Trojaner-Board
Seite 4 von 5 « Erste 23 4 5
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig (https://www.trojaner-board.de/85593-firefox-oeffnet-werbetabs-internet-explorer-oeffnet-selbststaendig.html)

Dingens 03.05.2010 21:24
hm also fragst du nach, oder war das ne aufforderung an mich?^^

Chris4You 03.05.2010 21:26
Hi,
habe in informiert, notebook hat 10% und ist gleich am ende...
chris

Dingens 03.05.2010 21:28
Okay, dann vielen vielen Dank für deine Hilfe bisher, und viel Erfolg oder alernativ Spaß, je nach dem wo es hingeht!

Grüße, Dingens

Dingens 03.05.2010 22:22
so, und das MBAM file, in der Hoffnung dass Cosinus mich dann hier weiter rettet ;)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4063

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.05.2010 23:21:28
mbam-log-2010-05-03 (23-21-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 259904
Laufzeit: 1 Stunde(n), 15 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{2D027706-BDA8-44C7-B3BE-152C808770CB}\RP261\A0065535.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D027706-BDA8-44C7-B3BE-152C808770CB}\RP261\A0065546.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.

Dingens 04.05.2010 07:54
so guten morgen an denjenigen, der das hier hoffentlich irgendwann mal liest ;)

Der Taskordner war wieder randvoll, hab nu manuell einfach alle Einträge gelöscht. Sonst bisher nix auffälliges, ich lass einfach nochmal Trend Micro laufen.

Dingens 04.05.2010 21:30
so, n funktionierten GMER scan später:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-04 16:27:04
Windows 5.1.2600 Service Pack 3
Running: dees8bjo.exe; Driver: C:\DOKUME~1\Dominik!\LOKALE~1\Temp\axldapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F7F360, 0x3D46A5, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB48BCA00]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB384A300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83D0300, 0x1BEE, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF3 0x36 0xF0 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAB 0xE3 0x58 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF3 0xBB 0xAF 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF3 0x36 0xF0 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xAB 0xE3 0x58 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF3 0xBB 0xAF 0xBA ...

---- EOF - GMER 1.0.15 ----

Grüße, Dingens

Dingens 04.05.2010 23:41
Trend micro springt immer noch an, die komische .exe is wieder aufgetaucht, es erscheinen immer noch tasks im Taksplanungsordner ... Hilfe! ^^

Dingens 05.05.2010 08:49
ComboFix mit wiederherstellungskonsole:

ComboFix 10-05-02.01 - Dominik! 05.05.2010 0:53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1586 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Dominik!\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Dominik!\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
PEV Error: UserFile

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \461883920\461883920.fb
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \461883920\Messages.mdb
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \461883920\Owner.mdb
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \461883920\XtrazPrefs\bd_reminder\Prefs.xml
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \461883920\XtrazPrefs\icq_welcome\Prefs.xml
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \Application.mdb
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\1\0BA0869CB08D7832CA62BF4517E344B7
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\1\0BE6F4D006AA2184C6997C32DD1469C7
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\1\474DE2C62BF150F707F7AB1F096A881C
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\1\5B7EBF10DBD57C3EED1BC5880C855673
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\1\7F1B07BBE8AD52378CC1D1B40A209201
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\1\A313FDB79A1651294C9AFECF5849E3C9
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\1\A5DE842B846672355B98A2FCA0E35041
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\1\D29C8704A4B94373AA985EF7670FF083
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\2973B103BD3FB3CB90AECDA3B95DC860
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\314CEABD0AB95BF351B2DCECB07021E2
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\558DA98803FE301F1AADD8DA9874CDC0
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\58C20A5636D5F104D907A5F5F3177F07
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\636E0893162CD044F034FE970EBA75D1
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\6E0999A1A94260C83484899A2D905BAE
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\8836E5952881C448B4BD9DEB96B7F33E
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\8E778CFAE7110839C1C9D855B0646C62
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\9BD982EA29048F63AF04B3A070D8A33B
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \bart\12\E52F39F3456BBBEE52D66DC0F7A5E4A2
c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ \icq.dat

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-04 bis 2010-05-04 ))))))))))))))))))))))))))))))
.

2015-08-24 12:48 . 2015-08-24 12:48 -------- d-----w- c:\programme\Alcohol Soft
2015-08-24 12:46 . 2015-08-24 12:46 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-03 19:03 . 2010-05-03 19:03 -------- d-----w- C:\_OTL
2010-05-02 17:58 . 2010-05-02 17:59 -------- d-----w- C:\rsit
2010-05-02 17:38 . 2010-05-02 17:38 -------- d-----w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Malwarebytes
2010-05-02 17:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-02 17:38 . 2010-05-02 17:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-02 17:37 . 2010-05-02 17:38 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-02 17:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-02 09:25 . 2010-05-02 17:33 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-02 09:25 . 2010-05-02 09:27 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-05-02 08:36 . 2010-05-02 18:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-28 14:03 . 2010-03-17 20:36 1507328 ----a-w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Dropbox\cache\2010-05-02\Project1 (deleted 4ba13d5a-170000-1cd005d3d33).exe
2010-04-27 20:33 . 2010-04-27 20:33 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2010-04-23 18:48 . 2010-05-04 22:41 -------- d-----w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Xfire
2010-04-23 18:48 . 2010-05-04 07:30 -------- d-----w- c:\programme\Xfire
2010-04-20 20:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-19 20:11 . 2010-05-03 18:40 -------- d-----w- c:\programme\QuickTime
2010-04-19 20:11 . 2010-04-19 20:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-04-16 20:30 . 2010-04-16 20:30 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-04-10 16:41 . 2010-04-10 16:41 -------- d-----w- c:\programme\SopCast

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 22:30 . 2009-09-02 17:58 -------- d-----w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Dropbox
2010-05-04 21:28 . 2009-12-06 20:10 -------- d-----w- c:\programme\Steam
2010-05-04 20:23 . 2010-01-08 16:49 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-05-03 18:40 . 2009-07-21 14:16 -------- d-----w- c:\programme\ICQ6.5
2010-05-03 07:11 . 2009-07-21 14:16 -------- d-----w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\ICQ
2010-05-02 09:16 . 2010-01-08 16:49 -------- d-----w- c:\programme\Gemeinsame Dateien\BinarySense
2010-04-28 20:58 . 2009-10-10 05:05 -------- d-----w- c:\programme\Wecker6
2010-04-28 16:43 . 2010-03-13 13:04 -------- d-----w- c:\programme\Gemeinsame Dateien\Akamai
2010-04-26 17:14 . 2010-01-09 15:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-04-16 10:42 . 2009-08-03 10:20 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-04-14 23:29 . 2009-10-02 14:05 -------- d-----w- c:\programme\Google
2010-04-04 14:47 . 2009-08-02 13:12 -------- d-----w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\vlc
2010-03-28 08:10 . 2002-08-29 12:00 64788 ----a-w- c:\windows\system32\perfc007.dat
2010-03-28 08:10 . 2002-08-29 12:00 394840 ----a-w- c:\windows\system32\perfh007.dat
2010-03-14 11:09 . 2010-03-13 12:57 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2010-03-13 20:35 . 2010-03-13 20:35 -------- d-----w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Apple Computer
2010-03-13 12:59 . 2009-07-21 12:38 98152 ----a-w- c:\dokumente und einstellungen\Dominik!\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-13 12:50 . 2010-03-13 12:50 -------- d-----w- c:\programme\Adobe Media Player
2010-03-13 12:49 . 2010-03-13 12:49 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe AIR
2010-03-13 12:44 . 2010-03-13 12:44 -------- d-----w- c:\programme\Gemeinsame Dateien\Macrovision Shared
2010-03-13 12:19 . 2010-03-13 11:22 -------- d-----w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Download Manager
2010-03-13 11:07 . 2009-07-21 14:26 -------- d-----w- c:\programme\World of Warcraft
2010-03-13 10:46 . 2010-01-29 09:44 -------- d-----w- c:\programme\JDownloader
2010-03-13 10:41 . 2009-10-31 11:22 -------- d-----w- c:\programme\EA GAMES
2010-03-13 10:39 . 2009-07-21 11:47 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-03-13 10:38 . 2009-07-29 20:10 -------- d-----w- c:\programme\Ubisoft
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 07:47 . 2009-09-02 17:58 91696 ----a-w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\Uninstall.exe
2010-02-26 07:46 . 2010-02-26 07:46 13264416 ----a-w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\Dropbox.exe
2010-02-25 06:15 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:04 . 2002-08-29 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2002-08-29 03:41 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2003-11-06 08:09 . 2010-01-03 11:06 2206317 ----a-w- c:\programme\Gemeinsame Dateien\Fontinfo.hlp
1996-04-09 21:47 . 2010-01-03 11:06 766 ----a-w- c:\programme\Gemeinsame Dateien\Will.ico
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
.
Code:
<pre>
c:\programme\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\programme\Alcohol Soft\Alcohol 120\axcmd .exe
c:\programme\Analog Devices\Core\smax4pnp .exe
c:\programme\Analog Devices\SoundMAX\smax4 .exe
c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM .exe
c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\programme\ICQ6.5\ICQ .exe
c:\programme\QuickTime\qttask      .exe
c:\programme\QuickTime\qttask    .exe
c:\programme\QuickTime\qttask    .exe
c:\programme\QuickTime\qttask  .exe
c:\programme\QuickTime\qttask  .exe
</pre>
------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\drivers\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\drivers\System32\DRIVERS\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-02_19.47.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-04 20:24 . 2010-05-04 20:24 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ "="c:\programme\ICQ6.5\ICQ .exe silent" [X]
"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-05-03 35848]
"ICQ"="c:\programme\ICQ6.5\ICQ.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programme\QuickTime\qttask .exe -atboottime" [X]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2010-05-01 35844]
"UfSeAgnt.exe"="c:\programme\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-01-31 1398024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-05-01 35844]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-05-01 35844]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Dominik!\Startmen\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Dominik!^Startmenü^Programme^Autostart^Wecker für Windows 6.lnk]
path=c:\dokumente und einstellungen\Dominik!\Startmenü\Programme\Autostart\Wecker für Windows 6.lnk
backup=c:\windows\pss\Wecker für Windows 6.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programme\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
2004-08-10 15:20 106496 ----a-w- c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\programme\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-28 09:48 1238352 ----a-w- c:\programme\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-15 13:50 149280 ----a-w- c:\programme\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Dokumente und Einstellungen\\Dominik!\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [15.02.2008 23:39 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [15.02.2008 23:39 333328]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [02.10.2009 16:05 133104]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [04.08.2009 02:28 52624]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [04.08.2009 02:28 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\programme\Trend Micro\Internet Security\TmProxy.exe [04.08.2009 02:28 648456]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.08.2015 14:46 721904]
.
Inhalt des "geplante Tasks" Ordners

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-02 14:05]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-02 14:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Dominik!\Anwendungsdaten\Mozilla\Firefox\Profiles\q17mbo88.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 00:57
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\adsldpc.dll
.
Zeit der Fertigstellung: 2010-05-05 00:58:27
ComboFix-quarantined-files.txt 2010-05-04 22:58
ComboFix2.txt 2010-05-02 19:49

Vor Suchlauf: 5.925.416.960 Bytes frei
Nach Suchlauf: 5.901.045.760 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - D0CDB3331EFC2FC750B80470673050BA

cosinus 05.05.2010 09:32
Hallo,

ich muss mich ein wenig in den Strang hineinarbeiten. Besteht das ursprüngliche Problem immer noch?

Unabhängig davon würde ich gern mal frische Logs von OTL sehen. Bitte erstell auch welche mit GMER und OSAM und poste diese (gerne auch gezippt).

Dingens 05.05.2010 09:35
gstern Abend tauchten wieder einige Popups auf, seit dem letzten ComboFix scan von heut Nacht (hatte einfach nochmal laufen lassen, weil letztes mal die wiederherstellungskonsole nicht wollte) aber nicht mehr.
Das Erstellen neuer Tasks hab ich in der Registry geblockt, seitdem ist da Ruhe. Also wenn du das selber brauchst, müsst ichs wieder anmachen.

Logs kommen nu in der gewünschten Reihenfolge.

Grüße

Dingens 05.05.2010 21:47
So, tut mir leid dass es solange gebraucht hat, aber GMER war heut Nachmittag noch nicht fertig, und ich war dann unterwegs.

Hier schonmal die beiden OTL logs und n neuer GMER log:

OTL.txt:

Code:
OTL logfile created on: 05.05.2010 10:37:33 - Run 2
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Dokumente und Einstellungen\Dominik!\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,80 Gb Total Space | 5,51 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 3,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DOMINIK
Current User Name: Dominik!
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Dominik!\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\Analog Devices\Core\smax4pnp .exe (Analog Devices, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Dominik!\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (HDDlife HDD Access service) -- C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe (BinarySense, Inc.)
SRV - (TmPfw) -- C:\Programme\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Programme\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (TMBMServer) -- C:\Programme\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) --  File not found
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "213.164.26.4"
FF - prefs.js..network.proxy.http_port: 2301
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.28 18:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.19 22:13:00 | 000,000,000 | ---D | M]
 
[2009.07.21 15:50:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dominik!\Anwendungsdaten\Mozilla\Extensions
[2010.05.01 09:54:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dominik!\Anwendungsdaten\Mozilla\Firefox\Profiles\q17mbo88.default\extensions
[2010.05.04 22:34:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.14 10:47:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 10:47:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 10:47:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 10:47:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 10:47:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2002.08.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask      .exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe ()
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [ICQ ] C:\Programme\ICQ6.5\ICQ .exe (ICQ, LLC.)
O4 - Startup: C:\Dokumente und Einstellungen\Dominik!\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248177912125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.21 13:10:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.08.24 14:48:37 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft
[2015.08.24 14:46:57 | 000,721,904 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.05.05 00:49:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.05 00:47:08 | 004,631,272 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[2010.05.03 21:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dominik!\Desktop\tdsskiller
[2010.05.03 21:03:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.05.03 20:20:09 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\OTL.exe
[2010.05.02 20:55:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.05.02 20:55:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.05.02 20:55:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.05.02 20:55:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.05.02 20:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.02 20:50:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.02 19:58:55 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.02 19:38:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dominik!\Anwendungsdaten\Malwarebytes
[2010.05.02 19:38:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.02 19:38:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.05.02 19:37:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.02 19:37:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.02 19:36:46 | 006,153,376 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\mbam-setup-1.46.exe
[2010.05.02 19:33:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Dominik!\Recent
[2010.05.02 11:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.05.02 11:25:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.05.02 11:23:33 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\spybotsd162.exe
[2010.05.02 11:16:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.05.02 10:36:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Google
[2010.04.28 22:22:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dominik!\Desktop\backups
[2010.04.28 22:04:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\HiJackThis.exe
[2010.04.27 22:28:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.04.27 22:28:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.04.23 20:48:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dominik!\Anwendungsdaten\Xfire
[2010.04.23 20:48:06 | 000,000,000 | ---D | C] -- C:\Programme\Xfire
[2010.04.22 18:44:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dominik!\Desktop\mist
[2010.04.20 22:08:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.04.19 22:11:10 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.04.19 22:11:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.04.19 22:02:47 | 033,850,672 | ---- | C] (Apple Inc.) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\QuickTimeInstaller.exe
[2010.04.17 17:58:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Deutsch Abi
[2010.04.10 18:41:03 | 000,000,000 | ---D | C] -- C:\Programme\SopCast
[2010.04.10 18:40:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dominik!\Desktop\SopCast329
[2009.07.21 16:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dominik!\Anwendungsdaten\ICQ
 
========== Files - Modified Within 30 Days ==========
 
[2015.08.24 14:48:42 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk
[2015.08.24 14:46:57 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.05.05 10:26:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.05 09:48:13 | 000,001,458 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ6.5.lnk
[2010.05.05 00:58:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.05 00:57:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.05 00:50:03 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.05 00:47:31 | 004,631,272 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[2010.05.04 22:23:29 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.05.04 22:23:28 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.04 22:23:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.04 09:35:44 | 007,340,032 | -H-- | M] () -- C:\Dokumente und Einstellungen\Dominik!\NTUSER.DAT
[2010.05.04 09:35:44 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Dominik!\ntuser.ini
[2010.05.03 21:50:37 | 000,154,469 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\tdsskiller.zip
[2010.05.03 20:43:39 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin
[2010.05.03 20:43:37 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin
[2010.05.03 20:20:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\OTL.exe
[2010.05.03 10:31:41 | 115,565,568 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2010.05.03 09:34:46 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\dees8bjo.exe
[2010.05.02 21:36:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.02 20:48:54 | 003,926,150 | R--- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\ComboFix.exe
[2010.05.02 20:02:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.02 19:58:22 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\RSIT.exe
[2010.05.02 19:38:04 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.02 19:37:21 | 006,153,376 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\mbam-setup-1.46.exe
[2010.05.02 11:25:53 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Spybot - Search & Destroy.lnk
[2010.05.02 11:25:18 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\spybotsd162.exe
[2010.05.02 11:20:33 | 000,256,840 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\SoftonicDownloader20443.exe
[2010.04.29 21:59:54 | 000,000,209 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Day of Defeat Source.url
[2010.04.29 17:15:36 | 000,026,919 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Unbenannt.JPG
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.28 22:21:26 | 000,000,934 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.28 22:21:26 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.04.28 22:04:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\HiJackThis.exe
[2010.04.28 19:20:44 | 000,536,110 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\WoWScrnShot_042810_191900.jpg
[2010.04.28 12:00:35 | 000,000,636 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.25 16:54:30 | 000,127,285 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\M_09_t_G_HT_04_GG_A.pdf
[2010.04.23 20:48:09 | 000,000,610 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Xfire.lnk
[2010.04.23 20:47:21 | 006,751,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\xfire_installer_42424.exe
[2010.04.19 22:11:32 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.04.19 22:08:02 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Dokumente und Einstellungen\Dominik!\Desktop\QuickTimeInstaller.exe
[2010.04.19 21:42:10 | 000,069,894 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Unbenannt.bmp
[2010.04.16 22:30:30 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.04.16 12:42:40 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.15 01:30:00 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.13 22:06:34 | 000,049,645 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Gryffindor.jpg
[2010.04.13 17:34:19 | 000,044,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Ordnung der Abiturprüfung.doc
[2010.04.10 18:41:03 | 000,000,638 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\SopCast.lnk
[2010.04.10 18:39:55 | 005,279,114 | ---- | M] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\SopCast329.zip
 
========== Files Created - No Company Name ==========
 
[2015.08.24 14:48:42 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk
[2010.05.05 00:50:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.05.05 00:50:02 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.05.03 21:50:36 | 000,154,469 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\tdsskiller.zip
[2010.05.03 09:34:45 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\dees8bjo.exe
[2010.05.02 20:55:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.05.02 20:55:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.05.02 20:55:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.05.02 20:55:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.05.02 20:55:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.05.02 20:48:39 | 003,926,150 | R--- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\ComboFix.exe
[2010.05.02 19:58:18 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\RSIT.exe
[2010.05.02 19:38:04 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.02 11:25:53 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Spybot - Search & Destroy.lnk
[2010.05.02 11:20:32 | 000,256,840 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\SoftonicDownloader20443.exe
[2010.05.02 10:36:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.29 21:59:54 | 000,000,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Day of Defeat Source.url
[2010.04.29 17:15:36 | 000,026,919 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Unbenannt.JPG
[2010.04.28 19:20:26 | 000,536,110 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\WoWScrnShot_042810_191900.jpg
[2010.04.25 16:54:29 | 000,127,285 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\M_09_t_G_HT_04_GG_A.pdf
[2010.04.23 20:48:09 | 000,000,610 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Xfire.lnk
[2010.04.23 20:46:47 | 006,751,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\xfire_installer_42424.exe
[2010.04.19 22:11:32 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.04.19 21:42:10 | 000,069,894 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Unbenannt.bmp
[2010.04.16 22:30:30 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.04.16 12:41:49 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.15 01:30:00 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.13 22:06:33 | 000,049,645 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Gryffindor.jpg
[2010.04.13 17:34:18 | 000,044,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\Ordnung der Abiturprüfung.doc
[2010.04.10 18:41:03 | 000,000,638 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\SopCast.lnk
[2010.04.10 18:39:09 | 005,279,114 | ---- | C] () -- C:\Dokumente und Einstellungen\Dominik!\Desktop\SopCast329.zip
[2010.01.03 13:07:22 | 000,000,311 | ---- | C] () -- C:\WINDOWS\keytrans.ini
[2010.01.03 13:06:48 | 000,006,870 | ---- | C] () -- C:\WINDOWS\Keytran1.ini
[2009.11.21 23:41:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.11.19 18:00:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.11.16 19:10:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009.09.20 13:45:35 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SBCONFIG.INI
[2009.09.20 13:45:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AN2R_SoloBug.INI
[2009.08.24 14:52:16 | 000,000,243 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2009.08.22 10:27:58 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.08.22 10:27:58 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.07.22 22:29:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2009.07.22 22:29:29 | 000,000,634 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[1996.12.14 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\VADE232.DLL
[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2BE9FEFC
< End of report >

Dingens 05.05.2010 21:49
OTL extra:

Code:
OTL Extras logfile created on: 05.05.2010 10:37:33 - Run 2
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Dokumente und Einstellungen\Dominik!\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,80 Gb Total Space | 5,51 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 3,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DOMINIK
Current User Name: Dominik!
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Unstopcp] -- "C:\Programme\Roadkil.Net\UnstopCpy_4_2_Win2K_UP.exe" "%1" * (Roadkil.Net)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03638ad9-aa05-418f-9de3-579486c1ae29}" = Nero 9 Lite
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F6231BD-F499-4ED7-A9E1-3FFC339BAEEC}" = TEC-IT Barcode Studio 9.4
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E298B0A-558C-4138-0096-740677B382CD}" = LOTR The Return of the King tm
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 4.2
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}" = Borland Delphi 6
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C0959742-5DEB-453B-A55C-528AA0EBA103}" = Zoner Barcode Studio 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFDC4005-E968-498D-93C8-CC148742167D}}_is1" = Wecker für Windows 6.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audio CD Maker_is1" = Audio CD Maker v6.0
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Hamachi" = Hamachi 1.0.3.0
"ie8" = Windows Internet Explorer 8
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Schulschriften" = Schulschriften
"SopCast" = SopCast 3.2.9
"Steam App 300" = Day of Defeat: Source
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Ultimate AI" = Ultimate AI
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2010 12:35:40 | Computer Name = DOMINIK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung hl2.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.03.2010 15:02:11 | Computer Name = DOMINIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
 advapi32.dll, Version 5.1.2600.5755, Fehleradresse 0x0003ff9e.
 
Error - 16.03.2010 17:18:04 | Computer Name = DOMINIK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 6.5.0.2024, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.03.2010 16:06:09 | Computer Name = DOMINIK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung hl2.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.03.2010 01:37:03 | Computer Name = DOMINIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SfCtlCom.exe, Version 16.10.0.2012, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 31.03.2010 08:53:24 | Computer Name = DOMINIK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3727, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.04.2010 09:13:14 | Computer Name = DOMINIK | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung winlogon.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul advapi32.dll, Version 5.1.2600.5755, Fehleradresse 0x0003ff9e.
 
Error - 08.04.2010 03:54:31 | Computer Name = DOMINIK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 6.5.0.2024, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 08.04.2010 04:50:01 | Computer Name = DOMINIK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 6.5.0.2024, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 19.04.2010 17:22:41 | Computer Name = DOMINIK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.18904, Fehleradresse 0x000da1ac.
 
[ System Events ]
Error - 03.05.2010 17:41:27 | Computer Name = DOMINIK | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 03.05.2010 17:42:23 | Computer Name = DOMINIK | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst HDDlife
 HDD Access service.
 
Error - 03.05.2010 17:42:23 | Computer Name = DOMINIK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDDlife HDD Access service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 04.05.2010 02:40:19 | Computer Name = DOMINIK | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst HDDlife
 HDD Access service.
 
Error - 04.05.2010 02:40:19 | Computer Name = DOMINIK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDDlife HDD Access service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 04.05.2010 03:43:58 | Computer Name = DOMINIK | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst HDDlife
 HDD Access service.
 
Error - 04.05.2010 03:43:58 | Computer Name = DOMINIK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDDlife HDD Access service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 04.05.2010 16:24:36 | Computer Name = DOMINIK | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst HDDlife
 HDD Access service.
 
Error - 04.05.2010 16:24:36 | Computer Name = DOMINIK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDDlife HDD Access service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 05.05.2010 03:46:13 | Computer Name = DOMINIK | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{562F507F-B863-4236-9259-9A45922016CE} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
 
< End of report >
GMER:

Code:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-05 22:33:59
Windows 5.1.2600 Service Pack 3
Running: dees8bjo.exe; Driver: C:\DOKUME~1\Dominik!\LOKALE~1\Temp\axldapod.sys


---- System - GMER 1.0.15 ----

INT 0x01        \??\C:\DOKUME~1\Dominik!\LOKALE~1\Temp\mbr.sys                                                                        B84092A4

Code            \??\C:\DOKUME~1\Dominik!\LOKALE~1\Temp\catchme.sys                                                                    pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                              section is writeable [0xB6F90360, 0x3D46A5, 0xE8000020]
init            C:\WINDOWS\system32\drivers\Senfilt.sys                                                                              entry point in "init" section [0xB48CDA00]
.text          C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                section is writeable [0xB3975300, 0x3B6D8, 0xE8000020]
.text          C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                section is writeable [0xB83D8300, 0x1BEE, 0xE8000020]
?              C:\DOKUME~1\Dominik!\LOKALE~1\Temp\catchme.sys                                                                        Das System kann die angegebene Datei nicht finden. !
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                            Das System kann die angegebene Datei nicht finden. !
?              C:\DOKUME~1\Dominik!\LOKALE~1\Temp\mbr.sys                                                                            Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                              tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                            tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                          tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                  C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xF3 0x36 0xF0 0xF9 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                      0xAB 0xE3 0x58 0x6D ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0xF3 0xBB 0xAF 0xBA ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xF3 0x36 0xF0 0xF9 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0xAB 0xE3 0x58 0x6D ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xF3 0xBB 0xAF 0xBA ...

---- EOF - GMER 1.0.15 ----

Dingens 05.05.2010 22:13
Last but not Least, nach einigem Kampf mit meinem Virenscanner, der OSAM nicht OSAM sein lassen wollte:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 23:12:08 on 05.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - ? - C:\WINDOWS\system32\bdeadmin.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
"UfWSC.cpl" - "Trend Micro Inc." - C:\WINDOWS\system32\UfWSC.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\DOKUME~1\Dominik!\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Microsoft UAA Bus Driver for High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"PCI-Bus-Treiber" (PCI) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PnP-ISA/EISA-Bus-Treiber" (isapnp) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\isapnp.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Standard-IDE/ESDI-Festplattencontroller" (atapi) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\atapi.sys
"tmactmon" (tmactmon) - "Trend Micro Inc." - C:\WINDOWS\system32\drivers\tmactmon.sys
"tmcomm" (tmcomm) - "Trend Micro Inc." - C:\WINDOWS\system32\drivers\tmcomm.sys
"tmevtmgr" (tmevtmgr) - "Trend Micro Inc." - C:\WINDOWS\system32\drivers\tmevtmgr.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -  (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -  (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ6" - ? - C:\Programme\ICQ6.5\ICQ.exe  (File not found)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Dominik!\Startmenü\Programme\Autostart\desktop.ini
"Dropbox.lnk" - ? - C:\Dokumente und Einstellungen\Dominik!\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - ? - "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount  (File found, but it contains no detailed information)
"ICQ" - ? - "C:\Programme\ICQ6.5\ICQ.exe" silent  (File not found)
"ICQ " - "ICQ, LLC." - "C:\Programme\ICQ6.5\ICQ .exe" silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - ? - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"  (File not found)
"Adobe Reader Speed Launcher" - ? - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"  (File found, but it contains no detailed information)
"AdobeCS4ServiceManager" - ? - "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin  (File found, but it contains no detailed information)
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask      .exe" -atboottime
"SoundMAXPnP" - ? - C:\Programme\Analog Devices\Core\smax4pnp.exe  (File found, but it contains no detailed information)
"UfSeAgnt.exe" - "Trend Micro Inc." - "C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"HDDlife HDD Access service" (HDDlife HDD Access service) - "BinarySense, Inc." - C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"Trend Micro Central Control Component" (SfCtlCom) - "Trend Micro Inc." - C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe
"Trend Micro Personal Firewall" (TmPfw) - "Trend Micro Inc." - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
"Trend Micro Proxy Service" (tmproxy) - "Trend Micro Inc." - C:\Programme\Trend Micro\Internet Security\TmProxy.exe
"Trend Micro Unauthorized Change Prevention Service" (TMBMServer) - "Trend Micro Inc." - C:\Programme\Trend Micro\BM\TMBMSRV.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit http://forum.online-solutions.ru

Dingens 06.05.2010 09:47
hab nochmal bei Virustotal diese komische .exe gescant, die der ständig starten will, vllt kannst ja damit auch was anfangen:
Code:
Datei 0ed4tg7Y.exe empfangen 2010.05.06 08:44:00 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 6/41 (14.64%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit ist zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus          Version          letzte aktualisierung          Ergebnis
a-squared        4.5.0.50        2010.05.06        -
AhnLab-V3        2010.05.05.00        2010.05.05        -
AntiVir        8.2.1.236        2010.05.06        TR/Dldr.Stration.Gen
Antiy-AVL        2.0.3.7        2010.05.06        -
Authentium        5.2.0.5        2010.05.06        -
Avast        4.8.1351.0        2010.05.05        -
Avast5        5.0.332.0        2010.05.05        -
AVG        9.0.0.787        2010.05.05        -
BitDefender        7.2        2010.05.06        -
CAT-QuickHeal        10.00        2010.05.04        -
ClamAV        0.96.0.3-git        2010.05.06        -
Comodo        4778        2010.05.06        UnclassifiedMalware
DrWeb        5.0.2.03300        2010.05.06        -
eSafe        7.0.17.0        2010.05.05        -
eTrust-Vet        35.2.7470        2010.05.05        -
F-Prot        4.5.1.85        2010.05.06        -
F-Secure        9.0.15370.0        2010.05.06        Suspicious:W32/Malware!Gemini
Fortinet        4.0.14.0        2010.05.05        -
GData        21        2010.05.06        -
Ikarus        T3.1.1.84.0        2010.05.06        -
Jiangmin        13.0.900        2010.05.06        -
Kaspersky        7.0.0.125        2010.05.06        -
McAfee        5.400.0.1158        2010.05.06        -
McAfee-GW-Edition        2010.1        2010.05.06        -
Microsoft        1.5703        2010.05.05        VirTool:Win32/CeeInject.gen!J
NOD32        5089        2010.05.05        -
Norman        6.04.12        2010.05.06        -
nProtect        2010-05-06.01        2010.05.06        -
Panda        10.0.2.7        2010.05.05        -
PCTools        7.0.3.5        2010.05.06        -
Prevx        3.0        2010.05.06        -
Rising        22.46.03.04        2010.05.06        -
Sophos        4.53.0        2010.05.06        Sus/UnkPack-C
Sunbelt        6265        2010.05.06        -
Symantec        20091.2.0.41        2010.05.06        -
TheHacker        6.5.2.0.276        2010.05.06        -
TrendMicro        9.120.0.1004        2010.05.06        -
TrendMicro-HouseCall        9.120.0.1004        2010.05.06        -
VBA32        3.12.12.4        2010.05.06        Trojan.Win32.Buzus
ViRobot        2010.5.4.2303        2010.05.06        -
VirusBuster        5.0.27.0        2010.05.05        -
weitere Informationen
File size: 68618 bytes
MD5...: de392bd16c97bf83aaccc31e47b90967
SHA1..: e8207610f64170afcd26842820a8544d780d0277
SHA256: 15dcbce1601e1c3a73d26f8bb87126594f33639db3d8e9188cba01ca819fa268
ssdeep: 1536:raw/t61pKKNFCJMs/T/GAOfTi98UOlD5x+bMMW9c0f:raBLFCJp/qHfTK8d
D5x+bMMW9cM
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x31c0
timedatestamp.....: 0x4be17fd4 (Wed May 05 14:25:24 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x21e0 0x2200 5.90 a579a4215a93f7fa6737427ddb3efa7e
.rdata 0x4000 0x1d2 0x200 4.22 26c0dce874c14da7e290f7d50001a2b3
.data 0x5000 0xe1ac 0xe200 7.94 6e19170edee92bcc68f880e3b6d5a718
.rsrc 0x14000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

( 2 imports )
> KERNEL32.dll: HeapAlloc, GetProcessHeap, ExitProcess, GetProcAddress, GetModuleHandleA
> USER32.dll: SetScrollInfo, CloseClipboard, GetDC, EnableMenuItem, ScrollWindow, SetClipboardData, OpenClipboard, EmptyClipboard, GetScrollInfo, UpdateWindow

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99

cosinus 06.05.2010 18:07
Die Logs sind völlig unauffällig für meine Begriffe :o
Aber die Datei 0ed4tg7Y.exe will trotzdem noch ständig starten? Wo genau liegt die in welchem Pfad?


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:39 Uhr.
Seite 4 von 5 « Erste 23 4 5
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55