Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is sending SPAM [Solved]

Started by Expat54 , Jul 01 2009 01:14 AM

  • This topic is locked This topic is locked

#1
Expat54
Posted 01 July 2009 - 01:14 AM

Expat54

    Member

  • Member
  • PipPip
  • 27 posts
SPAMMING from my computer

Greetings from Germany.

About two weeks ago (June 10) I noticed my computer was acting strange and sending spam. This appeared as multiple yellow Symantec fields that would suddenly appear out of nowhere. I occasionally suddenly get a dozen yellow pop-ups with the title "Symantec Email Proxy" that contain messages something like:

Your email message to removed email address
with the subject ofBlue pill !!! was unable to be sent because the connection to your mailserver was interrupted. Please open your email client and re-send the message from the Sent Messages folder.

No record of these emails is present in Outlook Express. After such an occurence my ISP will allow incoming mail but refuses to send any for some time. I'm concerned my PC is being used to send spam now. My W-Lan has a blinking green LAN light almost all the time even when the PC is otherwize inactive.

I found your site and ran Maleware bytes which caught several trojans and seemed to successsfully remove them. At that time I also decided to delete my antiquated Symantec Norton Security program. After this no more yellow windows appeared to indicated outgoing spam mail. Soon thereafter my ISP informed me that my computer was the source of spam but it appeared to be before my actions to clean it up. They suggested several Security checks and an online version of Norton antivirus scan all of which came up clean. Avira antivirus also indicated no infections.

But today (June 30) my ISP contacted me again with news that my computer was spamming again and threaten to discontinue service. This time I had no indication that it was happening.. Please HELP !!!.

Because of this progression I will include mulitple versions of some of the logs to indicate the infections that were present but are no longer detected.

The Antivir log from two weeks ago shows two threats, TR/BurnInHell.I and TR/Pakes.nma. Since that time TR/Pakes.nma has been detected again. But the check I did a few minutes ago came up clean.

I use both Google Chrome and Internet Explorer. The IE version is old SP2 but I can`t seem to get updates to work. Maybe you could help with this since it may leave my system vulnerable. I COULD NOT update Windows. Automatic updates of Windows and IE do not function.

It seems to find updates but fails on install. Error code 0x8024D007
I have tried several suggested fixes with no luck. Maybe this leaves my system vulnerable?
The following is a partial windows update log. I can send you a larger section if that would help.

09-06-30 21:29:19:390 3680 56c Setup * WARNING: Exit code = 0x8024D007
2009-06-30 21:29:19:390 3680 56c Setup *********
2009-06-30 21:29:19:390 3680 56c Setup ** END ** Setup: Installing client binaries
2009-06-30 21:29:19:390 3680 56c Setup *************
2009-06-30 21:29:19:390 3680 56c Setup FATAL: InstallUpdatedBinaries failed with error 0x8024d007
2009-06-30 21:29:19:390 3680 56c WUWeb FATAL: InstallUpdatedBinaries failed with error:0x8024d007
2009-06-30 21:29:19:390 3680 56c WUWeb FATAL: UpdateClientWorker failed: error 0x8024d007



I deleted all temp files with TFC.
I created a System Restore point.
I created a registery backup using ERUNT.

TWO Antivir reports are copied below.
I ran Malwarebytes which found and fixed several problems. The log is copied below.
A rerun of Malewarebytes today comes up clean. .

I ran Rootkit detection. Reports for both June 10 and June 30 are included below.


I ran OTL. The otl. txt and extras logs from two weeks ago are included below.
I ran OTL again July 1 but only generated one report included below.

I tried to perform Microsoft updates but they fail for some unknown reason.



The first Antivir report (BEFORE running Malwarebytes.) It`s the German version.
(I`m in Germany but prefer to use English for troubleshooting such things.)



ANTIVIRUS REPORT JUNE 9

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 9. Juni 2009 16:22

Es wird nach 1460812 Virenstämmen gesucht.

Lizenznehmer: Avira AntiVir PersonalEdition Classic
Seriennummer: 0000149996-ADJIE-0001
Plattform: Windows XP
Windowsversion: (Service Pack 2) [5.1.2600]
Boot Modus: Normal gebootet
Benutzername: SYSTEM
Computername: NONAME

Versionsinformationen:
BUILD.DAT : 8.2.0.337 16934 Bytes 18.11.2008 13:01:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18.11.2008 08:21:23
AVSCAN.DLL : 8.1.4.0 48897 Bytes 09.05.2008 11:27:06
LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:16
LUKERES.DLL : 8.1.4.0 12545 Bytes 09.05.2008 11:40:42
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:29:38
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 18:32:40
ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 29.05.2009 13:40:34
ANTIVIR3.VDF : 7.1.4.74 299008 Bytes 09.06.2009 08:39:34
Engineversion : 8.2.0.180
AEVDF.DLL : 8.1.1.1 106868 Bytes 30.04.2009 13:33:10
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 15.05.2009 14:20:36
AESCN.DLL : 8.1.2.3 127347 Bytes 15.05.2009 14:20:36
AERDL.DLL : 8.1.1.3 438645 Bytes 05.11.2008 06:43:26
AEPACK.DLL : 8.1.3.18 401783 Bytes 27.05.2009 16:10:34
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26.02.2009 18:56:12
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 15.05.2009 14:20:34
AEHELP.DLL : 8.1.2.2 119158 Bytes 26.02.2009 18:56:12
AEGEN.DLL : 8.1.1.44 348532 Bytes 15.05.2009 14:20:34
AEEMU.DLL : 8.1.0.9 393588 Bytes 15.10.2008 09:49:36
AECORE.DLL : 8.1.6.12 180599 Bytes 27.05.2009 16:10:34
AEBB.DLL : 8.1.0.3 53618 Bytes 15.10.2008 09:49:34
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31.07.2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12.06.2008 13:45:01
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27.06.2008 13:32:05

Konfiguration für den aktuellen Suchlauf:
Job Name.........................: Vollständige Systemprüfung
Konfigurationsdatei..............: c:\programme\avira\antivir personaledition classic\sysscan.avp
Protokollierung..................: niedrig
Primäre Aktion...................: interaktiv
Sekundäre Aktion.................: ignorieren
Durchsuche Masterbootsektoren....: ein
Durchsuche Bootsektoren..........: ein
Bootsektoren.....................: C:, E:,
Durchsuche aktive Programme......: ein
Durchsuche Registrierung.........: ein
Suche nach Rootkits..............: aus
Datei Suchmodus..................: Intelligente Dateiauswahl
Durchsuche Archive...............: ein
Rekursionstiefe einschränken.....: 20
Archiv Smart Extensions..........: ein
Makrovirenheuristik..............: ein
Dateiheuristik...................: mittel

Beginn des Suchlaufs: Dienstag, 9. Juni 2009 16:22

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SymSCUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTSyncU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMBgMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTDetctu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msmsgs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTCheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tfswctrl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'apdproxy.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCAPP.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMXLauncher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DVDLauncher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'issch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'qttask.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'symwsc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPZipm12.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NAVAPSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTSVCCDA.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCEVTMGR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPBBCSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SNDSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISSVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCSETMGR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCPROXY.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '58' Prozesse mit '58' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
[WARNUNG] Systemfehler [21]: Das Gerät ist nicht bereit.
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
[WARNUNG] Systemfehler [21]: Das Gerät ist nicht bereit.
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
[WARNUNG] Systemfehler [21]: Das Gerät ist nicht bereit.
Masterbootsektor HD5
[INFO] Es wurde kein Virus gefunden!
[WARNUNG] Systemfehler [21]: Das Gerät ist nicht bereit.
Masterbootsektor HD6
[INFO] Es wurde kein Virus gefunden!
[WARNUNG] Systemfehler [21]: Das Gerät ist nicht bereit.

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen.
Die Registry wurde durchsucht ( '62' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\System Volume Information\_restore{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP1086\A0240876.exe
[FUND] Ist das Trojanische Pferd TR/BurnInHell.I
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a6086b2.qua' verschoben!
C:\System Volume Information\_restore{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP1086\A0240891.exe
[FUND] Ist das Trojanische Pferd TR/Pakes.nma
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a6086bc.qua' verschoben!
C:\WINDOWS\system32\drivers\d07f7e81.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'E:\' <BackupIBM>


Ende des Suchlaufs: Dienstag, 9. Juni 2009 18:11
Benötigte Zeit: 1:48:41 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

11270 Verzeichnisse wurden überprüft
476863 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
2 Dateien konnten nicht durchsucht werden
476859 Dateien ohne Befall
10374 Archive wurden durchsucht
7 Warnungen
2 Hinweise


HERE IS THE MALWAREBYTES LOG FROM JUNE 10


Malwarebytes' Anti-Malware 1.37
Database version: 2256
Windows 5.1.2600 Service Pack 2

10.06.2009 12:53:59
mbam-log-2009-06-10 (12-53-59).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 219991
Time elapsed: 1 hour(s), 54 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Google Online Services (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Programme\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Lenny\Anwendungsdaten\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Lenny\anwendungsdaten\errorkiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Files Infected:
c:\dokumente und einstellungen\Lenny\eigene dateien\COMPUTER\registery ckean stuff\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\1254.dat (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\1254.dat41 (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\Wheel of Life.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Lenny\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.






ROOTER ROOTKIT DETECTION LOG JUNE 9

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:73163 Mo/Free:93 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:32247 Mo/Free:1113 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)

10.06.2009|17:12

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Programme\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
---------- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\CTsvcCDA.exe
---------- C:\Programme\Java\jre6\bin\jqs.exe
---------- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\Programme\Spyware Doctor\pctsAuxs.exe
---------- C:\Programme\Spyware Doctor\pctsSvc.exe
---------- C:\Programme\Java\jre6\bin\jusched.exe
---------- C:\Programme\QuickTime\qttask.exe
---------- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\Programme\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
---------- C:\Programme\Dell\Media Experience\DMXLauncher.exe
---------- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
---------- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
---------- C:\Programme\Spyware Doctor\pctsTray.exe
---------- C:\Programme\Windows Defender\MSASCui.exe
---------- C:\Programme\Messenger\msmsgs.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Programme\Creative\MediaSource5\CTDetctu.exe
---------- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
---------- C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe
---------- C:\Dokumente und Einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
---------- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
---------- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOKUME~1\Lenny\Eigene Dateien\LIBRARY\CLEANUP_junkdrawer\MONTHS_SORT\JULY18\Pharyngula rolls eyes It's a cracker, peo9ple.htm
C:\DOKUME~1\Lenny\Eigene Dateien\LIBRARY\CLEANUP_junkdrawer\MONTHS_SORT\JULY18\Pharyngula rolls eyes It's a cracker, people#comments#comments#comments.htm
C:\DOKUME~1\Lenny\Eigene Dateien\LIBRARY\CLEANUP_junkdrawer\MONTHS_SORT\JULY18\Pharyngula rolls eyes It's a cracker, people.htm
C:\DOKUME~1\Lenny\Eigene Dateien\LIBRARY\GUITAR\GUITARfeb\Resetting Necks on Acoustic Guitars - Authorized Martin Guitar Neck Resets-Dateien\crackrepair.htm_cmp_guitar-blue010_vbtn.gif


1 - "C:\Rooter$\Rooter_1.txt" - 10.06.2009|17:15

----------------------\\ Scan completed at 17:15



ROOTER ROOTKIT DETECTION LOG JUNE 30


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 4 Stepping 1, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 6.0.2900.2180
.
C:\ [Fixed-NTFS] .. ( Total:71 Go - Free:6 Go )
D:\ [CD_Rom]
F:\ [CD_Rom]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
.
Scan : 23:00.27
Path : C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Rooter.exe
User : Lenny ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (564)
______ \??\C:\WINDOWS\system32\csrss.exe (612)
______ \??\C:\WINDOWS\system32\winlogon.exe (636)
______ C:\WINDOWS\system32\services.exe (680)
______ C:\WINDOWS\system32\lsass.exe (692)
______ C:\WINDOWS\system32\svchost.exe (868)
______ C:\WINDOWS\system32\svchost.exe (952)
______ C:\Programme\Windows Defender\MsMpEng.exe (1048)
______ C:\WINDOWS\System32\svchost.exe (1088)
______ C:\WINDOWS\system32\svchost.exe (1132)
______ C:\WINDOWS\system32\svchost.exe (1284)
______ C:\WINDOWS\system32\svchost.exe (1416)
______ C:\WINDOWS\system32\spoolsv.exe (1560)
______ C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (1596)
______ C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (1800)
______ C:\WINDOWS\system32\CTsvcCDA.exe (1812)
______ C:\Programme\Java\jre6\bin\jqs.exe (1880)
______ C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (1920)
______ C:\WINDOWS\system32\HPZipm12.exe (1960)
______ C:\Programme\Spyware Doctor\pctsAuxs.exe (1984)
______ C:\Programme\Spyware Doctor\pctsSvc.exe (2040)
______ C:\WINDOWS\system32\svchost.exe (400)
______ C:\WINDOWS\Explorer.EXE (804)
______ C:\Programme\Java\jre6\bin\jusched.exe (2244)
______ C:\Programme\QuickTime\qttask.exe (2424)
______ C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (2432)
______ C:\WINDOWS\system32\igfxpers.exe (2508)
______ C:\WINDOWS\system32\hkcmd.exe (2528)
______ C:\Programme\HP\HP Software Update\HPWuSchd2.exe (2536)
______ C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe (2604)
______ C:\Programme\Dell\Media Experience\DMXLauncher.exe (2628)
______ C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (2656)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (2684)
______ C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (2732)
______ C:\Programme\Windows Defender\MSASCui.exe (2756)
______ C:\Programme\Spyware Doctor\pctsTray.exe (2764)
______ C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (2784)
______ C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (2796)
______ C:\Programme\Messenger\msmsgs.exe (2852)
______ C:\WINDOWS\system32\ctfmon.exe (2876)
______ C:\Programme\Creative\MediaSource5\CTDetctu.exe (2908)
______ C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (2924)
______ C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe (2992)
______ C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (3284)
______ C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (1156)
______ C:\WINDOWS\System32\alg.exe (2208)
______ C:\WINDOWS\Explorer.EXE (132)
______ C:\Programme\OpenOffice.org 3\program\swriter.exe (3848)
______ C:\Programme\OpenOffice.org 3\program\soffice.exe (2024)
______ C:\Programme\OpenOffice.org 3\program\soffice.bin (3304)
______ C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Rooter.exe (3124)
______ C:\WINDOWS\system32\NOTEPAD.EXE (1524)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 | Length:76717186560)
\Device\Harddisk0\Partition3 (Start_Offset:76766538240 | Length:3224309760)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012UA.job
C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:03.45




HERE IS THE OTL LOG FILE (OTL EXTRAS FOLLOWS) JUNE 10


OTL logfile created on: 10.06.2009 17:37:25 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\aMALWAREREMOVAL
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

502,08 Mb Total Physical Memory | 171,30 Mb Available Physical Memory | 34,12% Memory free
1,20 Gb Paging File | 0,57 Gb Available in Paging File | 47,26% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,45 Gb Total Space | 12,09 Gb Free Space | 16,92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 31,49 Gb Total Space | 5,09 Gb Free Space | 16,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONAME
Current User Name: Lenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Programme\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\MediaSource5\CTDetctu.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Dokumente und Einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\aMALWAREREMOVAL\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirScheduler [Auto | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Media Toolbox 6 Licensing Service [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (gusvc [Auto | Stopped]) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (sdauxservice [Auto | Running]) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdcoreservice [Auto | Running]) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (TSMService [On_Demand | Stopped]) -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe (T-Systems Nova, Berkom)
SRV - (WinDefend [Auto | Running]) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Programme\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ACEDRV06 [Auto | Running]) -- C:\WINDOWS\system32\drivers\ACEDRV06.sys (Protect Software GmbH)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (avgio [System | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (litsgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\litsgt.sys ()
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NCHSSVAD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PCANDIS5 [On_Demand | Stopped]) -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pctcore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA GmbH)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SYMTDI [Unknown | Running]) -- File not found
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tansgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tansgt.sys ()
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (TNPacket [On_Demand | Stopped]) -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS (T-Systems Nova GmbH)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (X4HSX32 [Auto | Running]) -- C:\Programme\GameTap\bin\Release\X4HSX32.Sys (Exent Technologies Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008.09.08 08:08:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009.03.25 14:38:45 | 00,000,000 | ---D | M]


O1 HOSTS File: (820 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dictionary.com) - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CTCheck] C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [Scheduling Agent] C:\Programme\Creative\MediaToolbox6\Manage Recording Schedule\MTScdAgt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [Creative Detector U] "C:\Programme\Creative\MediaSource5\CTDetctu.exe" /R (Creative Technology Ltd)
O4 - HKCU..\Run: [CTSyncU.exe] "C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe" ()
O4 - HKCU..\Run: [Google Update] "C:\Dokumente und Einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML File not found
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm File not found
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} http://update.micros...b?1244636317875 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlonte...2ie06041001.cab (Quantum Streaming IE VersionManager Class)
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} http://dictionary.re...lbar/lexico.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://banners.wunde...tions/07486.gif
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.18 15:18:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009.06.10 17:29:14 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009.06.10 17:12:01 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009.06.10 14:19:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009.06.10 10:49:08 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Anwendungsdaten\Malwarebytes
[2009.06.10 10:48:55 | 00,000,676 | ---- | C] () -- C:\DOKUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.06.10 10:48:52 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.06.10 10:48:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2009.06.10 10:48:48 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.06.10 10:48:48 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.06.10 10:27:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.06.10 10:25:56 | 00,000,591 | ---- | C] () -- C:\DOKUME~1\Lenny\Desktop\NTREGOPT.lnk
[2009.06.10 10:25:56 | 00,000,572 | ---- | C] () -- C:\DOKUME~1\Lenny\Desktop\ERUNT.lnk
[2009.06.10 10:25:53 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009.06.10 07:54:52 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\aMALWAREREMOVAL
[2009.06.09 22:57:28 | 00,001,698 | ---- | C] () -- C:\DOKUME~1\Lenny\Desktop\HijackThis.lnk
[2009.06.09 22:56:27 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2009.06.09 21:28:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Anwendungsdaten\PC Tools
[2009.06.09 21:28:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2009.06.09 20:18:49 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009.06.09 20:18:26 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009.06.09 20:18:26 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009.06.09 20:17:27 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2009.06.09 20:17:26 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009.06.09 20:16:36 | 00,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2009.06.09 20:10:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
[2009.06.09 20:10:15 | 00,001,044 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.06.09 19:58:42 | 00,312,250 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\trojan-recovery.pdf
[2009.06.09 09:48:26 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\JUNETEMP0609
[2009.06.08 07:43:31 | 00,114,750 | ---- | C] () -- C:\WINDOWS\System32\drivers\d07f7e81.sys
[2009.05.20 12:17:20 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\RECUMBENT RESEARCH
[2009.04.19 18:52:19 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009.03.10 14:37:06 | 00,000,227 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2008.09.12 14:12:31 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.06.10 19:50:37 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.27 13:28:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2008.02.27 13:28:28 | 00,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2008.02.22 19:03:44 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.02.22 19:03:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.02.22 19:03:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008.02.07 19:30:12 | 00,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2008.02.07 19:30:11 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2008.02.02 17:32:59 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Tkkg_6.ini
[2007.12.31 16:53:11 | 00,000,055 | ---- | C] () -- C:\WINDOWS\Tkkg_2.ini
[2007.06.09 23:25:50 | 00,000,135 | ---- | C] () -- C:\WINDOWS\WMACutjoin.ini
[2006.08.22 20:06:24 | 00,000,100 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006.07.12 20:26:03 | 00,002,293 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.28 18:12:24 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006.06.28 18:12:23 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006.02.08 19:45:41 | 00,000,084 | ---- | C] () -- C:\WINDOWS\EmperorEdit.INI
[2006.02.08 15:59:05 | 00,000,323 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006.02.05 14:40:29 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006.02.05 14:40:29 | 00,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006.02.05 14:40:29 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006.01.24 20:08:29 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006.01.24 11:31:20 | 00,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.01.14 23:40:54 | 00,385,024 | ---- | C] () -- C:\WINDOWS\_MWOLTB.DLL
[2006.01.10 12:36:26 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.05 21:48:14 | 00,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2006.01.05 21:48:03 | 00,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2006.01.05 21:48:03 | 00,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2006.01.05 21:48:03 | 00,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006.01.02 21:35:21 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005.12.05 16:20:42 | 00,000,063 | ---- | C] () -- C:\WINDOWS\G403te_K.INI
[2005.12.05 16:14:31 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2005.12.05 16:12:13 | 00,000,063 | ---- | C] () -- C:\WINDOWS\G403me_K.INI
[2005.12.05 16:08:28 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2005.12.04 20:32:33 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.11.29 13:36:02 | 00,000,014 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2005.11.23 16:45:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.23 16:41:36 | 00,000,448 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.11.23 16:16:38 | 00,000,413 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.12 23:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.06.22 13:37:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.09.16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004.09.16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004.08.18 15:26:49 | 00,000,942 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.18 15:15:48 | 00,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.18 15:05:45 | 00,000,779 | ---- | C] () -- C:\WINDOWS\win.ini
[2004.08.18 15:05:42 | 00,000,482 | ---- | C] () -- C:\WINDOWS\system.ini
[2004.08.18 15:05:22 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2002.12.27 23:33:36 | 00,002,129 | ---- | C] () -- C:\WINDOWS\lexbar.ini
[1997.06.14 13:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009.06.10 17:41:17 | 00,114,750 | ---- | M] () -- C:\WINDOWS\System32\drivers\d07f7e81.sys
[2009.06.10 17:00:00 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009.06.10 16:00:00 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2009.06.10 14:53:05 | 00,001,156 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012.job
[2009.06.10 13:42:09 | 00,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.06.10 13:40:13 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009.06.10 13:39:26 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.06.10 13:39:13 | 00,000,062 | -HS- | M] () -- C:\Dokumente und Einstellungen\Lenny\Lokale Einstellungen\desktop.ini
[2009.06.10 13:39:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.06.10 13:38:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.06.10 10:48:55 | 00,000,676 | ---- | M] () -- C:\DOKUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.06.10 10:25:56 | 00,000,591 | ---- | M] () -- C:\DOKUME~1\Lenny\Desktop\NTREGOPT.lnk
[2009.06.10 10:25:56 | 00,000,572 | ---- | M] () -- C:\DOKUME~1\Lenny\Desktop\ERUNT.lnk
[2009.06.09 22:57:28 | 00,001,698 | ---- | M] () -- C:\DOKUME~1\Lenny\Desktop\HijackThis.lnk
[2009.06.09 19:58:42 | 00,312,250 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\trojan-recovery.pdf
[2009.06.09 09:47:42 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.05 08:52:13 | 00,002,364 | ---- | M] () -- C:\DOKUME~1\Lenny\Desktop\Google Chrome.lnk
[2009.05.29 17:46:55 | 00,002,477 | ---- | M] () -- C:\DOKUME~1\Lenny\Desktop\Microsoft Word.lnk
[2009.05.26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.05.26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >






HERE IS THE OTL EXTRAS LOGFILE JUNE 10


OTL Extras logfile created on: 10.06.2009 17:37:25 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\aMALWAREREMOVAL
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

502,08 Mb Total Physical Memory | 171,30 Mb Available Physical Memory | 34,12% Memory free
1,20 Gb Paging File | 0,57 Gb Available in Paging File | 47,26% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,45 Gb Total Space | 12,09 Gb Free Space | 16,92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 31,49 Gb Total Space | 5,09 Gb Free Space | 16,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONAME
Current User Name: Lenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\symantecantivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\symantecfirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite File not found
C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II File not found
C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 (ICQ, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st840
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities 1.48
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{6231FDA0-7E6F-11D4-A671-006008D09831}" = Sacrifice
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F786438-F6F2-41C0-886F-06E42BBF62CC}" = JourneySoftware
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ADD31791-D676-4A7B-8FA8-A6EE7F1B4E5A}" = JourneySoftwarePromo
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B151F020-1DEE-4716-944F-2759FC3C51DA}" = World Racing
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F61DD673-0030-4BB2-A382-7E57E97F1031}" = Nero 7 Essentials
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Mythology 1.0" = Age of Mythology
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AudibleManager" = AudibleManager
"Blue Byte Game Channel" = Blue Byte Game Channel
"CCleaner" = CCleaner (remove only)
"Creative Audio Pack" = Creative Audiopaket
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Debut" = Debut
"erunt_is1" = ERUNT 1.1j
"google updater" = Google Updater
"hijackthis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Medieval Conquest" = Medieval Conquest
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PhotoStage" = PhotoStage
"Prism" = Prism Video Converter
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime 3.0" = QuickTime 3.0
"RealPlayer 6.0" = RealPlayer
"spyware doctor" = Spyware Doctor 6.0
"Switch" = Switch
"SysInfo" = Creative System Information
"TDSLSM" = T-DSL SpeedManager
"ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ Toolbar
"ToolBox" = NCH Toolbox
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08.06.2009 01:44:42 | Computer Name = NONAME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung jqs.exe, Version 6.0.110.3, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00e531d8.

Error - 08.06.2009 05:57:35 | Computer Name = NONAME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00406472.

Error - 09.06.2009 01:27:07 | Computer Name = NONAME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00406472.

Error - 09.06.2009 14:19:09 | Computer Name = NONAME | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <http://www.download....uthrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .

Error - 09.06.2009 15:02:22 | Computer Name = NONAME | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

Error - 09.06.2009 15:04:38 | Computer Name = NONAME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pctsAuxs.exe, Version 6.1.0.12, fehlgeschlagenes
Modul pctsAuxs.exe, Version 6.1.0.12, Fehleradresse 0x0003aeab.

Error - 09.06.2009 15:20:47 | Computer Name = NONAME | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pctsAuxs.exe, Version 6.1.0.12, fehlgeschlagenes
Modul pctsAuxs.exe, Version 6.1.0.12, Fehleradresse 0x0003aeab.

Error - 09.06.2009 15:22:43 | Computer Name = NONAME | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung EXCEL.EXE, Version 9.0.0.2719, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10.06.2009 03:14:24 | Computer Name = NONAME | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung IEXPLORE.EXE, Version 6.0.2900.2180, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10.06.2009 03:52:25 | Computer Name = NONAME | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.

[ System Events ]
Error - 10.06.2009 08:23:54 | Computer Name = NONAME | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "wuauserv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10.06.2009 08:23:54 | Computer Name = NONAME | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatische Updates" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 10.06.2009 08:30:11 | Computer Name = NONAME | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "wuauserv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10.06.2009 08:30:11 | Computer Name = NONAME | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatische Updates" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 10.06.2009 08:30:13 | Computer Name = NONAME | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "wuauserv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10.06.2009 08:30:13 | Computer Name = NONAME | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatische Updates" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 10.06.2009 08:31:28 | Computer Name = NONAME | Source = Service Control Manager | ID = 7028
Description = Der Registrierungsschlüssel "wuauserv" hat den Zugriff für SYSTEM-Kontoprogramme
verweigert. Der Dienststeuerungs-Manager hat daher den Besitz des Registrierungsschlüssels
übernommen.

Error - 10.06.2009 08:32:01 | Computer Name = NONAME | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatische Updates" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 10.06.2009 08:53:05 | Computer Name = NONAME | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "BITS" mit
den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10.06.2009 08:53:05 | Computer Name = NONAME | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2


< End of report >



OTL REPORT from JULY 1

OTL logfile created on: 01.07.2009 08:26:23 - Run 2
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

502,08 Mb Total Physical Memory | 176,60 Mb Available Physical Memory | 35,17% Memory free
1,20 Gb Paging File | 0,57 Gb Available in Paging File | 47,41% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,45 Gb Total Space | 6,49 Gb Free Space | 9,09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONAME
Current User Name: Lenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Programme\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\MediaSource5\CTDetctu.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirScheduler [Auto | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Media Toolbox 6 Licensing Service [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (gusvc [Auto | Stopped]) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (sdauxservice [Auto | Running]) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdcoreservice [Auto | Running]) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (TSMService [On_Demand | Stopped]) -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe (T-Systems Nova, Berkom)
SRV - (WinDefend [Auto | Running]) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Programme\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ACEDRV06 [Auto | Running]) -- C:\WINDOWS\System32\drivers\ACEDRV06.sys (Protect Software GmbH)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (avgio [System | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (litsgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\litsgt.sys ()
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NCHSSVAD [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PCANDIS5 [On_Demand | Stopped]) -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pctcore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (AVIRA GmbH)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tansgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tansgt.sys ()
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (TNPacket [On_Demand | Stopped]) -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS (T-Systems Nova GmbH)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (X4HSX32 [Auto | Running]) -- C:\Programme\GameTap\bin\Release\X4HSX32.Sys (Exent Technologies Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.03.25 14:38:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.30 14:04:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (820 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dictionary.com) - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTCheck] C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Scheduling Agent] C:\Programme\Creative\MediaToolbox6\Manage Recording Schedule\MTScdAgt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Creative Detector U] C:\Programme\Creative\MediaSource5\CTDetctu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [Google Update] C:\Dokumente und Einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll File not found
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm File not found
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} http://update.micros...b?1244636317875 (WUWebControl Class)
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6c269571-c6d7-4818-bca4-32a035e8c884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlonte...2ie06041001.cab (Quantum Streaming IE VersionManager Class)
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} http://dictionary.re...lbar/lexico.cab (Reg Error: Key error.)
O16 - DPF: {f6acf75c-c32c-447b-9bef-46b766368d29} http://ccfiles.creat...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://banners.wunde...tions/07486.gif
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.18 15:18:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.07.01 08:19:04 | 00,097,285 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Dokument1.rtf
[2009.06.30 22:56:52 | 00,173,119 | ---- | C] (Eric_71) -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Rooter.exe
[2009.06.30 22:55:54 | 00,040,998 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\report to send 30th.odt
[2009.06.30 21:56:22 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Interpretation der Datei Windowsupdate_files
[2009.06.30 21:51:27 | 00,091,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Dokument.rtf
[2009.06.30 20:09:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009.06.30 19:58:17 | 00,009,583 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Fehlernummer 0x8024D007 [Archiv] - XPdiskussion.htm
[2009.06.30 19:58:17 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Fehlernummer 0x8024D007 [Archiv] - XPdiskussion_files
[2009.06.30 19:41:02 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! – Tech experts answer your questions_files
[2009.06.30 19:41:00 | 00,068,461 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! – Tech experts answer your questions.htm
[2009.06.30 19:21:18 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! [Powered by Invision Power Board]_files
[2009.06.30 19:21:17 | 00,054,753 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! [Powered by Invision Power Board].htm
[2009.06.30 19:10:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Defaultgooglechromeprofilestuff
[2009.06.30 17:34:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Google Chrome crashes 'Whoa! Google Chrome has crashed.' - Google Chrome Help.htm_files
[2009.06.30 14:45:12 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\BBC NEWS Science & Environment Ladybird 'risk to 1,000 species'_files
[2009.06.30 14:45:10 | 00,063,594 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\BBC NEWS Science & Environment Ladybird 'risk to 1,000 species'.htm
[2009.06.30 14:14:31 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\PRISM
[2009.06.30 14:04:46 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared
[2009.06.30 14:04:39 | 00,000,971 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk
[2009.06.30 13:06:01 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\JUNE3009sort
[2009.06.29 17:13:39 | 00,001,208 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012UA.job
[2009.06.29 17:13:38 | 00,001,156 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012Core.job
[2009.06.29 12:49:41 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\SBTAX DOCS 2007 2008
[2009.06.27 08:15:06 | 00,000,124 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZEN Media Explorer.lnk
[2009.06.27 07:59:48 | 00,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2009.06.26 15:14:51 | 00,000,799 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Desktop\Archlord.lnk
[2009.06.26 15:05:45 | 00,000,000 | ---D | C] -- C:\Programme\Codemasters
[2009.06.16 11:53:22 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\HOUSE PURCHASE
[2009.06.14 14:51:06 | 00,000,000 | ---D | C] -- C:\GAMIGO
[2009.06.10 17:12:01 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009.06.10 10:49:08 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Anwendungsdaten\Malwarebytes
[2009.06.10 10:48:52 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.06.10 10:48:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2009.06.10 10:48:48 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.06.10 10:48:48 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.06.10 10:27:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.06.10 10:25:53 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009.06.10 07:54:52 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\aMALWAREREMOVAL
[2009.06.09 22:56:27 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2009.06.09 21:28:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Anwendungsdaten\PC Tools
[2009.06.09 21:28:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2009.06.09 20:18:49 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009.06.09 20:18:26 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009.06.09 20:18:26 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009.06.09 20:17:27 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2009.06.09 20:17:26 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009.06.09 20:16:36 | 00,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2009.06.09 20:10:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
[2009.06.09 20:10:15 | 00,001,044 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.06.09 09:48:26 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\JUNETEMP0609
[2009.06.08 07:43:31 | 00,114,750 | ---- | C] () -- C:\WINDOWS\System32\drivers\d07f7e81.sys
[2009.04.19 18:52:19 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009.03.10 14:37:06 | 00,000,227 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2008.09.12 14:12:31 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.06.10 19:50:37 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.27 13:28:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2008.02.27 13:28:28 | 00,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2008.02.22 19:03:44 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.02.22 19:03:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.02.22 19:03:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008.02.07 19:30:12 | 00,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2008.02.07 19:30:11 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2008.02.02 17:32:59 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Tkkg_6.ini
[2007.12.31 16:53:11 | 00,000,055 | ---- | C] () -- C:\WINDOWS\Tkkg_2.ini
[2007.06.09 23:25:50 | 00,000,135 | ---- | C] () -- C:\WINDOWS\WMACutjoin.ini
[2006.08.22 20:06:24 | 00,000,100 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006.07.12 20:26:03 | 00,002,293 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.28 18:12:24 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006.06.28 18:12:23 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006.02.08 19:45:41 | 00,000,084 | ---- | C] () -- C:\WINDOWS\EmperorEdit.INI
[2006.02.08 15:59:05 | 00,000,323 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006.02.05 14:40:29 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006.02.05 14:40:29 | 00,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006.02.05 14:40:29 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006.01.24 20:08:29 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006.01.24 11:31:20 | 00,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.01.14 23:40:54 | 00,385,024 | ---- | C] () -- C:\WINDOWS\_MWOLTB.DLL
[2006.01.10 12:36:26 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.05 21:48:14 | 00,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2006.01.05 21:48:03 | 00,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2006.01.05 21:48:03 | 00,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2006.01.05 21:48:03 | 00,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006.01.02 21:35:21 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005.12.05 16:20:42 | 00,000,063 | ---- | C] () -- C:\WINDOWS\G403te_K.INI
[2005.12.05 16:14:31 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2005.12.05 16:12:13 | 00,000,063 | ---- | C] () -- C:\WINDOWS\G403me_K.INI
[2005.12.05 16:08:28 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2005.12.04 20:32:33 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.11.29 13:36:02 | 00,000,014 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2005.11.23 16:45:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.23 16:41:36 | 00,000,448 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.11.23 16:16:38 | 00,000,413 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.12 23:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.06.22 13:37:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.09.16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004.09.16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004.08.18 15:26:49 | 00,000,942 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.18 15:15:48 | 00,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.18 15:05:45 | 00,000,779 | ---- | C] () -- C:\WINDOWS\win.ini
[2004.08.18 15:05:42 | 00,000,274 | ---- | C] () -- C:\WINDOWS\system.ini
[2004.08.18 15:05:22 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2002.12.27 23:33:36 | 00,002,129 | ---- | C] () -- C:\WINDOWS\lexbar.ini
[1997.06.14 13:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009.07.01 08:31:02 | 00,114,750 | ---- | M] () -- C:\WINDOWS\System32\drivers\d07f7e81.sys
[2009.07.01 08:19:37 | 00,040,998 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\report to send 30th.odt
[2009.07.01 08:19:04 | 00,097,285 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Dokument1.rtf
[2009.07.01 08:18:00 | 00,001,208 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012UA.job
[2009.07.01 08:08:35 | 00,091,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Dokument.rtf
[2009.07.01 08:00:01 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2009.07.01 06:59:11 | 00,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.07.01 06:58:21 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009.07.01 06:56:58 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.07.01 06:56:55 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009.07.01 06:56:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.07.01 06:56:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.06.30 22:56:54 | 00,173,119 | ---- | M] (Eric_71) -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Rooter.exe
[2009.06.30 19:58:17 | 00,009,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Fehlernummer 0x8024D007 [Archiv] - XPdiskussion.htm
[2009.06.30 19:41:02 | 00,068,461 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! – Tech experts answer your questions.htm
[2009.06.30 19:21:18 | 00,054,753 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! [Powered by Invision Power Board].htm
[2009.06.30 17:18:02 | 00,001,156 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012Core.job
[2009.06.30 14:45:12 | 00,063,594 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\BBC NEWS Science & Environment Ladybird 'risk to 1,000 species'.htm
[2009.06.30 14:21:53 | 00,053,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.30 14:14:32 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.30 14:04:39 | 00,000,971 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk
[2009.06.30 14:03:17 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009.06.30 14:03:17 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009.06.30 14:03:16 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009.06.26 15:14:51 | 00,000,799 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Desktop\Archlord.lnk
[2009.06.23 22:07:51 | 00,002,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Desktop\Google Chrome.lnk
[2009.06.17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.06.17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.06.13 14:23:51 | 00,075,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009.06.11 09:41:46 | 00,000,274 | ---- | M] () -- C:\WINDOWS\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >


ANTIVIRUS REPORT FOR JUNE 29


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 29. Juni 2009 13:11

Es wird nach 1433432 Virenstämmen gesucht.

Lizenznehmer: Avira AntiVir Personal - FREE Antivirus
Seriennummer: 0000149996-ADJIE-0000001
Plattform: Windows XP
Windowsversion: (Service Pack 2) [5.1.2600]
Boot Modus: Normal gebootet
Benutzername: SYSTEM
Computername: NONAME

Versionsinformationen:
BUILD.DAT : 8.2.0.353 17048 Bytes 15.05.2009 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18.11.2008 08:21:23
AVSCAN.DLL : 8.1.4.0 48897 Bytes 09.05.2008 11:27:06
LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:16
LUKERES.DLL : 8.1.4.0 12545 Bytes 09.05.2008 11:40:42
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:29:38
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 11:09:40
ANTIVIR2.VDF : 7.1.4.133 2048 Bytes 24.06.2009 11:09:40
ANTIVIR3.VDF : 7.1.4.150 136192 Bytes 29.06.2009 11:09:41
Engineversion : 8.2.0.199
AEVDF.DLL : 8.1.1.1 106868 Bytes 30.04.2009 13:33:10
AESCRIPT.DLL : 8.1.2.10 418171 Bytes 29.06.2009 11:09:48
AESCN.DLL : 8.1.2.3 127347 Bytes 15.05.2009 14:20:36
AERDL.DLL : 8.1.1.3 438645 Bytes 05.11.2008 06:43:26
AEPACK.DLL : 8.1.3.18 401783 Bytes 27.05.2009 16:10:34
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18.06.2009 12:12:00
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 29.06.2009 11:09:46
AEHELP.DLL : 8.1.3.6 205174 Bytes 13.06.2009 12:23:10
AEGEN.DLL : 8.1.1.46 348533 Bytes 20.06.2009 12:11:20
AEEMU.DLL : 8.1.0.9 393588 Bytes 15.10.2008 09:49:36
AECORE.DLL : 8.1.6.12 180599 Bytes 27.05.2009 16:10:34
AEBB.DLL : 8.1.0.3 53618 Bytes 15.10.2008 09:49:34
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:27:58
AVREP.DLL : 8.0.0.3 155688 Bytes 13.06.2009 12:22:59
AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12.06.2008 13:45:01
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27.06.2008 13:32:05

Konfiguration für den aktuellen Suchlauf:
Job Name.........................: Vollständige Systemprüfung
Konfigurationsdatei..............: c:\programme\avira\antivir personaledition classic\sysscan.avp
Protokollierung..................: niedrig
Primäre Aktion...................: interaktiv
Sekundäre Aktion.................: ignorieren
Durchsuche Masterbootsektoren....: ein
Durchsuche Bootsektoren..........: ein
Bootsektoren.....................: C:,
Durchsuche aktive Programme......: ein
Durchsuche Registrierung.........: ein
Suche nach Rootkits..............: aus
Datei Suchmodus..................: Intelligente Dateiauswahl
Durchsuche Archive...............: ein
Rekursionstiefe einschränken.....: 20
Archiv Smart Extensions..........: ein
Makrovirenheuristik..............: ein
Dateiheuristik...................: mittel

Beginn des Suchlaufs: Montag, 29. Juni 2009 13:11

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTSyncU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMBgMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTDetctu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msmsgs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTCheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pctsTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tfswctrl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'apdproxy.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMXLauncher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DVDLauncher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'issch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'qttask.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pctsSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pctsAuxs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPZipm12.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTSVCCDA.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '50' Prozesse mit '50' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
[WARNUNG] Systemfehler [21]: Das Gerät ist nicht bereit.
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
[WARNUNG] Systemfehler [21]: Das Gerät ist nicht bereit.
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
[WARNUNG] Systemfehler [21]: Das Gerät ist nicht bereit.
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
[WARNUNG] Systemfehler [21]: Das Gerät ist nicht bereit.

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen.
Die Registry wurde durchsucht ( '59' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\WINDOWS\system32\drivers\d07f7e81.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!


Ende des Suchlaufs: Montag, 29. Juni 2009 15:01
Benötigte Zeit: 1:50:34 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

11542 Verzeichnisse wurden überprüft
471322 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
2 Dateien konnten nicht durchsucht werden
471320 Dateien ohne Befall
10346 Archive wurden durchsucht
6 Warnungen
0 Hinweise

Edited by Octagonal, 01 July 2009 - 01:25 AM.
Removed email address

  • 0

Advertisements

#2
Rorschach112
Posted 01 July 2009 - 05:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
Expat54
Posted 01 July 2009 - 06:21 AM

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks for the quick reply.

Here`s the Combofix log

ComboFix 09-06-29.07 - Lenny 01.07.2009 13:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.502.247 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Lenny\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pi.exe
c:\windows\system32\drivers\d07f7e81.sys

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GOOGLE_ONLINE_SERVICES
-------\Service_d07f7e81


((((((((((((((((((((((( Dateien erstellt von 2009-06-01 bis 2009-07-01 ))))))))))))))))))))))))))))))
.

2009-07-01 10:48 . 2009-07-01 11:08 -------- d-----w- c:\windows\BDOSCAN8
2009-06-30 14:43 . 2009-06-30 14:43 3561743 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-30 12:04 . 2009-06-30 12:04 -------- d-----w- c:\programme\Gemeinsame Dateien\xing shared
2009-06-26 13:05 . 2009-06-26 13:05 -------- d-----w- c:\programme\Codemasters
2009-06-14 12:51 . 2009-06-14 12:51 -------- d-----w- C:\GAMIGO
2009-06-10 15:12 . 2009-06-30 21:11 -------- d-----w- C:\Rooter$
2009-06-10 08:49 . 2009-06-10 08:49 -------- d-----w- c:\dokumente und einstellungen\Lenny\Anwendungsdaten\Malwarebytes
2009-06-10 08:48 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 08:48 . 2009-06-10 08:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-06-10 08:48 . 2009-06-30 14:44 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2009-06-10 08:48 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 08:25 . 2009-06-10 08:26 -------- d-----w- c:\programme\ERUNT
2009-06-09 20:56 . 2009-06-09 20:56 -------- d-----w- c:\programme\Trend Micro
2009-06-09 19:28 . 2009-06-09 19:28 -------- d-----w- c:\dokumente und einstellungen\Lenny\Anwendungsdaten\PC Tools
2009-06-09 19:28 . 2009-06-09 19:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2009-06-09 18:18 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-09 18:18 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-09 18:18 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-09 18:17 . 2009-06-09 19:28 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2009-06-09 18:17 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-09 18:16 . 2009-07-01 11:34 -------- d-----w- c:\programme\Spyware Doctor
2009-06-09 18:10 . 2009-06-09 19:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 12:05 . 2009-04-19 18:28 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-07-01 12:01 . 2008-09-25 06:50 -------- d-----w- c:\programme\Spybot - Search & Destroy
2009-07-01 05:22 . 2008-11-17 16:30 1 ----a-w- c:\dokumente und einstellungen\Lenny\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-30 12:04 . 2006-01-24 22:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Real
2009-06-30 12:03 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-30 12:03 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-28 10:36 . 2009-02-13 13:49 34 ----a-w- c:\dokumente und einstellungen\Lenny\jagex_runescape_preferences.dat
2009-06-27 06:15 . 2007-05-13 06:17 -------- d--h--w- c:\programme\Creative Installation Information
2009-06-27 06:14 . 2007-05-13 06:10 -------- d-----w- c:\programme\Creative
2009-06-27 06:11 . 2005-11-23 14:34 -------- d--h--w- c:\programme\InstallShield Installation Information
2009-06-13 12:23 . 2009-01-19 14:50 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-11 06:11 . 2005-11-23 14:36 -------- d-----w- c:\programme\Symantec
2009-06-10 11:49 . 2005-11-23 14:36 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared
2009-06-10 11:38 . 2005-11-23 14:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Symantec
2009-06-10 11:09 . 2008-10-04 15:04 -------- d-----w- c:\programme\TAIL
2009-06-09 18:10 . 2006-03-07 11:13 -------- d-----w- c:\programme\Google
2009-04-15 05:51 . 2005-12-06 06:53 43248 ----a-w- c:\dokumente und einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" [2004-10-13 1694208]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Creative Detector U"="c:\programme\Creative\MediaSource5\CTDetctu.exe" [2006-06-27 110592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
"Google Update"="c:\dokumente und einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2009-03-25 133104]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]
"CTSyncU.exe"="c:\programme\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-25 136600]
"Scheduling Agent"="c:\programme\Creative\MediaToolbox6\Manage Recording Schedule\MTScdAgt.exe" [2007-04-12 1730086]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-01-10 155648]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"DVDLauncher"="c:\programme\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\programme\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ISTray"="c:\programme\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"CTCheck"="c:\programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-06-30 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE" [2005-07-14 847872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk
backup=c:\windows\pss\HP Image Zone Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=

R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09.06.2009 20:18 130936]
R2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [22.08.2006 17:37 99840]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [07.02.2008 19:30 137344]
R2 sdauxservice;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [09.06.2009 20:16 348752]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [07.02.2008 19:30 12032]
R2 WinDefend;Windows Defender;c:\programme\Windows Defender\MsMpEng.exe [03.11.2006 20:19 13592]
S3 bfastfao;bfastfao;\??\c:\dokume~1\Lenny\LOKALE~1\Temp\bfastfao.sys --> c:\dokume~1\Lenny\LOKALE~1\Temp\bfastfao.sys [?]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe [29.06.2007 16:38 79360]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 18:44 9696]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners

2009-07-01 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-09 18:10]

2009-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012Core.job
- c:\dokumente und einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-03-25 13:38]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012UA.job
- c:\dokumente und einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-03-25 13:38]

2009-07-01 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]

2005-11-30 c:\windows\Tasks\ISP-Anmeldungserinnerung 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-18 14:00]

2009-07-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Search &Dictionary - c:\program files\Lexico\Toolbar\dictionary.htm
IE: Search &Thesaurus - c:\program files\Lexico\Toolbar\thesaurus.htm
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 14:05
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-644034737-2025439754-3436451768-1012\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \$»»]
"Q"=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \Ã#$]
"Q"=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \ÏE¼]
"Q"=hex:51
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(3596)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\CTSVCCDA.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Spyware Doctor\pctsSvc.exe
c:\programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
c:\programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\update.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-01 14:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-07-01 12:13

Vor Suchlauf: 6.774.902.784 Bytes frei
Nach Suchlauf: 6.681.284.608 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

207
  • 0

#4
Expat54
Posted 01 July 2009 - 06:47 AM

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Rorschach112

I forgot to mention that with the Combofix deletions I have already noticed a change in system behavior.

The LAN led that indicates activity would blink wildly before ... almost always .. even when a website was finished downloading.

It is currently a nice steady green.

Can you confirm that these deletions were the Spammer?


In addition to solving the SPAM problem maybe you could mention all the stuff on my system I could delete.

I`m also considering purchasing the Premium version of Avira. I understand that the Windows version of a firewall is rather limited.

Please advise.

Thanks
  • 0

#5
Rorschach112
Posted 01 July 2009 - 06:48 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#6
Expat54
Posted 01 July 2009 - 11:28 PM

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I ran the temp file cleaner as requested.

The Malwarybytes scan was clean.

Kaspersky critical areas scan was clean.

Kaspersky My Computer scan found several infections.

Please advise on removal methods.

Logs below.

Thanks again for your help.





Malwarebytes' Anti-Malware 1.38
Database version: 2358
Windows 5.1.2600 Service Pack 2

01.07.2009 15:51:02
mbam-log-2009-07-01 (15-51-02).txt

Scan type: Quick Scan
Objects scanned: 106174
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


KASPERSKY ONLINE SCANNER 7.0 REPORTKASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 2, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build
2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 01, 2009 20:50:31
Records in database: 2412125


Scan settings
Scan using the following databaseextended
Scan archivesyes
Scan mail databasesyes

Scan areaMy Computer
C:\
D:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics
Files scanned140897
Threat name3
Infected objects5
Suspicious objects0
Duration of the scan03:13:11

File nameThreat nameThreats count
C:\Dokumente und Einstellungen\Lenny\Eigene
Dateien\Downloads\Pareto_AV_Setup_RW.exeInfected:
Trojan.Win32.FraudPack.oyl1

C:\Dokumente und Einstellungen\Lenny\Eigene
Dateien\LIBRARY\CLEANUP_junkdrawer\CURRENT\Warum heißt die
Mitternachtsformel Mitternachtsformel - Yahoo! Clever.htmInfected:
Trojan-Clicker.HTML.IFrame.ail1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\d07f7e81.sys.virInfected:
Backdoor.Win32.NewRest.ao1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_d07f7e81_.sys.zipInfected:
Backdoor.Win32.NewRest.ao2

The selected area was scanned.
  • 0

#7
Expat54
Posted 02 July 2009 - 05:06 AM

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Just for fun I reran my resident Avira scan. Nothing found.

Also reran Nortons online scan. Clean.

Let me know how to get rid of what Kaspersky found.

Thanks.
  • 0

#8
Rorschach112
Posted 02 July 2009 - 06:53 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
delete this file

C:\Dokumente und Einstellungen\Lenny\EigeneDateien\Downloads\Pareto_AV_Setup_RW.exe

and post a new OTL log
  • 0

#9
Expat54
Posted 02 July 2009 - 11:40 AM

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
thought you might have some special way of doing that.

Ok ... it`s deleted and the trashcan is MT.

want me to delete the other files too?








OTL logfile created on: 02.07.2009 19:21:56 - Run 3
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Dokumente und Einstellungen\Lenny\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

502,08 Mb Total Physical Memory | 203,09 Mb Available Physical Memory | 40,45% Memory free
1,20 Gb Paging File | 0,45 Gb Available in Paging File | 37,94% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,45 Gb Total Space | 6,45 Gb Free Space | 9,03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONAME
Current User Name: Lenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Programme\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\MediaSource5\CTDetctu.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Dokumente und Einstellungen\Lenny\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirScheduler [Auto | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Media Toolbox 6 Licensing Service [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (gusvc [Auto | Stopped]) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (sdauxservice [Auto | Running]) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdcoreservice [Auto | Running]) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (TSMService [On_Demand | Stopped]) -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe (T-Systems Nova, Berkom)
SRV - (WinDefend [Auto | Running]) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Programme\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ACEDRV06 [Auto | Running]) -- C:\WINDOWS\System32\drivers\ACEDRV06.sys (Protect Software GmbH)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (avgio [System | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (litsgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\litsgt.sys ()
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NCHSSVAD [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PCANDIS5 [On_Demand | Stopped]) -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pctcore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (AVIRA GmbH)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tansgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tansgt.sys ()
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (TNPacket [On_Demand | Stopped]) -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS (T-Systems Nova GmbH)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (X4HSX32 [Auto | Running]) -- C:\Programme\GameTap\bin\Release\X4HSX32.Sys (Exent Technologies Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.03.25 14:38:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.30 14:04:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dictionary.com) - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTCheck] C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Scheduling Agent] C:\Programme\Creative\MediaToolbox6\Manage Recording Schedule\MTScdAgt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Creative Detector U] C:\Programme\Creative\MediaSource5\CTDetctu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [Google Update] C:\Dokumente und Einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll File not found
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm File not found
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 80 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} http://update.micros...b?1244636317875 (WUWebControl Class)
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6c269571-c6d7-4818-bca4-32a035e8c884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlonte...2ie06041001.cab (Quantum Streaming IE VersionManager Class)
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} http://dictionary.re...lbar/lexico.cab (Reg Error: Key error.)
O16 - DPF: {f6acf75c-c32c-447b-9bef-46b766368d29} http://ccfiles.creat...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://banners.wunde...tions/07486.gif
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.18 15:18:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.07.02 11:46:41 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\DB BAHN - Verbindungen - Ihre Auskunft_files
[2009.07.02 11:46:40 | 00,058,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\DB BAHN - Verbindungen - Ihre Auskunft.htm
[2009.07.02 09:37:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009.07.02 08:44:24 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\win32 heur nightmare - Tech Support Forum_files
[2009.07.02 08:44:23 | 00,131,574 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\win32 heur nightmare - Tech Support Forum.htm
[2009.07.02 08:39:36 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Trojan.win32.fraudpack_files
[2009.07.02 08:39:35 | 00,077,108 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Trojan.win32.fraudpack.gen
[2009.07.02 08:34:29 | 00,022,594 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Troj Dwnldr-HHM Trojan (Win32 TrojanDownloader.Delf.ODS, Trojan.Win32.FraudPack.gen) - Sophos security analysis.htm.gen) - Sophos security analysis
[2009.07.02 08:34:29 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Troj Dwnldr-HHM Trojan (Win32 TrojanDownloader.Delf.ODS, Trojan.Win32.FraudPack.gen) - Sophos security analysis.htm_files
[2009.07.02 07:04:30 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Trojan Trojan Removal Instructions_files
[2009.07.02 07:04:29 | 00,027,927 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Trojan Trojan Removal Instructions.htm
[2009.07.02 06:48:47 | 00,003,746 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\kasperskymycomp.html
[2009.07.01 17:06:07 | 00,020,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Kasp1.html
[2009.07.01 16:21:41 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
[2009.07.01 16:21:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Kaspersky Lab
[2009.07.01 16:17:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Kaspersky Lab Anti-Virus, Internet Security, Mobile Security & Antiviren-Software und Services für Unternehmen-Dateien
[2009.07.01 16:17:20 | 00,027,771 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Kaspersky Lab Anti-Virus, Internet Security, Mobile Security & Antiviren-Software und Services für Unternehmen.htm
[2009.07.01 16:10:46 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Kaspersky Online-Scanner (für Java) 7_0 Deutsch, Download bei heise-Dateien
[2009.07.01 16:10:44 | 00,101,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Kaspersky Online-Scanner (für Java) 7_0 Deutsch, Download bei heise.htm
[2009.07.01 15:41:07 | 00,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.07.01 15:26:18 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009.07.01 15:24:11 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lenny\Desktop\mbam-setup.exe
[2009.07.01 15:15:34 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Preventing Malware and Safe Computing_files
[2009.07.01 15:15:32 | 00,208,653 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Preventing Malware and Safe Computing.htm
[2009.07.01 14:10:55 | 02,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009.07.01 14:10:55 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009.07.01 14:10:55 | 01,057,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009.07.01 14:10:55 | 01,035,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009.07.01 14:10:55 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009.07.01 14:10:55 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009.07.01 14:10:55 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009.07.01 14:10:55 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009.07.01 14:10:55 | 00,053,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009.07.01 14:10:55 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009.07.01 14:10:55 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009.07.01 14:10:55 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009.07.01 14:10:55 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009.07.01 14:10:55 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009.07.01 14:10:54 | 02,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009.07.01 14:10:54 | 00,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009.07.01 14:10:54 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009.07.01 14:10:54 | 00,507,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009.07.01 14:10:54 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009.07.01 14:10:54 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009.07.01 14:10:54 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009.07.01 14:10:54 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009.07.01 14:10:54 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009.07.01 14:10:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009.07.01 13:42:47 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009.07.01 13:42:42 | 00,262,448 | ---- | C] () -- C:\cmldr
[2009.07.01 13:42:37 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.07.01 13:39:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.07.01 13:39:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.07.01 13:39:48 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.07.01 13:39:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.07.01 13:39:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.07.01 13:39:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.07.01 13:39:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.07.01 13:39:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.07.01 13:33:33 | 03,044,714 | R--- | C] () -- C:\Dokumente und Einstellungen\Lenny\Desktop\ComboFix.exe
[2009.07.01 13:29:05 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.07.01 12:48:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009.07.01 12:44:49 | 00,059,474 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\My computer is sending spam messages automatically. How do I stop it - Yahoo! Answers.htm. How do I stop it - Yahoo! Answers
[2009.07.01 12:44:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\My computer is sending spam messages automatically. How do I stop it - Yahoo! Answers.htm_files
[2009.07.01 10:57:09 | 00,107,327 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Books of The Times - ‘Last Journey’ by Darrell Griffin Sr. - A Mourning Father’s Tribute to the Son He Lost in War - Review - NYTimes.htm
[2009.07.01 10:57:08 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Books of The Times - ‘Last Journey’ by Darrell Griffin Sr. - A Mourning Father’s Tribute to the Son He Lost in War - Review - NYTimes_files
[2009.07.01 09:30:05 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\My computer is sending out SPAM [RESOLVED]_files
[2009.07.01 09:30:03 | 00,095,026 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\My computer is sending out SPAM [RESOLVED].htm
[2009.07.01 08:56:25 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go![PRINT_files
[2009.07.01 08:56:24 | 00,054,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go![PRINT.htm
[2009.07.01 08:21:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lenny\Desktop\OTL.exe
[2009.07.01 08:19:04 | 00,138,807 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Dokument1.rtf
[2009.06.30 22:56:52 | 00,173,119 | ---- | C] (Eric_71) -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Rooter.exe
[2009.06.30 22:55:54 | 00,040,998 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\report to send 30th.odt
[2009.06.30 21:56:22 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Interpretation der Datei Windowsupdate_files
[2009.06.30 21:51:27 | 00,091,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Dokument.rtf
[2009.06.30 20:09:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009.06.30 19:58:17 | 00,009,583 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Fehlernummer 0x8024D007 [Archiv] - XPdiskussion.htm
[2009.06.30 19:58:17 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Fehlernummer 0x8024D007 [Archiv] - XPdiskussion_files
[2009.06.30 19:41:02 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! – Tech experts answer your questions_files
[2009.06.30 19:41:00 | 00,068,461 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! – Tech experts answer your questions.htm
[2009.06.30 19:25:59 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lenny\Desktop\TFC.exe
[2009.06.30 19:21:18 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! [Powered by Invision Power Board]_files
[2009.06.30 19:21:17 | 00,054,753 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! [Powered by Invision Power Board].htm
[2009.06.30 19:10:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Defaultgooglechromeprofilestuff
[2009.06.30 17:34:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Google Chrome crashes 'Whoa! Google Chrome has crashed.' - Google Chrome Help.htm_files
[2009.06.30 14:45:12 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\BBC NEWS Science & Environment Ladybird 'risk to 1,000 species'_files
[2009.06.30 14:45:10 | 00,063,594 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\BBC NEWS Science & Environment Ladybird 'risk to 1,000 species'.htm
[2009.06.30 14:14:31 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\PRISM
[2009.06.30 14:04:46 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared
[2009.06.30 14:04:39 | 00,000,971 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk
[2009.06.30 13:06:01 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\JUNE3009sort
[2009.06.29 17:13:39 | 00,001,208 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012UA.job
[2009.06.29 17:13:38 | 00,001,156 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012Core.job
[2009.06.29 12:49:41 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\SBTAX DOCS 2007 2008
[2009.06.27 08:15:06 | 00,000,124 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZEN Media Explorer.lnk
[2009.06.27 07:59:48 | 00,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2009.06.26 15:14:51 | 00,000,799 | ---- | C] () -- C:\Dokumente und Einstellungen\Lenny\Desktop\Archlord.lnk
[2009.06.26 15:05:45 | 00,000,000 | ---D | C] -- C:\Programme\Codemasters
[2009.06.16 11:53:22 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\HOUSE PURCHASE
[2009.06.14 14:51:06 | 00,000,000 | ---D | C] -- C:\GAMIGO
[2009.06.10 17:12:01 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009.06.10 10:49:08 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Anwendungsdaten\Malwarebytes
[2009.06.10 10:48:52 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.06.10 10:48:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2009.06.10 10:48:48 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.06.10 10:48:48 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.06.10 10:27:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.06.10 10:25:53 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009.06.10 07:54:52 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\aMALWAREREMOVAL
[2009.06.09 22:56:27 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2009.06.09 21:28:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Anwendungsdaten\PC Tools
[2009.06.09 21:28:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2009.06.09 20:18:49 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009.06.09 20:18:26 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009.06.09 20:18:26 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009.06.09 20:17:27 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2009.06.09 20:17:26 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009.06.09 20:16:36 | 00,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2009.06.09 20:10:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
[2009.06.09 20:10:15 | 00,001,044 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.06.09 09:48:26 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\JUNETEMP0609
[2009.04.19 18:52:19 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009.03.10 14:37:06 | 00,000,227 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2009.01.05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008.09.12 14:12:31 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.06.10 19:50:37 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.27 13:28:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2008.02.27 13:28:28 | 00,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2008.02.22 19:03:44 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.02.22 19:03:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.02.22 19:03:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008.02.07 19:30:12 | 00,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2008.02.07 19:30:11 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2008.02.02 17:32:59 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Tkkg_6.ini
[2007.12.31 16:53:11 | 00,000,055 | ---- | C] () -- C:\WINDOWS\Tkkg_2.ini
[2007.06.09 23:25:50 | 00,000,135 | ---- | C] () -- C:\WINDOWS\WMACutjoin.ini
[2006.08.22 20:06:24 | 00,000,100 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006.07.12 20:26:03 | 00,002,293 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.28 18:12:24 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006.06.28 18:12:23 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006.02.08 19:45:41 | 00,000,084 | ---- | C] () -- C:\WINDOWS\EmperorEdit.INI
[2006.02.08 15:59:05 | 00,000,323 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006.02.05 14:40:29 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006.02.05 14:40:29 | 00,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006.02.05 14:40:29 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006.01.24 20:08:29 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006.01.24 11:31:20 | 00,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.01.14 23:40:54 | 00,385,024 | ---- | C] () -- C:\WINDOWS\_MWOLTB.DLL
[2006.01.10 12:36:26 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.05 21:48:14 | 00,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2006.01.05 21:48:03 | 00,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2006.01.05 21:48:03 | 00,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2006.01.05 21:48:03 | 00,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006.01.02 21:35:21 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005.12.05 16:20:42 | 00,000,063 | ---- | C] () -- C:\WINDOWS\G403te_K.INI
[2005.12.05 16:14:31 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2005.12.05 16:12:13 | 00,000,063 | ---- | C] () -- C:\WINDOWS\G403me_K.INI
[2005.12.05 16:08:28 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2005.12.04 20:32:33 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.11.29 13:36:02 | 00,000,014 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2005.11.23 16:45:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.23 16:41:36 | 00,000,448 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.11.23 16:16:38 | 00,000,413 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.08.12 23:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.06.22 13:37:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.09.16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004.09.16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004.08.18 15:26:49 | 00,000,942 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.18 15:15:48 | 00,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.18 15:05:45 | 00,000,779 | ---- | C] () -- C:\WINDOWS\win.ini
[2004.08.18 15:05:42 | 00,000,274 | ---- | C] () -- C:\WINDOWS\system.ini
[2004.08.18 15:05:22 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2002.12.27 23:33:36 | 00,002,129 | ---- | C] () -- C:\WINDOWS\lexbar.ini
[1997.06.14 13:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009.07.02 19:18:01 | 00,001,208 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012UA.job
[2009.07.02 17:18:03 | 00,001,156 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-644034737-2025439754-3436451768-1012Core.job
[2009.07.02 16:00:02 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2009.07.02 14:13:11 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.07.02 11:46:41 | 00,058,146 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\DB BAHN - Verbindungen - Ihre Auskunft.htm
[2009.07.02 08:44:24 | 00,131,574 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\win32 heur nightmare - Tech Support Forum.htm
[2009.07.02 08:39:36 | 00,077,108 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Trojan.win32.fraudpack.gen
[2009.07.02 08:35:53 | 00,022,594 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Troj Dwnldr-HHM Trojan (Win32 TrojanDownloader.Delf.ODS, Trojan.Win32.FraudPack.gen) - Sophos security analysis.htm.gen) - Sophos security analysis
[2009.07.02 07:04:30 | 00,027,927 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Trojan Trojan Removal Instructions.htm
[2009.07.02 06:48:48 | 00,003,746 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\kasperskymycomp.html
[2009.07.02 02:14:37 | 00,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009.07.01 18:47:14 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009.07.01 18:45:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.07.01 18:45:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.07.01 17:06:07 | 00,020,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Kasp1.html
[2009.07.01 16:17:22 | 00,027,771 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Kaspersky Lab Anti-Virus, Internet Security, Mobile Security & Antiviren-Software und Services für Unternehmen.htm
[2009.07.01 16:10:50 | 00,101,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Kaspersky Online-Scanner (für Java) 7_0 Deutsch, Download bei heise.htm
[2009.07.01 15:41:07 | 00,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.07.01 15:24:49 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Lenny\Desktop\mbam-setup.exe
[2009.07.01 15:15:34 | 00,208,653 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Preventing Malware and Safe Computing.htm
[2009.07.01 14:05:37 | 00,000,274 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.07.01 14:01:51 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.07.01 13:42:47 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009.07.01 13:33:33 | 03,044,714 | R--- | M] () -- C:\Dokumente und Einstellungen\Lenny\Desktop\ComboFix.exe
[2009.07.01 12:44:49 | 00,059,474 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\My computer is sending spam messages automatically. How do I stop it - Yahoo! Answers.htm. How do I stop it - Yahoo! Answers
[2009.07.01 10:57:08 | 00,107,327 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Books of The Times - ‘Last Journey’ by Darrell Griffin Sr. - A Mourning Father’s Tribute to the Son He Lost in War - Review - NYTimes.htm
[2009.07.01 09:30:05 | 00,095,026 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\My computer is sending out SPAM [RESOLVED].htm
[2009.07.01 08:56:25 | 00,054,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go![PRINT.htm
[2009.07.01 08:52:32 | 00,138,807 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Dokument1.rtf
[2009.07.01 08:21:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lenny\Desktop\OTL.exe
[2009.07.01 08:19:37 | 00,040,998 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\report to send 30th.odt
[2009.07.01 08:08:35 | 00,091,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Dokument.rtf
[2009.06.30 22:56:54 | 00,173,119 | ---- | M] (Eric_71) -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Rooter.exe
[2009.06.30 19:58:17 | 00,009,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Fehlernummer 0x8024D007 [Archiv] - XPdiskussion.htm
[2009.06.30 19:41:02 | 00,068,461 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! – Tech experts answer your questions.htm
[2009.06.30 19:26:01 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lenny\Desktop\TFC.exe
[2009.06.30 19:21:18 | 00,054,753 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\Geeks to Go! [Powered by Invision Power Board].htm
[2009.06.30 14:45:12 | 00,063,594 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Eigene Dateien\BBC NEWS Science & Environment Ladybird 'risk to 1,000 species'.htm
[2009.06.30 14:21:53 | 00,053,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.30 14:14:32 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.30 14:04:39 | 00,000,971 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer.lnk
[2009.06.30 14:03:17 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009.06.30 14:03:17 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009.06.30 14:03:16 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009.06.26 15:14:51 | 00,000,799 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Desktop\Archlord.lnk
[2009.06.23 22:07:51 | 00,002,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Lenny\Desktop\Google Chrome.lnk
[2009.06.17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.06.17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.06.13 14:23:51 | 00,075,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009.06.08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >
  • 0

#10
Rorschach112
Posted 02 July 2009 - 01:10 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.




Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
Expat54
Posted 02 July 2009 - 01:57 PM

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Clean huh???

Hey that`s great. You folks at geekstogo are the cats pj`s !!!

Can you please quickly address these final questions before you close this thread?


Should I delete the other stuff Kaspersky found (other than the one you told me to
delete.)


I have learned that the Windows firewall is sort of weak. Do you have a favorite security package? I was considering upgrading to Avira Premium to get their firewall but the free version didn`t find these infections.


Thanks for all the security suggestions. I`ll incorporate as many as I can. You suggest the Mozilla browser as more secure. I mostly use Goggle Chrome ... how does it rate for security?


I`ll reserve my other questions for a different forum.

Call this one resolved!
Thanks again
  • 0

#12
Rorschach112
Posted 02 July 2009 - 04:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
my previous post will automatically delete those things kaspersky found

I like sunbelt firewall

Chrome is pretty safe as well, stick to that
  • 0

#13
Rorschach112
Posted 05 July 2009 - 01:33 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP