Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   iexplore.exe Meldungen (https://www.trojaner-board.de/87023-iexplore-exe-meldungen.html)

crusader82 11.06.2010 14:16
iexplore.exe Meldungen
 
Hallo,

habe ein ähnliches Problem wie rawn.
Hatt ekürzlich einen trojaner und ich dachte ich hätte mittels Spy Doctor alle problematische dateien gelöscht, aber die iexplore.exe hat das Programm leider nicht gefunden.

Hier mal die HiJack-Daten:



HiJackthis Logfile:
Code: Alles auswählenLarusso Modus

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:49, on 11.06.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
D:\Programme\Spyware Doctor\pctsAuxs.exe
D:\Programme\Spyware Doctor\pctsSvc.exe
D:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Java\jre6\bin\jucheck.exe
D:\Programme\Spyware Doctor\pctsGui.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\CloneDVD\CloneDVD2\CloneDVD2.exe
C:\Programme\dvd43\DVD43_Tray.exe
D:\Programme\VLC-Player\vlc.exe
C:\WINDOWS\system32\dwwin.exe
D:\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - D:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing)
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - D:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "D:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ccleaner] "D:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127591421669
O17 - HKLM\System\CCS\Services\Tcpip\..\{3344C36B-47ED-4B05-9695-841889F84296}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3344C36B-47ED-4B05-9695-841889F84296}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3344C36B-47ED-4B05-9695-841889F84296}: NameServer = 192.168.1.1
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programme\Spyware Doctor\pctsSvc.exe

--
End of file - 7876 bytes
--- --- ---

--- --- ---




Die Meldung heißt: iexplore.exe - Abbild fehlerhaft:
Die Anmeldung oder DLL globalroot/systemroot/PRAGMA...dll ist keinme gültige Windows-Datei. Überprüfen Sie dies mit der Installationsdiskette.
Wenn ich sie wegklicke, kommt sie immer wieder.

Nach einiger Zeit kommt dann folgende Meldung:
... hat ein Problem festgestellt und muss beendet werden. ... senden oder nicht senden.

Dazu kommt, dass ich den IE nie benutze und Firefox dauert etwa 10 Min. bis er erscheint.

Ich konnte leider bei HiJack keine auffällige Datei finden, aber vlt. wisst Ihr Rat?

markusg 11.06.2010 14:18
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "run Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide, falls zu groß, aufteilen.

crusader82 11.06.2010 14:58
So,

hab den Scan durchlaufen lassen.
Hier die 2 Dateien.

1. OTL:

OTL Logfile:
Code:
OTL logfile created on: 11.06.2010 15:24:15 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
255,00 Mb Total Physical Memory | 42,00 Mb Available Physical Memory | 16,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): D:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 7,87 Gb Total Space | 2,46 Gb Free Space | 31,23% Space Free | Partition Type: NTFS
Drive D: | 115,01 Gb Total Space | 35,28 Gb Free Space | 30,68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,77 Gb Total Space | 0,31 Gb Free Space | 8,26% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COMMANDER
Current User Name: Crusader
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Downloads\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Spyware Doctor\pctsGui.exe (PC Tools)
PRC - D:\Programme\VLC-Player\vlc.exe ()
PRC - D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - D:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - D:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - D:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - D:\Programme\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - D:\Programme\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)
MOD - C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUDL32A.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (Browser Defender Update Service) -- D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- D:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- D:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (cmudau) -- C:\WINDOWS\system32\drivers\cmudau.sys (C-Media Inc)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1606980848-725345543-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKU\S-1-5-21-1606980848-725345543-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&_trksid=m37
IE - HKU\S-1-5-21-1606980848-725345543-682003330-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll (IE Toolbar)
IE - HKU\S-1-5-21-1606980848-725345543-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=77&ru=http%3A%2F%2Fmy.ebay.de%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26guest%3D1&pageType=3984|hxxp://www.vfb.de/de/|hxxp://www.heise.de/|hxxp://www.gmx.net/?status=login"
FF - prefs.js..extensions.enabledItems: {EC1B67CA-A2CD-4931-915A-63D5341D1285}:1.0.0.5
FF - prefs.js..extensions.enabledItems: {411F2F11-830F-4AB5-B7F0-FBC77B870B5A}:1.0.6.0
FF - prefs.js..extensions.enabledItems: {3F4D6A2C-841D-403C-8CD8-48E54192DDEB}:1.0.5.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}:1.0.5.0
FF - prefs.js..extensions.enabledItems: {7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}:1.0.0.6
FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.7
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.06 19:09:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.05 19:36:09 | 000,000,000 | ---D | M]
 
[2008.08.31 21:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Extensions
[2010.05.31 14:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions
[2010.02.08 19:06:06 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
[2010.05.02 15:33:08 | 000,000,000 | ---D | M] (Buyertools) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2010.02.08 19:06:07 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}
[2010.03.13 13:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2010.02.08 19:06:07 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}
[2010.05.02 15:33:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.06.01 13:31:52 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
[2010.04.18 10:54:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\isreaditlater@ideashower.com
[2010.05.10 18:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\LDSI_plashcor@gmail.com
[2010.05.31 14:46:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.01.17 15:43:49 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
[2006.01.17 15:43:49 | 000,000,000 | ---D | M] (Buyertools) -- C:\Programme\Mozilla Firefox\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2006.01.17 15:43:49 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}
[2006.01.17 15:43:49 | 000,000,000 | ---D | M] (eBay Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}
[2006.01.17 15:43:49 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
[2008.03.24 20:21:00 | 002,889,088 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPSWF32.dll
[2010.03.14 17:03:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 17:03:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 17:03:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 17:03:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 17:03:36 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.13 00:22:12 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll (IE Toolbar)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (metaspinner GmbH) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - D:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL File not found
O2 - BHO: (metaspinner GmbH) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - D:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll (IE Toolbar)
O3 - HKU\S-1-5-21-1606980848-725345543-682003330-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1606980848-725345543-682003330-1003\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuAD\toolbaru.dll (IE Toolbar)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CmUsbSound]  File not found
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ISTray] D:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Jet Detection] C:\Programme\Creative\SBLive\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1606980848-725345543-682003330-1003..\Run: [ccleaner] D:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8 - Extra context menu item: &ICQ Toolbar Search - D:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127591421669 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\SysInternals\procexp.exe (Sysinternals)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.25 03:11:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005.09.25 03:10:22 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: SSHNAS -  File not found
 
MsConfig - Services: "ose"
MsConfig - Services: "Browser Defender Update Service"
MsConfig - StartUpReg: avast5 - hkey= - key= - C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Programme\Avira\AntiVir Desktop\avgnt.exe File not found
MsConfig - StartUpReg: Data Protection - hkey= - key= - C:\Programme\Data Protection\datprot.exe File not found
MsConfig - StartUpReg: dvd43 - hkey= - key= - C:\Programme\dvd43\DVD43_Tray.exe ()
MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
MsConfig - StartUpReg: ICQ Lite - hkey= - key= - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
MsConfig - StartUpReg: ISTray - hkey= - key= - D:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Programme\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: M5T8QL3YW3 - hkey= - key= - C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Temp\Eh1.exe ()
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\K-Lite Codec Pack\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Ligos Corporation)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Error starting restore point: 31
Error closing restore point: The sequence number is invalid.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.11 14:22:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\vlc
[2010.06.11 11:41:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Crusader\Recent
[2010.05.22 22:08:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2010.05.22 22:06:44 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.05.22 22:06:42 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.05.22 22:06:42 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.05.22 22:06:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.05.22 22:00:45 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.05.22 22:00:10 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.05.22 22:00:10 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.05.22 21:59:28 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.05.22 21:58:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2010.05.22 21:58:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\PC Tools
[2010.05.22 21:51:18 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Wichtige Dokumente
[2010.05.22 21:42:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Desktop\Marktforschung
[2010.05.22 19:14:02 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Betrug
[2010.05.16 16:28:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2010.05.16 16:27:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.05.16 16:19:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\GetRightToGo
[2010.05.15 20:00:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.15 16:43:50 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.05.15 16:43:49 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.05.15 16:43:47 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.05.15 16:43:44 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.05.15 16:43:34 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.05.15 16:43:34 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.05.15 16:43:28 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.05.15 16:39:11 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.05.15 16:39:11 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.05.15 16:37:22 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.05.15 16:37:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2010.05.15 15:03:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.05.15 12:56:06 | 000,000,000 | ---D | C] -- C:\Programme\Data Protection
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.11 14:51:04 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.11 14:26:42 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.11 14:26:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.11 14:26:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.06.11 13:59:04 | 000,000,455 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.06.11 13:47:01 | 000,000,085 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.06.11 11:42:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.11 11:41:34 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.11 11:41:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.11 11:41:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.11 11:41:21 | 000,359,094 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2010.05.25 11:57:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.22 22:14:50 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000002-80661102}.rfx
[2010.05.22 22:14:50 | 000,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000002-80661102}.rfx
[2010.05.22 22:14:50 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000002-80661102}.rfx
[2010.05.22 22:14:50 | 000,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000D-00001102-00000002-80661102}.rfx
[2010.05.22 22:14:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.05.22 22:14:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.05.22 22:14:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80661102}.dat
[2010.05.22 22:14:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80661102}.dat
[2010.05.22 22:14:19 | 003,670,016 | -H-- | M] () -- C:\Dokumente und Einstellungen\Crusader\NTUSER.DAT
[2010.05.22 22:14:19 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Crusader\ntuser.ini
[2010.05.22 21:59:41 | 000,000,601 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2010.05.20 17:00:22 | 001,386,410 | -H-- | M] () -- C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.05.15 16:43:39 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.11 13:59:04 | 000,000,455 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.05.22 22:06:56 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.05.22 22:06:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.05.22 22:06:44 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.05.22 22:06:43 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.05.22 22:06:43 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.05.22 22:00:45 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.05.22 22:00:10 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.05.22 22:00:10 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.05.22 21:59:41 | 000,000,601 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2010.05.22 21:59:28 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.05.16 14:00:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.15 12:55:18 | 000,000,294 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2009.01.18 22:07:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2007.07.02 18:02:33 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2006.10.22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.08.16 23:17:51 | 000,000,569 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2006.01.19 15:58:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.10.11 13:27:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2005.10.02 15:08:33 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2005.10.02 15:08:01 | 000,002,307 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
[2005.09.26 18:17:31 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005.09.25 16:42:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005.09.24 23:22:21 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.09.24 23:22:16 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005.09.24 23:22:16 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.09.24 23:22:15 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.09.24 23:22:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005.09.24 23:22:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.09.24 23:03:15 | 000,000,512 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.09.24 22:47:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2005.09.24 22:44:15 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005.09.24 22:42:18 | 000,035,766 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2005.09.24 22:42:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005.09.24 22:42:02 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2005.09.24 22:42:02 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005.09.24 22:41:35 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004.08.04 00:57:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.02.20 15:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
 
========== LOP Check ==========
 
[2010.05.15 16:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2010.06.11 15:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006.08.28 17:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\digital publishing
[2006.04.04 22:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Elaborate Bytes
[2010.05.16 16:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\GetRightToGo
[2008.11.12 21:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\ICQ Toolbar
[2006.04.13 20:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\ICQLite
[2006.07.30 16:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Leadertech
[2006.02.11 22:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mp3tag
[2005.09.28 20:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Opera
[2010.04.21 19:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\SlySoft
[2006.08.21 16:34:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Vorlagen Explorer
[2010.06.11 14:51:04 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.02.03 18:47:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Adobe
[2007.01.28 19:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\AdobeUM
[2006.01.19 15:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Ahead
[2005.12.24 16:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Apple Computer
[2005.09.24 22:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Creative
[2006.08.28 17:51:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\digital publishing
[2006.04.04 22:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Elaborate Bytes
[2010.05.16 16:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\GetRightToGo
[2007.10.25 17:20:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Help
[2008.11.12 21:06:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\ICQ Toolbar
[2006.04.13 20:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\ICQLite
[2005.09.25 03:34:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Identities
[2006.07.30 16:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Leadertech
[2005.12.13 17:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Macromedia
[2005.10.02 21:09:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Media Player Classic
[2009.03.31 20:17:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Microsoft
[2008.08.31 21:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla
[2006.02.11 22:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mp3tag
[2005.09.28 20:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Opera
[2010.05.22 21:58:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\PC Tools
[2005.10.18 20:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Real
[2010.04.21 19:38:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\SlySoft
[2005.09.27 17:21:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Sun
[2010.06.11 14:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\vlc
[2006.08.21 16:34:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Vorlagen Explorer
 
< %APPDATA%\*.exe /s >
[2007.01.28 19:14:52 | 023,813,608 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe
[2008.04.15 14:49:02 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}\chrome\buyertools.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2005.04.26 11:22:00 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.09.25 04:28:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.09.25 04:28:13 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.09.25 04:28:13 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.04 00:57:30 | 001,392,671 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:A89517A411705AD7
@Alternate Data Stream - 187 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >
--- --- ---


2. Extras;

OTL Logfile:
Code:
OTL Extras logfile created on: 11.06.2010 15:24:15 - Run 1
OTL by OldTimer - Version 3.2.6.0    Folder = D:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
255,00 Mb Total Physical Memory | 42,00 Mb Available Physical Memory | 16,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): D:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 7,87 Gb Total Space | 2,46 Gb Free Space | 31,23% Space Free | Partition Type: NTFS
Drive D: | 115,01 Gb Total Space | 35,28 Gb Free Space | 30,68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,77 Gb Total Space | 0,31 Gb Free Space | 8,26% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COMMANDER
Current User Name: Crusader
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found
 
[HKEY_USERS\S-1-5-21-1606980848-725345543-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Star Wars Battlefront\GameData\Battlefront.exe" = D:\Star Wars Battlefront\GameData\Battlefront.exe:*:Enabled:Battlefront -- ()
"D:\Programme\GameSpy Arcade\Aphex.exe" = D:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"D:\TrackMania Nations ESWC\TmNationsESWC.exe" = D:\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- File not found
"D:\Programme\ICQLite\ICQLite.exe" = D:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)

 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6D579CC9-BC37-11D7-ABE1-0080C8274868}" = Samsung Digimax 300
"{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Breed" = Breed
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Browser Mouse Browser Mouse" = Browser Mouse Browser Mouse 1.1
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"CCleaner" = CCleaner
"C-Media USB Sound" = Pionstep USB Headset
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"CSCLIB" = Canon Camera Support Core Library
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.6.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"FileZilla" = FileZilla (remove only)
"FreePDF_XP" = FreePDF XP (Remove only)
"GameSpy Arcade" = GameSpy Arcade
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"HijackThis" = HijackThis 2.0.2
"ICQLite" = ICQ 5.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.38
"Mortal Kombat Trilogy" = Mortal Kombat Trilogy
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.36a
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NeroVision!UninstallKey" = Nero Digital
"NVIDIA Drivers" = NVIDIA Drivers
"Nvidia Omega Drivers for Windows 2k-XPv1.6693" = Nvidia Omega Drivers Setup Files
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Securit-It1.24" = Securit-It
"ShockwaveFlash" = Macromedia Flash Player 8
"Spyware Doctor" = Spyware Doctor 7.0
"ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ  Toolbar
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.05.2010 08:51:45 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ebfe406.
 
Error - 31.05.2010 08:51:45 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ebfe406.
 
Error - 31.05.2010 08:57:14 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ebfe406.
 
Error - 31.05.2010 08:57:15 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ebfe406.
 
Error - 31.05.2010 09:14:43 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 11.06.2010 07:13:25 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
 
Error - 11.06.2010 08:03:51 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
 
Error - 11.06.2010 08:32:39 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
 
Error - 11.06.2010 08:51:12 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
 
Error - 11.06.2010 09:18:14 | Computer Name = COMMANDER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea7e406.
 
[ System Events ]
Error - 31.05.2010 08:23:57 | Computer Name = COMMANDER | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 31.05.2010 08:28:52 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  TfFsMon  TfSysMon
 
Error - 31.05.2010 08:31:08 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1460
 
Error - 31.05.2010 08:31:35 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst NVSvc.
 
Error - 31.05.2010 08:32:06 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst sdCoreService.
 
Error - 31.05.2010 08:35:12 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
 
Error - 31.05.2010 08:35:28 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 31.05.2010 08:41:04 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 11.06.2010 05:41:42 | Computer Name = COMMANDER | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 11.06.2010 05:45:04 | Computer Name = COMMANDER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  TfFsMon  TfSysMon
 
 
< End of report >
--- --- ---

markusg 11.06.2010 15:15
Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKLM..\Run: [CmUsbSound] File not found
MsConfig - StartUpReg: M5T8QL3YW3 - hkey= - key= - C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Temp\Eh1.exe ()
[2010.06.11 14:51:04 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:A89517A411705AD7
@Alternate Data Stream - 187 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
:Files
C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Temp\Eh1.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[start explorer]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

crusader82 11.06.2010 15:48
So, hier ist der Bericht nach Neustart.

Die iexplore.exe Meldungen mit der Installationsdiskette sind derzeit weg. Dafür werde ich aber mit iexplore.exe hat ein Problem festgestellt... Meldungen bombardiert.


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CmUsbSound deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\M5T8QL3YW3\ deleted successfully.
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
ADS C:\WINDOWS:A89517A411705AD7 deleted successfully.
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2 .
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Crusader\Lokale Einstellungen\Temp\Eh1.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Crusader
->Flash cache emptied: 5171 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Crusader
->Temp folder emptied: 1237310 bytes
->Temporary Internet Files folder emptied: 34449 bytes
->Java cache emptied: 10680297 bytes
->FireFox cache emptied: 76834815 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33597 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10028730 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114764 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 7955814 bytes

Total Files Cleaned = 104,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06112010_163338

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg 11.06.2010 16:13
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

crusader82 11.06.2010 16:19
Hab ein kleines Problem.

Combofix sagt mir das AntiVir classic läuft (4 Stück), dabei habe ich es schon einige Zeit gar nicht mehr installiert.

Ich soll es erst deaktivieren, bloß ich habe es ja gar nicht mehr. Soll ich trotzdem OK drücken?

markusg 11.06.2010 16:22
ja, klicke ok.

crusader82 11.06.2010 17:28
Hier ist das Textdokument.

Scheint alles wieder zu funktionieren.


Combofix Logfile:
Code:
ComboFix 10-06-10.06 - Crusader 11.06.2010  17:50:45.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.255.66 [GMT 2:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleansweep.exe
c:\cleansweep.exe\cleansweep.exe
c:\cleansweep.exe\config.bin
c:\dokumente und einstellungen\All Users\Anwendungsdaten\pragmamfeklnmal.dll
c:\programme\Data Protection
c:\programme\Data Protection\about.ico
c:\programme\Data Protection\activate.ico
c:\programme\Data Protection\buy.ico
c:\programme\Data Protection\dat.db
c:\programme\Data Protection\datext.dll
c:\programme\Data Protection\dathook.dll
c:\programme\Data Protection\help.ico
c:\programme\Data Protection\scan.ico
c:\programme\Data Protection\settings.ico
c:\programme\Data Protection\splash.mp3
c:\programme\Data Protection\update.ico
c:\programme\Data Protection\virus.mp3
c:\windows\icon.ico
c:\windows\PRAGMAnxrpfpfuln
c:\windows\PRAGMAnxrpfpfuln\pragmabbr.dll
c:\windows\PRAGMAnxrpfpfuln\PRAGMAc.dll
c:\windows\PRAGMAnxrpfpfuln\PRAGMAcfg.ini
c:\windows\PRAGMAnxrpfpfuln\PRAGMAd.sys
c:\windows\PRAGMAnxrpfpfuln\pragmaserf.dll
c:\windows\PRAGMAnxrpfpfuln\PRAGMAsrcr.dat

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PRAGMAnxrpfpfuln
-------\Legacy_PRAGMAnxrpfpfuln
-------\Legacy_SSHNAS


(((((((((((((((((((((((  Dateien erstellt von 2010-05-11 bis 2010-06-11  ))))))))))))))))))))))))))))))
.

2010-06-11 14:53 . 2010-06-11 14:53        503808        ----a-w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-66645970-n\msvcp71.dll
2010-06-11 14:53 . 2010-06-11 14:53        61440        ----a-w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-236cbd7c-n\decora-sse.dll
2010-06-11 14:53 . 2010-06-11 14:53        499712        ----a-w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-66645970-n\jmc.dll
2010-06-11 14:53 . 2010-06-11 14:53        12800        ----a-w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-236cbd7c-n\decora-d3d.dll
2010-06-11 14:53 . 2010-06-11 14:53        348160        ----a-w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-66645970-n\msvcr71.dll
2010-06-11 14:51 . 2010-04-12 15:29        411368        ----a-w-        c:\windows\system32\deployJava1.dll
2010-06-11 14:43 . 2010-06-11 14:43        79488        ----a-w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Sun\Java\jre1.6.0_20\gtapi.dll
2010-06-11 12:22 . 2010-06-11 14:31        --------        d-----w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\vlc
2010-05-22 20:08 . 2010-05-22 20:08        --------        d-----w-        c:\dokumente und einstellungen\Crusader\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-05-22 20:06 . 2010-01-21 23:21        767952        ----a-w-        c:\windows\BDTSupport.dll
2010-05-22 20:06 . 2010-01-21 23:21        149456        ----a-w-        c:\windows\SGDetectionTool.dll
2010-05-22 20:06 . 2009-10-27 23:36        1152444        ----a-w-        c:\windows\UDB.zip
2010-05-22 20:06 . 2008-11-26 10:08        131        ----a-w-        c:\windows\IDB.zip
2010-05-22 20:06 . 2010-01-21 23:21        1652688        ----a-w-        c:\windows\PCTBDCore.dll
2010-05-22 20:06 . 2010-01-21 23:21        165840        ----a-w-        c:\windows\PCTBDRes.dll
2010-05-22 20:00 . 2010-02-05 07:17        233136        ----a-w-        c:\windows\system32\drivers\pctgntdi.sys
2010-05-22 20:00 . 2009-10-06 14:31        87784        ----a-w-        c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-22 20:00 . 2009-09-23 14:10        207280        ----a-w-        c:\windows\system32\drivers\PCTCore.sys
2010-05-22 19:59 . 2010-02-05 07:25        70408        ----a-w-        c:\windows\system32\drivers\pctplsg.sys
2010-05-22 19:58 . 2010-05-22 20:07        --------        d-----w-        c:\programme\Gemeinsame Dateien\PC Tools
2010-05-22 19:58 . 2010-05-22 19:58        --------        d-----w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\PC Tools
2010-05-16 14:28 . 2010-05-22 19:58        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-05-16 14:27 . 2010-06-11 15:34        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-05-16 14:19 . 2010-05-16 14:25        --------        d-----w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\GetRightToGo
2010-05-16 12:00 . 2010-05-25 09:57        664        ----a-w-        c:\windows\system32\d3d9caps.dat
2010-05-15 18:00 . 2010-05-16 12:50        --------        d-----w-        c:\windows\system32\NtmsData
2010-05-15 14:43 . 2010-05-06 20:33        19024        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2010-05-15 14:43 . 2010-05-06 20:39        164048        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2010-05-15 14:43 . 2010-05-06 20:34        23376        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2010-05-15 14:43 . 2010-05-06 20:39        46672        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2010-05-15 14:43 . 2010-05-06 20:33        100432        ----a-w-        c:\windows\system32\drivers\aswmon2.sys
2010-05-15 14:43 . 2010-05-06 20:33        94800        ----a-w-        c:\windows\system32\drivers\aswmon.sys
2010-05-15 14:43 . 2010-05-06 20:33        28880        ----a-w-        c:\windows\system32\drivers\aavmker4.sys
2010-05-15 14:39 . 2010-05-06 20:59        38848        ----a-w-        c:\windows\system32\avastSS.scr
2010-05-15 14:39 . 2010-05-06 20:59        165032        ----a-w-        c:\windows\system32\aswBoot.exe
2010-05-15 14:37 . 2010-05-15 14:37        --------        d-----w-        c:\programme\Alwil Software
2010-05-15 14:37 . 2010-05-15 14:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Alwil Software
2010-05-15 13:03 . 2010-05-15 13:03        --------        d--h--w-        c:\windows\PIF

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 16:06 . 2005-09-24 23:19        288        ----a-w-        c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80661102}.dat
2010-06-11 16:06 . 2005-09-24 23:19        288        ----a-w-        c:\windows\system32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80661102}.dat
2010-06-11 14:50 . 2005-09-24 21:32        --------        d-----w-        c:\programme\Java
2010-05-10 16:10 . 2007-06-21 19:53        --------        d-----w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\uTorrent
2010-04-21 17:38 . 2006-02-12 16:45        --------        d-----w-        c:\dokumente und einstellungen\Crusader\Anwendungsdaten\SlySoft
2010-04-21 16:51 . 2010-04-21 16:51        18816        ----a-w-        c:\windows\system32\drivers\dvd43llh.sys
2010-04-21 16:51 . 2010-04-21 16:51        --------        d-----w-        c:\programme\dvd43
2010-03-28 12:18 . 2001-08-23 12:00        48156        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-28 12:18 . 2001-08-23 12:00        316594        ----a-w-        c:\windows\system32\perfh007.dat
2010-03-19 13:31 . 2010-03-19 13:31        89256        ----a-w-        c:\windows\system32\ElbyCDIO.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="d:\programme\CCleaner\CCleaner.exe" [2010-04-23 1668920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="c:\programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 356352]
"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]
"Jet Detection"="c:\programme\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-05-06 20:59        2815192        ----a-w-        c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47        57344        ----a-w-        c:\programme\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-23 17:34        827904        ----a-w-        c:\programme\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10        409600        ----a-w-        c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 09:15        3144800        ----a-w-        d:\programme\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 12:14        1286608        ----a-w-        d:\programme\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50        155648        ----a-w-        c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 17:58        282624        ----a-w-        c:\programme\K-Lite Codec Pack\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"Browser Defender Update Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\eMule\\eMule.exe"=
"d:\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
"d:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"d:\\Programme\\ICQLite\\ICQLite.exe"=
"d:\\Programme\\Azureus\\Azureus.exe"=
"d:\\Programme\\uTorrent\\utorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22.05.2010 22:00 207280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.05.2010 16:43 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.05.2010 16:43 19024]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;d:\programme\Spyware Doctor\pctsAuxs.exe [22.05.2010 21:59 365280]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 Browser Defender Update Service;Browser Defender Update Service;d:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [22.05.2010 22:06 112592]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&_trksid=m37
IE: &ICQ Toolbar Search - d:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
TCP: {3344C36B-47ED-4B05-9695-841889F84296} = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Crusader\Anwendungsdaten\Mozilla\Firefox\Profiles\23knht2q.default\
FF - prefs.js: browser.startup.homepage - hxxps://signin.ebay.de/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=77&ru=http%3A%2F%2Fmy.ebay.de%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26guest%3D1&pageType=3984|hxxp://www.vfb.de/de/|hxxp://www.heise.de/|hxxp://www.gmx.net/?status=login
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programme\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programme\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programme\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: d:\programme\VLC-Player\npvlc.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
MSConfigStartUp-avgnt - c:\programme\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-Data Protection - c:\programme\Data Protection\datprot.exe
MSConfigStartUp-iTunesHelper - d:\programme\iTunes\iTunesHelper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-11 18:10
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1606980848-725345543-682003330-1003\Software\Zepter Software\RegLib*d0e63bf2\CloneDVD2/2]
"1"=dword:4469f022
"2"=dword:46406804

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="48A1687E13D0E05C080725DAA670FEF237360EAB45BFDE5EF8948BE7795A9434002345162FFC5BEB6A7342F3B80698536A2ED1351C862C8CBB2B484A365E9AA4EF948E3DA96A00358123F9981EC34F1443DC7DE7D50F71999472A2BD07DA9CF06824D8CD110B17FAA2B38F1BFC5C2D423DF0A2AFCB6E91F9C0CC99E698E5FB150E02B14809161EE4F7C8BA750CC669CD261E459DEBFB2488551E9D8FAF574AF45AE416CE4985C67E7D8729C117BFF40B211DE0E6B5547580B9CE15279FCD52561A85F9A89B9677B6079C79BF7FC3F033A4A75FE341D70406294B5B3EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933A6171C11EC38DE3D5410EFBA74A44529E220A80802844ED162E4751A10845C45425B8EAEADA5EC9C048D1A10CF06A8BF52E03ADB8640DF6B6071F7500AC957D19888F3B50EF065421D8FEB4771DADC62992812BE2E23CC7AE2472A63277B86CFEA61842BC165040D78AC43EDC8F50943C3EFE8AAAB3227E84B5B4154816E8B000EFE143CE3C9153B83402DFA98AF43B5F2F22AFB07F6764490EE258A847D78CBEEBF2876E76858A9BC6A6BC4F7639A345DB2F4F49DFB33BFBC00F3CF7185D23B8B47774F1490825DBA8CF589507090D9C9F21EBA9DD34D2F6D55FC54DD689780F87AF21C00143B00A3CF77E8613B9769193BABD78912A38DD577C5A7B18CB56CDC03B99A9BCB1EDAB41D4CE53EA99B473958DA37BCCF0FF9BBB484C129D80EF4F2CFA368A78E3CDF3E25896BCDA977FBB1D998AB5FA859B4F99C287DD6BEF9B78B93380ABA3E1921A4DAF3C44AA87E339A948A6B733F3E237D8551189D2DC3F1884335E5BDBCAB585FF487A1C21C73402220080ECC37F151CA87D135B79BAA8662198DC76E6F6260FB6E719719FA109608D81B1312B81A6B7601B459310261FCA21564DEDEC21BB99907941E05C081CFA35F05D9BF71D043AA91B6F0E95F8E00E976953FF425AA86EC42879211ED69295C17B9292511A3502720464918B4CD5E6B462E60EA0858113D6695349C055C02B0A7DD2AE5CB942BBC55899545872E8BEECCEE9C4EE1E14469FE3C28D98E63DF307FCFE9FBDC9A92D19D586B4C62B21DCE18CDB37FAEF5AFDEDA2EF54E957A6B03CB9D592F7E9DE761A940C5DDD151CE797B73C9B56DB908A38DD20CD62A947360048BCEA271FEB179F0800301E77780F40D3F657A1FC325CFEE44B8A1DE1666965D118349FA8D98BCA90EE40D3A02B2D5A541F2AB4B21028F98CFB1314D565B06D45915E9E411EAE05411122EE2450FC8E4BE407B7CD0BE23EA7A0EDC10A48823AB4305A0F9C29AB02F6795E5FE86DD0D2C3382EEC1C7205D08784CCDC6C1CDF965E3B75E0CD03F894020DC"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3464)
c:\programme\Browser Mouse\Browser Mouse\1.1\MOUDL32A.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-11  18:22:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-11 16:22

Vor Suchlauf: 2.563.952.640 Bytes frei
Nach Suchlauf: 2.491.334.656 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BD62CEDCAD8064FB625DE9F33A9AB4F3
--- --- ---

markusg 11.06.2010 17:42
hi, da avast einiges nicht erkannt hat.
öffne arbeitsplatz, c:
dort ist ein ordner qoobox, wähle zu qoobox.zip oder rar hinzufügen.
lad diese zu uns hoch:
http://www.trojaner-board.de/54791-a...ner-board.html
wie unter punkt2 beschrieben, außer das archiv sollte zu groß sein :-)
gib bescheid wenn fertig

crusader82 11.06.2010 17:59
So, hab es mal hochgeladen, zu groß ist er zum Glück nicht.

markusg 11.06.2010 18:03
bist du dir sicher das es erfolgreich war?

markusg 11.06.2010 19:26
malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
registerkarte scanner, komplett scan, funde löschen, log posten.

crusader82 11.06.2010 20:36
full scan scheint ewig zu dauern, reicht nicht quick scan aus?

Muss dann morgen oder nächste Woche weitermachen

markusg 11.06.2010 20:46
nein, full scan.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131