03-31 19:00	590848	----a-w-	c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-08-14 05:33	5120	----a-w-	c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-06-25 05:15	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2003-03-31 19:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-23 13:44 . 2003-03-31 19:00	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-23 02:48 . 2010-06-23 02:48	37376	----a-w-	c:\windows\system32\drivers\HssDrv.sys
2010-06-23 02:47 . 2010-06-23 02:47	32768	----a-w-	c:\windows\system32\drivers\taphss.sys
2010-06-21 15:27 . 2003-03-31 19:00	354304	----a-w-	c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-09-16 2735200]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-09-16 11:48	2735200	----a-w-	c:\program files\Hotspot_Shield\tbHot1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-09-16 2735200]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-09-16 2735200]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-28 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-03 88267]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-23 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-23 536576]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-02 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 335872]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2010-09-17 200360]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2010-09-17 1654440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"PspContr"="PspContr.Exe" [2003-10-01 376832]
"PspUsbCf"="PspUsbCf.exe" [2003-10-01 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Dr. Ulrich Gmelin\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\jedi academy\\GameData\\jasp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\jedi academy\\GameData\\jamp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13621:UDP"= 13621:UDP:MFP Bot Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [13.08.2009 20:27 41624]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [13.08.2009 20:19 81800]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [13.08.2009 20:18 71496]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20.04.2009 17:20 9216]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [13.08.2009 20:17 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [13.08.2009 20:18 58024]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [13.08.2009 19:48 27008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.07.2010 13:20 136176]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17.05.2010 20:05 7680]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [17.05.2010 20:07 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [17.05.2010 20:06 105344]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [13.08.2009 20:17 40872]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [13.08.2009 20:17 26280]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - winevvii
.
Inhalt des "geplante Tasks" Ordners

2010-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 11:19]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 11:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
IE: Senden an &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
TCP: {C789C896-85AD-4677-AFA1-B37C64724A90} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-17 12:41
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?9?4?4??????? ???B???????????????B? ?????? 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(1744)
c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(3564)
c:\program files\F-Secure Internet Security\Spam Control\fsscoepl.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\System32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\AGRSMMSG.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure Internet Security\Common\FSMA32.EXE
c:\program files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\F-Secure Internet Security\Common\FSHDLL32.EXE
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\PspContr.Exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fssm32.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-17  12:46:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-17 10:46
ComboFix2.txt  2010-09-16 18:50

Vor Suchlauf: 54.130.880.512 bytes free
Nach Suchlauf: 54.116.417.536 bytes free

- - End Of File - - F4D806EBC4A3C675CD25A1848DEF5071
         
--- --- ---

Antwort

Themen zu Trojan.Generic.4060291 entfernen
.dll, entfern, entferne, entfernen, erneute, f-secure, gestartet, kriege, melde, opera, sofort, system, troja, trojan.generic., versehentlich, virusbefall, wiederholt



Ähnliche Themen: Trojan.Generic.4060291 entfernen


  1. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  2. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  3. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  4. Windows7:Kapersky findet HEUR:Trojan.Win32.generic und Trojan.Downloader.Win32MultiDL (Arbeitspc!)
    Log-Analyse und Auswertung - 15.11.2013 (9)
  5. Sicheres Entfernen von Trojan.Win32 Generic!BT
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (25)
  6. Trojan.Sirefef.MC und Trojan.Generic.8253580 lassen sich nicht entfernen!
    Log-Analyse und Auswertung - 23.02.2013 (9)
  7. Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (20)
  8. Trojan Sirefek KD Trojan Generic 7656944
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (3)
  9. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (3)
  10. Trojaner Generic-FRAX!EF3DA767ACD3 Trojan entdeckt bei Versuch unbekannten Trojaner zu entfernen
    Mülltonne - 04.08.2012 (1)
  11. Virenfund Trojan.Generic.7552386 und Trojan.Sirefef.FY nach GVU-Befall
    Log-Analyse und Auswertung - 03.08.2012 (15)
  12. Trojan.SpyEye.config-251 und Trojan.Generic.KD.227292
    Log-Analyse und Auswertung - 10.06.2011 (5)
  13. Gen: Trojan.Heur.GM.01E0000002 und Trojan.Generic.4033639 von BitDefender Internet Security 2011 gef
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (1)
  14. HEUR:Trojan.Win32.Generic entfernen
    Log-Analyse und Auswertung - 24.01.2011 (27)
  15. Trojan.Generic.IS.541395 und Trojan.Script.190190
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (17)
  16. Trojan.Agent (evtl. Trojan.Generic)
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  17. HEUR:Trojan.Win32.Generic entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.01.2009 (1)

Zum Thema Trojan.Generic.4060291 entfernen - Hallo Heute habe ich versehentlich den IE gestartet (sonst nehme ich Opera), worauf mein F-secure sofort einen Virusbefall von sysdat.dll mit trojan.generic.4060291 meldete und ihn auch entfernte. Leider reproduziert sich - Trojan.Generic.4060291 entfernen...
Archiv
Du betrachtest: Trojan.Generic.4060291 entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.