"Festplatte beschädigt" - TR/Crypt.XPACK.GEN3

deckbett · 23.06.2011, 17:49

Hallo!

Da hat mich ja was übles erwischt, einer dieser komischen XPACK-Trojaner, die - wie ich schon gesehen habe - gerade recht häufig auftreten? Wo kommt dieser Mist denn bloß her?

Bei mir kam aus dem Nichts die Viren-Meldung durch Avira. Desktop wurde schwarz, alle Dateien und Programmordner "weg"! Dafür dieses blöde Rescue-Ding.

Nun habe ich in anderen Beiträgen bereits gelesen, dass ein Vollscan durch Malwarebytes gemacht werden soll, anschließend OTL, Kaspersky, etc.

Soll ich dies hier Schritt für Schritt durchführen? Benutze gerade mein Notebook und würde damit erstmal diese Programme runterladen. Funktioniert die Ausführung auf dem betroffenen Rechner denn so einfach? Habe Angst, dass dabei wirklich was flöten geht.

Mag mir jemand dabei zur Hand gehen?!

Vielen Dank für eure Hilfe und die Anleitung dazu! Habe ja die Hoffnung, dass das dank euch wieder funktionieren wird. ;-)

Malwarebytes läuft gerade...

So, nach gefühlten Ewigkeiten nun die Log-Datei 1. vor und 2. nach dem Löschen der Schädlinge durch Malwarebytes.

Bisheriges Ergebnis nach dem Neustart: Fehlermeldungen bleiben aus, Desktopsymbole aber weiterhin nicht sichtbar, Programme und Ordner nicht abrufbar.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Datenbank Version: 6928
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
 
23.06.2011 21:45:50
mbam-log-2011-06-23 (21-45-05).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 369347
Laufzeit: 1 Stunde(n), 29 Minute(n), 5 Sekunde(n)
 
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
 
Infizierte Speicherprozesse:
c:\programdata\wxoeawgltnnf.exe (Trojan.FraudPack.PF) -> 532 -> No action taken.
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wXOeAwgLTnnf (Trojan.FraudPack.PF) -> Value: wXOeAwgLTnnf -> No action taken.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\programdata\wxoeawgltnnf.exe (Trojan.FraudPack.PF) -> No action taken.
c:\program files\clearprog\eBay\ebayshortcuts.exe (Adware.ADON) -> No action taken.
c:\programdata\31842040.exe (Trojan.FraudPack.PF) -> No action taken.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Datenbank Version: 6928
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
 
23.06.2011 21:45:56
mbam-log-2011-06-23 (21-45-56).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 369347
Laufzeit: 1 Stunde(n), 29 Minute(n), 5 Sekunde(n)
 
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
 
Infizierte Speicherprozesse:
c:\programdata\wxoeawgltnnf.exe (Trojan.FraudPack.PF) -> 532 -> Unloaded process successfully.
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wXOeAwgLTnnf (Trojan.FraudPack.PF) -> Value: wXOeAwgLTnnf -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\programdata\wxoeawgltnnf.exe (Trojan.FraudPack.PF) -> Quarantined and deleted successfully.
c:\program files\clearprog\eBay\ebayshortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
c:\programdata\31842040.exe (Trojan.FraudPack.PF) -> Quarantined and deleted successfully.

So, habe jetzt auch OTL durchgeführt, es folgen OTL.txt und Extras.txt. Dabei sind mir im ersten Logfile merkwürdige 100sexlinks-hosts aufgefallen. Macht mir ja ein bisschen Angst... Sind da jetzt Daten von mir gefährdet?

Wie muss ich weiter vorgehen?

Code:

ATTFilter

OTL logfile created on: 24.06.2011 09:15:05 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 69,20% Memory free
7,16 Gb Paging File | 6,21 Gb Available in Paging File | 86,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,16 Gb Total Space | 161,49 Gb Free Space | 55,27% Space Free | Partition Type: NTFS
Drive D: | 5,93 Gb Total Space | 0,88 Gb Free Space | 14,84% Space Free | Partition Type: NTFS
Drive J: | 120,23 Mb Total Space | 110,67 Mb Free Space | 92,05% Space Free | Partition Type: FAT
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (HCWU2DTD) -- C:\Windows\System32\drivers\hcwu2dtd.sys (Hauppauge Computer Works)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HCWU2DTL) -- C:\Windows\System32\drivers\hcwu2dtl.sys (Hauppauge Computer Works)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 A8 69 2B 2C 24 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de) "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.21
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 07:18:06 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 12:23:09 | 000,000,000 | -H-D | M]
 
[2010.11.10 16:26:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.06.01 21:17:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions
[2011.02.15 13:42:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}-trash
[2011.06.01 21:17:48 | 000,000,000 | -H-D | M] (German Dictionary) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.06.01 21:17:49 | 000,000,000 | -H-D | M] (British English Dictionary) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.04.05 07:28:12 | 000,000,000 | -H-D | M] (GoogleSharing) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org
[2011.04.05 07:28:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2011.04.05 07:28:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2011.04.05 07:28:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2010.11.10 17:28:16 | 000,001,094 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\abkuerzungende.xml
[2010.11.10 17:28:46 | 000,001,211 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\amazonde-.xml
[2010.11.10 17:31:05 | 000,001,788 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\ardapedia.xml
[2010.11.10 17:28:58 | 000,001,887 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\bookbutler.xml
[2010.11.10 17:31:46 | 000,001,167 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\club300-fotos-d.xml
[2010.11.10 17:32:08 | 000,001,169 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\club300-fotos-wp.xml
[2010.11.10 17:29:49 | 000,001,036 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\dictcc-de---en.xml
[2010.11.10 17:30:10 | 000,000,451 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\filmstartsde.xml
[2010.11.10 17:29:11 | 000,000,924 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\jokersde.xml
[2010.11.10 17:30:34 | 000,001,490 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\lastfm.xml
[2010.11.10 17:30:47 | 000,001,603 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\lautde.xml
[2010.11.10 17:29:33 | 000,001,884 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\leo-de---en.xml
[2011.01.28 19:49:47 | 000,001,707 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\naturguckerde.xml
[2010.11.10 17:27:05 | 000,001,162 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wikipedia-de-.xml
[2010.11.10 17:27:18 | 000,001,151 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wikipedia-en.xml
[2010.11.10 17:27:54 | 000,001,156 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wiktionary.xml
[2010.11.10 17:26:30 | 000,000,723 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wissende.xml
[2011.05.03 07:18:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.02.15 15:56:40 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZP24T3H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.04.14 18:40:03 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.01 11:03:51 | 000,435,945 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    163ns.com
O1 - Hosts: 15001 more lines...
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2cf1e437-7876-11df-bbfb-001a92eb8022}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf1e437-7876-11df-bbfb-001a92eb8022}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8842034a-1f22-11dc-8034-001a92eb8022}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Recycled\ctfmon.exe
O33 - MountPoints2\{8842034a-1f22-11dc-8034-001a92eb8022}\Shell\Open(&0)\command - "" = J:\Recycled\ctfmon.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.24 09:14:40 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.06.23 19:28:14 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2011.06.23 19:28:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.23 19:27:59 | 000,039,984 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.23 19:27:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.06.23 19:27:50 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.06.23 19:26:13 | 009,435,312 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.23 13:39:01 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
[2011.06.20 17:49:04 | 000,000,000 | -H-D | C] -- C:\Users\*****\Desktop\Klausuren_PhyGeo_WiGeo
[2011.06.18 12:22:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.06.15 18:54:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.15 18:54:25 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.06.15 18:54:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.06.15 18:54:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.04 14:43:27 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Corel
[2011.06.04 14:43:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CorelDRAW Home & Student Suite X5
[2011.06.04 08:30:45 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\Meine Paletten
[2011.06.04 08:30:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Protexis
[2011.06.02 11:53:25 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\vlc
[2011.06.02 11:36:13 | 000,053,248 | -H-- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2011.06.02 11:27:00 | 000,000,000 | -H-D | C] -- C:\Program Files\SystemRequirementsLab
[2011.06.02 11:20:54 | 000,022,504 | -H-- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2011.06.02 11:20:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
[2011.06.02 11:20:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CPU-Z
[2011.06.01 23:00:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.06.01 22:59:48 | 000,000,000 | -H-D | C] -- C:\Program Files\VLC
[2011.06.01 21:30:21 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Opera
[2011.06.01 21:29:55 | 000,000,000 | RH-D | C] -- C:\Users\*****\Downloads
[2011.06.01 12:34:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.06.01 12:34:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.06.01 12:34:43 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.06.01 12:34:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.06.01 12:34:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.06.01 12:34:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.01 12:34:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.06.01 12:34:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.06.01 12:34:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.06.01 12:34:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.01 12:34:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.06.01 12:34:42 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.01 12:34:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.06.01 12:34:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.06.01 12:34:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.06.01 12:34:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.06.01 12:34:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.06.01 12:34:41 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.06.01 12:34:41 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.01 12:34:41 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.06.01 12:34:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.06.01 12:34:41 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.06.01 12:34:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.06.01 12:34:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.01 12:34:40 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.06.01 12:34:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.06.01 12:34:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.06.01 12:34:40 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.06.01 12:34:40 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.01 12:34:40 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.06.01 12:34:40 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.06.01 12:34:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.06.01 12:34:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.01 12:34:40 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.06.01 12:34:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.01 10:57:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.05.31 07:41:12 | 000,000,000 | -H-D | C] -- C:\Program Files\MSECache
[2011.05.27 22:59:13 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite
[2011.05.27 22:12:36 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.05.27 22:12:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.05.27 22:12:33 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\Notepad++
[2011.05.27 22:12:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Notepad++
[2011.05.27 21:51:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\NokiaAccount
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.24 09:13:31 | 000,001,098 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.24 09:13:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.24 09:13:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.24 09:12:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.24 09:08:22 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.06.23 21:46:00 | 000,001,102 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.23 19:29:17 | 000,638,510 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.23 19:29:17 | 000,604,126 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.23 19:29:17 | 000,130,462 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.23 19:29:17 | 000,107,562 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.23 19:25:21 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~31842040
[2011.06.23 19:25:21 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~31842040r
[2011.06.23 19:20:34 | 009,435,312 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.23 13:47:09 | 000,000,336 | -H-- | M] () -- C:\ProgramData\31842040
[2011.06.23 13:41:57 | 000,000,392 | -H-- | M] () -- C:\ProgramData\31317752
[2011.06.23 13:39:03 | 000,000,593 | -H-- | M] () -- C:\Users\*****\Desktop\Windows Vista Repair.lnk
[2011.06.23 13:39:03 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~31317752
[2011.06.23 13:39:03 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~31317752r
[2011.06.20 13:18:54 | 000,000,030 | -H-- | M] () -- C:\Windows\Iedit_.INI
[2011.06.02 11:42:26 | 000,508,128 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.01 12:35:02 | 000,008,798 | -H-- | M] () -- C:\Windows\System32\icrav03.rat
[2011.06.01 12:35:02 | 000,001,988 | -H-- | M] () -- C:\Windows\System32\ticrf.rat
[2011.06.01 12:34:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.06.01 12:34:43 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.06.01 12:34:43 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.06.01 12:34:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.06.01 12:34:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.06.01 12:34:43 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.01 12:34:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.06.01 12:34:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.06.01 12:34:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.06.01 12:34:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.01 12:34:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.06.01 12:34:42 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.01 12:34:42 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.06.01 12:34:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.06.01 12:34:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.06.01 12:34:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.06.01 12:34:42 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.06.01 12:34:42 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.06.01 12:34:41 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.06.01 12:34:41 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.01 12:34:41 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.06.01 12:34:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.06.01 12:34:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.06.01 12:34:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.06.01 12:34:41 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.01 12:34:40 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.06.01 12:34:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.06.01 12:34:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.06.01 12:34:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.06.01 12:34:40 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.01 12:34:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.06.01 12:34:40 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.06.01 12:34:40 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.06.01 12:34:40 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.01 12:34:40 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.06.01 12:34:40 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.01 11:03:51 | 000,435,945 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.29 09:11:30 | 000,039,984 | -H-- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.27 23:00:44 | 000,022,016 | -H-- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.23 13:47:29 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~31842040
[2011.06.23 13:47:29 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~31842040r
[2011.06.23 13:47:09 | 000,000,336 | -H-- | C] () -- C:\ProgramData\31842040
[2011.06.23 13:39:03 | 000,000,593 | -H-- | C] () -- C:\Users\*****\Desktop\Windows Vista Repair.lnk
[2011.06.23 13:39:03 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~31317752
[2011.06.23 13:39:03 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~31317752r
[2011.06.23 13:38:16 | 000,000,392 | -H-- | C] () -- C:\ProgramData\31317752
[2011.06.01 12:34:42 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.01.10 12:09:35 | 000,393,256 | -H-- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2010.03.25 18:11:47 | 000,000,000 | -H-- | C] () -- C:\Windows\OpPrintServer.INI
[2010.03.25 18:06:34 | 000,007,680 | -H-- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2010.03.01 20:03:40 | 000,000,030 | -H-- | C] () -- C:\Windows\Iedit_.INI
[2010.02.19 22:48:59 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.08.06 18:48:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.06 18:46:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.16 01:41:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.18 20:51:06 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008.03.25 16:56:08 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007.11.30 13:43:22 | 000,073,216 | -H-- | C] () -- C:\Windows\cadkasdeinst01.exe
[2007.11.28 21:05:39 | 000,000,120 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2007.11.06 09:55:50 | 000,000,021 | -H-- | C] () -- C:\Windows\PMK35_SETUP.ini
[2007.10.31 18:54:28 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1364.dll
[2007.10.23 14:03:27 | 000,064,466 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\mdb.bin
[2007.10.12 17:01:07 | 000,000,096 | -H-- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2007.10.02 13:52:25 | 000,217,088 | RH-- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2007.10.02 13:41:18 | 000,217,088 | RH-- | C] () -- C:\Users\*****\AppData\Roaming\MafiaSetup.exe
[2007.08.24 20:46:48 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.06.30 19:41:36 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\dmcrypto.dll
[2007.06.30 19:41:23 | 000,000,135 | -H-- | C] () -- C:\Windows\ODBC.INI
[2007.06.30 19:41:22 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2007.06.30 19:41:20 | 000,151,552 | -H-- | C] () -- C:\Windows\System32\hcwChDB.dll
[2007.06.30 19:39:58 | 000,002,796 | -H-- | C] () -- C:\Windows\HCWPNP.INI
[2007.06.26 16:47:14 | 000,000,533 | -H-- | C] () -- C:\Windows\eReg.dat
[2007.06.24 09:43:44 | 000,114,938 | -H-- | C] () -- C:\Windows\hpqins13.dat
[2007.06.21 10:22:42 | 000,000,305 | -H-- | C] () -- C:\ProgramData\addr_file.html
[2007.06.18 15:22:31 | 000,022,016 | -H-- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.16 23:40:17 | 000,028,915 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\UserTile.png
[2007.06.16 16:39:55 | 000,097,312 | -H-- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2007.03.23 05:31:29 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007.03.23 05:28:35 | 000,638,510 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2007.03.23 05:28:35 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2007.03.23 05:28:35 | 000,130,462 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2007.03.23 05:28:35 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.22 20:45:35 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007.03.22 20:42:25 | 000,327,680 | -H-- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007.03.22 20:42:25 | 000,102,400 | -H-- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007.03.06 11:49:42 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007.01.10 13:56:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,508,128 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,126 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,562 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 00:00:40 | 000,520,192 | -H-- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.08.11 00:00:40 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.06.23 11:09:34 | 000,019,968 | RH-- | C] () -- C:\Windows\System32\cpuinf32.dll
[2002.03.21 14:39:02 | 000,073,728 | RH-- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2002.03.20 21:01:06 | 000,006,688 | RH-- | C] () -- C:\Windows\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | RH-- | C] () -- C:\Windows\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | RH-- | C] () -- C:\Windows\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | RH-- | C] () -- C:\Windows\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | RH-- | C] () -- C:\Windows\System32\TransportIrCOMM.dll
 
========== LOP Check ==========
 
[2007.06.27 20:27:29 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ACD Systems
[2011.04.20 11:18:41 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\AeroSnapApp
[2010.03.14 22:29:21 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Amazon
[2007.09.19 17:24:33 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Audacity
[2011.01.10 12:30:25 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Canon
[2010.11.24 15:35:25 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\CD-LabelPrint
[2011.02.20 16:13:52 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2007.12.23 13:57:43 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\FrostWire
[2011.01.28 09:41:39 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Gutscheinmieze
[2007.10.10 16:19:12 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ICAClient
[2011.06.21 19:04:52 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2007.06.16 21:16:37 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ICQ Toolbar
[2007.06.16 21:18:45 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ICQLite
[2010.08.29 17:47:45 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\InfoRapid KnowledgeMap
[2007.11.06 14:43:52 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Nikon
[2011.06.02 13:40:04 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2011.06.02 13:40:05 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite
[2011.05.27 22:12:59 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Notepad++
[2009.08.07 10:02:18 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2011.06.01 21:41:54 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2010.12.02 15:44:22 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Orbit
[2011.01.09 21:33:13 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2007.06.16 23:46:17 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\PeerNetworking
[2010.12.02 15:41:15 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ProgSense
[2011.02.05 11:12:26 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Software4u
[2011.02.09 15:08:45 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Swiss Academic Software
[2007.06.16 20:43:58 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Template
[2007.06.20 17:13:43 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2007.10.07 17:15:24 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2009.12.22 12:45:36 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2007.06.18 13:45:32 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\WinBatch
[2011.06.23 22:36:28 | 000,032,510 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 24.06.2011 09:15:05 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 69,20% Memory free
7,16 Gb Paging File | 6,21 Gb Available in Paging File | 86,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,16 Gb Total Space | 161,49 Gb Free Space | 55,27% Space Free | Partition Type: NTFS
Drive D: | 5,93 Gb Total Space | 0,88 Gb Free Space | 14,84% Space Free | Partition Type: NTFS
Drive J: | 120,23 Mb Total Space | 110,67 Mb Free Space | 92,05% Space Free | Partition Type: FAT
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3154840364-857642331-359066050-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3154840364-857642331-359066050-1007]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46F1FB8F-B9B5-46FC-8A76-4E968AE60BB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{59CE40F6-1F41-41DD-89B9-37AC3CC4BD7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{69C004FD-0511-4B89-9386-18CD2C22378E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6B137440-1497-421A-8EF2-5F8FFC411DEC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7BFAF25A-38C6-4BFF-91FD-35D2D27DFA45}" = lport=137 | protocol=17 | dir=in | app=system | 
"{843EC9EA-CBF4-4AE3-943F-DA042866F7D8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9BC3842D-EC22-4F0C-9DB1-8E26B28D15FB}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | 
"{B02B64D7-6C01-4196-BFEC-0FE2CAAE485A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B4D8709F-174F-424C-B0C8-1CEB1412FACB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D3D078A3-73A1-4B2F-82B8-1B0D394A8F22}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3FA0E18-AB75-4879-BBB0-703C07166E8A}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | 
"{FCF96072-7C83-4ADB-9BBC-08BA2245AB6B}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31CE8977-CF4B-4D4A-935E-3358F419F75E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{3494ACDF-4394-4E32-988C-DC1B5B640F5F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{373EA412-9C9B-41A7-B4DB-3A1A31EE649F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3D31E802-5404-4346-938F-C08F95C14EA7}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{3EFE3451-9143-4A8F-B0E0-1B4A03DF5292}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{43B2A958-7BE4-441C-85A6-57C02D23703F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4C4EF4A7-1B0C-4F79-AF21-9361EF6E2968}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{615DC410-8A66-4337-BB41-F1BFA9F4F9A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61B4ADC1-6DD2-4BA3-964A-A53DF14C2087}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{801F25DE-94E5-4575-80FC-256558864074}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{857A104D-4909-4F4C-A64F-F1F635AA11DB}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{9D1490D6-30E5-490B-B1C2-277AB7B35391}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A4A45014-8AD8-4519-AD01-D2EABBB9983D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AE527263-7C5C-4FB5-A786-BBA63261E7B8}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{B1761E96-35B2-4173-B19E-94AFDA8F66A3}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BAE466A5-8A96-4F9D-9643-9374BA2A831C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C221AEED-3C47-40B4-B702-46EC64F1715C}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{C899516A-8DF2-475D-9CE5-B8C7105691D9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{DD83C523-57B3-49B3-AA7B-68A0E361F5B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{2BF13BDE-A49F-4991-9561-714A718745DF}E:\bin\win32\player.exe" = protocol=6 | dir=in | app=e:\bin\win32\player.exe | 
"TCP Query User{2FE38655-17FE-4BE4-9B1A-D979E0D59F93}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{62A90A24-08AD-4DC0-80AA-041B7730568C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{745EC40F-68B1-4E45-BBC6-50CCE1916CF4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{84F5D283-9558-40D6-A51E-DEC08190FEA4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9460DF45-51C5-4C3A-AEFC-BF35AA20415C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CCC4128F-49B8-41A0-816B-29B68E35CDF9}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"TCP Query User{D5DE1C5E-3FDC-435E-B518-771509FB0370}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F9FD911D-B788-4ACB-91F0-D4DCE80E3898}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{01087E94-1B4A-485D-8BD9-633720CBF86E}E:\bin\win32\player.exe" = protocol=17 | dir=in | app=e:\bin\win32\player.exe | 
"UDP Query User{32509996-C047-4D33-82A9-9CB36D7830F5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{500309D8-6500-45BC-8DD1-C61746967634}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"UDP Query User{51388839-FCF5-41A3-8456-A986094CC65A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{68DB9B9E-E98B-4C5B-B6A2-21AC37E792C9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{818EE3B6-6353-4D3E-ABE2-C7B9468E7EA7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{821FE946-8910-4EA4-98BB-5622D22AF786}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E440117D-C18C-459A-8E51-6CF5DA591CA6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E63EB759-79BB-4C47-846A-E133AC1B623E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Home & Student Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content
"{031340C8-1733-40FE-BF52-83B599021BA9}" = CorelDRAW Graphics Suite X5 - IPM HSE
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{3463EABB-47C9-454D-BF13-474CAE5A9DA7}" = INKAR 2009
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{356658C7-8C60-4A43-AF50-75CA8E642934}" = CorelDRAW Graphics Suite X5 - CZ
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{48C503D7-15A0-414A-B32E-0EFFA13B68E2}" = CorelDRAW Home & Student Suite X5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{938C2383-A692-4D2C-AE45-024F91EF7B1D}" = CorelDRAW Graphics Suite X5 - PL
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CA12DA1D-25DD-4495-92D5-B1DE65D43C77}" = CorelDRAW Graphics Suite X5 - RU
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.6.0 Final
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"EAX Unified" = EAX Unified
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"SpywareBlaster_is1" = SpywareBlaster 4.4
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Schweizer Weltatlas" = Schweizer Weltatlas
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2010 08:17:01 | Computer Name = *****-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 15.03.2010 02:47:27 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:27 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:28 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:28 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:29 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:29 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2010 07:41:24 | Computer Name = *****-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 19.03.2010 07:41:26 | Computer Name = *****-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 20.03.2010 11:03:21 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3667 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: fc8  Anfangszeit: 01cac80eb120e7a8  Zeitpunkt der Beendigung:
 212
 
[ Media Center Events ]
Error - 19.03.2011 15:54:02 | Computer Name = *****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 19.03.2011 18:35:08 | Computer Name = *****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 22.03.2011 14:36:42 | Computer Name = *****-PC | Source = Media Center Guide | ID = 4
Description = Ereignisinformationen: Unbekannter Verbindungsfehler. Windows Media
 Center konnte keine Internetverbindung herstellen. Weitere Informationen finden
 Sie in der Hilfe. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
 
 
Error - 02.05.2011 18:02:24 | Computer Name = *****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
[ OSession Events ]
Error - 19.01.2011 04:44:37 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 245
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 23.05.2011 10:17:25 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5639
 seconds with 4320 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.06.2011 16:34:53 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 23.06.2011 16:36:23 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 24.06.2011 03:13:24 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.06.2011 03:13:47 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 24.06.2011 03:15:17 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 24.06.2011 03:15:29 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.06.2011 03:15:29 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.06.2011 03:16:47 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 24.06.2011 03:18:17 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 24.06.2011 03:19:47 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

Könnte mir bitte auch jemand weiterhelfen?! :-/

M-K-D-B · 24.06.2011, 16:40

Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Bitte füge alle Logfiles in sog. Codeboxen ein. Das Symbol dafür findest du über dem Textfeld, es sieht in etwa so aus: #.
Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Ich bereite jetzt einen Fix vor und melde mich so bald als möglich mit weiteren Anweisungen.

M-K-D-B · 24.06.2011, 17:04

Hallo deckbett,

Zitat:

Da hat mich ja was übles erwischt, einer dieser komischen XPACK-Trojaner, die - wie ich schon gesehen habe - gerade recht häufig auftreten? Wo kommt dieser Mist denn bloß her?

Bei TR/Crypt.XPACK.GEN3 handelt es sich um eine generische Erkennung von Avira, also aufgrund von Dateiinhalt und Aufbau, der ähnlich wie bekannte Malwaredateien aufgebaut ist.

Zitat:

Soll ich dies hier Schritt für Schritt durchführen? Benutze gerade mein Notebook und würde damit erstmal diese Programme runterladen. Funktioniert die Ausführung auf dem betroffenen Rechner denn so einfach? Habe Angst, dass dabei wirklich was flöten geht.

Mag mir jemand dabei zur Hand gehen?!

Wenn du meine Anleitungen 1:1 umsetzt, sollten wir das Problem beheben können.

Zitat:

Wie muss ich weiter vorgehen?

So gehts weiter:

Schritt # 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
[2011.06.23 19:25:21 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~31842040
[2011.06.23 19:25:21 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~31842040r
[2011.06.23 13:47:09 | 000,000,336 | -H-- | M] () -- C:\ProgramData\31842040
[2011.06.23 13:41:57 | 000,000,392 | -H-- | M] () -- C:\ProgramData\31317752
[2011.06.23 13:39:03 | 000,000,593 | -H-- | M] () -- %USERPROFILE%\Windows Vista Repair.lnk
[2011.06.23 13:39:03 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~31317752
[2011.06.23 13:39:03 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~31317752r
[2007.10.07 17:15:24 | 000,000,000 | -H-D | M] -- %APPDATA%\TuneUp Software
[2007.12.23 13:57:43 | 000,000,000 | -H-D | M] -- %APPDATA%\FrostWire
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

:Commands
[purity]
[Reboot]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 2: Unhide ausführen
Downloade dir bitte unhide.exe (by Grinler) und speichere die Datei auf deinem Desktop.

Schließe alle laufenden Programme.
Starte die unhide.exe mit Rechtsklick "als Administrator ausführen".
Das Tool kann eine Weile brauchen.
Wenn das Tool seine Arbeit getan hat, wird eine Nachricht aufpoppen "Your files should now be visible"
Starte den Rechner neu auf.

Schritt # 3: GMER Rootkitscan
Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan den Rechner neu starten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt # 4: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe 
winlogon.exe
wininit.exe
userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 5: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Sind deine Dateien und Ordner wieder sichtbar?
Klicke auf Start. Sind deine Elemente des Startmenüs schon sichtbar?
Welche Probleme gibt es derzeit noch?

Schritt # 6: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des OTL-Fix,
das Logfile von GMER,
das neue Logfile von OTL (OTL.txt) und
die Beantwortung der gestellten Fragen.

deckbett · 24.06.2011, 19:15

So, schonmal folgende Angaben:

Schritt #1
OTL-Scan durchgeführt; Neustart

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{147D6308-0614-4112-89B1-31402F9B82C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147D6308-0614-4112-89B1-31402F9B82C4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
C:\ProgramData\~31842040 moved successfully.
C:\ProgramData\~31842040r moved successfully.
C:\ProgramData\31842040 moved successfully.
C:\ProgramData\31317752 moved successfully.
File %USERPROFILE%\Windows Vista Repair.lnk not found.
C:\ProgramData\~31317752 moved successfully.
C:\ProgramData\~31317752r moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Cache folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens\Cache folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\TuneUp Registry Editor folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\StartUp Manager folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\Disk Space Explorer folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\Dashboard folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Users\*****\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\xml\schemas folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\xml\misc folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\themes\windows_theme folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\themes\frostwire_theme folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\themes\CarbonClassic_theme folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\*****\AppData\Roaming\FrostWire folder moved successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.24.1 log created on 06242011_181619

Schritt #2

Unhide ausgeführt; Neustart

Schritt #3

GMER durchgeführt; Log-Datei gespeichert; Neustart

Code:

ATTFilter

GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-24 19:43:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CP10
Running: otmx0fd8.exe; Driver: C:\Users\*****\AppData\Local\Temp\fgldqkow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\drivers\ACEDRV09.sys                                                                                                                                                            section is writeable [0x80C1C000, 0x3326E, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\ACEDRV09.sys                                                                                                                                                            entry point in ".pklstb" section [0x80C61000]
.relo2          C:\Windows\system32\drivers\ACEDRV09.sys                                                                                                                                                            unknown last section [0x80C7D000, 0x8E, 0x42000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:348]                                                                                                                                                                                      877F1E7A
Thread          System [4:352]                                                                                                                                                                                      877F4008

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                                                                                                             0x65 0x78 0xCA 0x83 ...
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\*****\AppData\Local\Temp\Temp1_SFBT_Park_Set_$$.zip\SFBT_Park-Set \xa7\xa7.exe       1
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\*****\AppData\Local\Temp\Temp1_SFBT_Park_Set_$.zip\SFBT_Park-Set \xa7.exe            1
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\*****\AppData\Local\Temp\Temp1_SFBT_Park_Set_$$$.zip\SFBT_Park-Set \xa7\xa7\xa7.exe  1

---- EOF - GMER 1.0.15 ----

Schritt #4

OTL durchgeführt; Log gespeichert

Code:

ATTFilter

OTL logfile created on: 24.06.2011 19:53:09 - Run 2
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 65,23% Memory free
7,16 Gb Paging File | 6,08 Gb Available in Paging File | 84,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,16 Gb Total Space | 163,29 Gb Free Space | 55,89% Space Free | Partition Type: NTFS
Drive D: | 5,93 Gb Total Space | 0,88 Gb Free Space | 14,84% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (HCWU2DTD) -- C:\Windows\System32\drivers\hcwu2dtd.sys (Hauppauge Computer Works)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HCWU2DTL) -- C:\Windows\System32\drivers\hcwu2dtl.sys (Hauppauge Computer Works)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 A8 69 2B 2C 24 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de) "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.21
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 07:18:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 12:23:09 | 000,000,000 | ---D | M]
 
[2010.11.10 16:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.06.01 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions
[2011.02.15 13:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}-trash
[2011.06.01 21:17:48 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.06.01 21:17:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.04.05 07:28:12 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org
[2011.04.05 07:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2011.04.05 07:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2011.04.05 07:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2010.11.10 17:28:16 | 000,001,094 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\abkuerzungende.xml
[2010.11.10 17:28:46 | 000,001,211 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\amazonde-.xml
[2010.11.10 17:31:05 | 000,001,788 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\ardapedia.xml
[2010.11.10 17:28:58 | 000,001,887 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\bookbutler.xml
[2010.11.10 17:31:46 | 000,001,167 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\club300-fotos-d.xml
[2010.11.10 17:32:08 | 000,001,169 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\club300-fotos-wp.xml
[2010.11.10 17:29:49 | 000,001,036 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\dictcc-de---en.xml
[2010.11.10 17:30:10 | 000,000,451 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\filmstartsde.xml
[2010.11.10 17:29:11 | 000,000,924 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\jokersde.xml
[2010.11.10 17:30:34 | 000,001,490 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\lastfm.xml
[2010.11.10 17:30:47 | 000,001,603 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\lautde.xml
[2010.11.10 17:29:33 | 000,001,884 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\leo-de---en.xml
[2011.01.28 19:49:47 | 000,001,707 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\naturguckerde.xml
[2010.11.10 17:27:05 | 000,001,162 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wikipedia-de-.xml
[2010.11.10 17:27:18 | 000,001,151 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wikipedia-en.xml
[2010.11.10 17:27:54 | 000,001,156 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wiktionary.xml
[2010.11.10 17:26:30 | 000,000,723 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wissende.xml
[2011.05.03 07:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.02.15 15:56:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZP24T3H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.01 11:03:51 | 000,435,945 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	163ns.com
O1 - Hosts: 15001 more lines...
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2cf1e437-7876-11df-bbfb-001a92eb8022}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf1e437-7876-11df-bbfb-001a92eb8022}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8842034a-1f22-11dc-8034-001a92eb8022}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Recycled\ctfmon.exe
O33 - MountPoints2\{8842034a-1f22-11dc-8034-001a92eb8022}\Shell\Open(&0)\command - "" = J:\Recycled\ctfmon.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.24 18:16:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.24 09:14:40 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.06.23 19:28:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2011.06.23 19:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.23 19:27:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.23 19:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.23 19:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.06.23 19:26:13 | 009,435,312 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.23 13:39:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
[2011.06.20 17:49:04 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Klausuren_PhyGeo_WiGeo
[2011.06.18 12:22:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.06.04 14:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2011.06.04 14:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Home & Student Suite X5
[2011.06.04 08:30:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Meine Paletten
[2011.06.04 08:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011.06.02 11:53:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\vlc
[2011.06.02 11:36:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2011.06.02 11:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011.06.02 11:20:54 | 000,022,504 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2011.06.02 11:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
[2011.06.02 11:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\CPU-Z
[2011.06.01 23:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.06.01 22:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\VLC
[2011.06.01 21:30:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Opera
[2011.06.01 21:29:55 | 000,000,000 | R--D | C] -- C:\Users\*****\Downloads
[2011.06.01 10:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.05.31 07:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011.05.27 22:59:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite
[2011.05.27 22:12:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.05.27 22:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.05.27 22:12:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Notepad++
[2011.05.27 22:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011.05.27 21:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaAccount
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.24 19:49:47 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.24 19:48:17 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.24 19:48:17 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.24 19:48:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.24 19:46:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.24 18:38:02 | 000,302,592 | ---- | M] () -- C:\Users\*****\Desktop\otmx0fd8.exe
[2011.06.24 18:32:52 | 000,302,592 | ---- | M] () -- C:\Users\*****\Desktop\058qfw4t.exe
[2011.06.24 18:21:14 | 000,302,592 | ---- | M] () -- C:\Users\*****\Desktop\n7b0d346.exe
[2011.06.24 18:19:18 | 000,684,297 | ---- | M] () -- C:\Users\*****\Desktop\unhide.exe
[2011.06.24 09:08:22 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.06.23 19:29:17 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.23 19:29:17 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.23 19:29:17 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.23 19:29:17 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.23 19:28:00 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.23 19:20:34 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.23 13:39:03 | 000,000,593 | ---- | M] () -- C:\Users\*****\Desktop\Windows Vista Repair.lnk
[2011.06.20 13:18:54 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI
[2011.06.02 11:42:26 | 000,508,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.01 12:35:02 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.06.01 12:35:02 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.06.01 12:34:42 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.06.01 11:03:51 | 000,435,945 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.27 23:00:44 | 000,022,016 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.24 18:38:12 | 000,302,592 | ---- | C] () -- C:\Users\*****\Desktop\otmx0fd8.exe
[2011.06.24 18:32:46 | 000,302,592 | ---- | C] () -- C:\Users\*****\Desktop\n7b0d346.exe
[2011.06.24 18:32:46 | 000,302,592 | ---- | C] () -- C:\Users\*****\Desktop\058qfw4t.exe
[2011.06.24 18:26:53 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.24 18:26:53 | 000,000,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr - Verknüpfung.lnk
[2011.06.24 18:26:49 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.06.24 18:26:49 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.06.24 18:26:49 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.06.24 18:21:00 | 000,684,297 | ---- | C] () -- C:\Users\*****\Desktop\unhide.exe
[2011.06.23 13:39:03 | 000,000,593 | ---- | C] () -- C:\Users\*****\Desktop\Windows Vista Repair.lnk
[2011.06.01 12:34:42 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.01.10 12:09:35 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2010.03.25 18:11:47 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010.03.25 18:06:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2010.03.01 20:03:40 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2010.02.19 22:48:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.06 18:48:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.06 18:46:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.16 01:41:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.18 20:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008.03.25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007.11.30 13:43:22 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2007.11.28 21:05:39 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2007.11.06 09:55:50 | 000,000,021 | ---- | C] () -- C:\Windows\PMK35_SETUP.ini
[2007.10.31 18:54:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1364.dll
[2007.10.23 14:03:27 | 000,064,466 | ---- | C] () -- C:\Users\*****\AppData\Roaming\mdb.bin
[2007.10.12 17:01:07 | 000,000,096 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2007.10.02 13:52:25 | 000,217,088 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2007.10.02 13:41:18 | 000,217,088 | R--- | C] () -- C:\Users\*****\AppData\Roaming\MafiaSetup.exe
[2007.08.24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.06.30 19:41:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2007.06.30 19:41:23 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.06.30 19:41:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007.06.30 19:41:20 | 000,151,552 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2007.06.30 19:39:58 | 000,002,796 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007.06.26 16:47:14 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2007.06.24 09:43:44 | 000,114,938 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.06.21 10:22:42 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.18 15:22:31 | 000,022,016 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.16 23:40:17 | 000,028,915 | ---- | C] () -- C:\Users\*****\AppData\Roaming\UserTile.png
[2007.06.16 16:39:55 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2007.03.23 05:31:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007.03.23 05:28:35 | 000,638,510 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.03.23 05:28:35 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.03.23 05:28:35 | 000,130,462 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.03.23 05:28:35 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.22 20:45:35 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007.03.22 20:42:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007.03.22 20:42:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007.03.06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007.01.10 13:56:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,508,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,126 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 00:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.08.11 00:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.06.23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll
 
========== LOP Check ==========
 
[2007.06.27 20:27:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ACD Systems
[2011.04.20 11:18:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AeroSnapApp
[2010.03.14 22:29:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Amazon
[2007.09.19 17:24:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity
[2011.01.10 12:30:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon
[2010.11.24 15:35:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CD-LabelPrint
[2011.02.20 16:13:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.28 09:41:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Gutscheinmieze
[2007.10.10 16:19:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICAClient
[2011.06.21 19:04:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2007.06.16 21:16:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ Toolbar
[2007.06.16 21:18:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQLite
[2010.08.29 17:47:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\InfoRapid KnowledgeMap
[2007.11.06 14:43:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nikon
[2011.06.02 13:40:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2011.06.02 13:40:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite
[2011.05.27 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++
[2009.08.07 10:02:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2011.06.01 21:41:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2010.12.02 15:44:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Orbit
[2011.01.09 21:33:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2007.06.16 23:46:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PeerNetworking
[2010.12.02 15:41:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProgSense
[2011.02.05 11:12:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Software4u
[2011.02.09 15:08:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Swiss Academic Software
[2007.06.16 20:43:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template
[2007.06.20 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2009.12.22 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2007.06.18 13:45:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinBatch
[2011.06.24 19:47:18 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.07.16 12:31:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.08.06 19:12:18 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.06.18 16:42:41 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.06.16 16:18:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.02 15:42:57 | 000,000,000 | ---D | M] -- C:\Downloads
[2008.05.17 13:23:25 | 000,000,000 | ---D | M] -- C:\hp
[2007.07.11 13:12:27 | 000,000,000 | ---D | M] -- C:\Intel
[2010.01.12 13:06:11 | 000,000,000 | R--D | M] -- C:\MSOCache
[2007.06.30 19:42:47 | 000,000,000 | ---D | M] -- C:\MyVideos
[2008.05.28 13:06:51 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.06.23 19:27:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.06.24 18:16:20 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.05.17 13:26:09 | 000,000,000 | RHSD | M] -- C:\Recycled
[2011.05.20 13:49:04 | 000,000,000 | ---D | M] -- C:\Swsetup
[2011.06.24 19:55:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.01.23 11:11:37 | 000,000,000 | R--D | M] -- C:\Users
[2011.06.24 18:30:46 | 000,000,000 | ---D | M] -- C:\Windows
[2011.06.24 18:16:19 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES%\*. >
[2011.02.02 18:23:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010.02.21 13:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2010.11.10 16:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010.03.25 10:06:59 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010.11.10 16:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011.01.10 12:11:32 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011.01.10 12:09:24 | 000,000,000 | ---D | M] -- C:\Program Files\CanonBJ
[2011.06.01 10:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010.11.24 15:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\CD-LabelPrint
[2009.07.05 08:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\ClearProg
[2011.06.04 14:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011.04.06 17:16:55 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2011.06.02 11:20:54 | 000,000,000 | ---D | M] -- C:\Program Files\CPU-Z
[2007.10.02 13:52:26 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2007.06.16 16:18:13 | 000,000,000 | -HSD | M] -- C:\Program Files\Gemeinsame Dateien
[2011.01.14 00:57:49 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011.04.06 17:26:48 | 000,000,000 | ---D | M] -- C:\Program Files\gs
[2007.06.24 09:44:01 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007.03.22 20:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011.05.20 09:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\ICQ7.5
[2011.01.14 16:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\INKAR 2009
[2011.05.20 09:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2011.06.02 11:36:13 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011.06.15 19:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011.01.30 14:23:32 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011.01.30 14:25:03 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011.02.15 15:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011.06.23 19:28:04 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009.03.16 17:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ICE
[2010.02.19 16:31:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011.05.18 15:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010.06.25 17:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010.08.12 21:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011.05.19 13:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\MozBackup
[2011.06.22 19:31:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010.09.22 13:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\MP3Gain
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011.05.31 07:41:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2007.06.16 18:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011.06.02 13:43:42 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2011.05.27 22:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2007.03.22 21:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Online-Dienste
[2007.11.15 18:43:05 | 000,000,000 | ---D | M] -- C:\Program Files\Panorama Maker 3
[2011.06.02 12:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2010.11.17 11:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\PDF24
[2011.01.20 20:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008.04.14 11:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007.03.22 20:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010.02.28 14:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011.06.01 10:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2011.06.02 11:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009.12.22 12:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006.11.02 15:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2011.06.01 23:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\VLC
[2009.08.06 19:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009.08.06 19:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009.08.06 19:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009.08.06 19:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011.06.15 18:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010.10.23 13:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2007.06.16 16:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009.08.06 19:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009.11.21 13:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009.08.06 19:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008.02.19 18:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.14 19:02:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.14 19:02:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\c8769c0a3306661ec8d7dc7ef7231b1c\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: SVCHOST.EXE  >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\c8769c0a3306661ec8d7dc7ef7231b1c\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-24 17:54:23

< End of report >

Ich habe das Programm jetzt noch NICHT geschlossen, den Rechner noch NICHT neu gestartet! Muss ich das jetzt tun, bevor ich die Fragen beantworten soll?

Sehen die Log-Dateien überhaupt gut aus?

M-K-D-B · 25.06.2011, 16:13

Hallo deckbett,

Zitat:

Zitat von deckbett

Ich habe das Programm jetzt noch NICHT geschlossen, den Rechner noch NICHT neu gestartet! Muss ich das jetzt tun, bevor ich die Fragen beantworten soll?

Du musst nicht nach jedem Schritt den Rechner neu starten, nur wenn es in der Anleitung steht.

Zitat:

Zitat von deckbett

Sehen die Log-Dateien überhaupt gut aus?

Sieht schon besser aus.

Wir sind aber noch nicht fertig.

Bitte beantworte noch die von mir gestellten Fragen. Anschließend können wir mit der Bereinigung fortfahren.

Vielen Dank.

deckbett · 27.06.2011, 11:14

Ok, dann kommen wir zu den Fragen:

- Alle Dateien sind wieder zu sehen und abrufbar, inkl. transparenter Dateien, z.B. desktop.ini.
- Papierkorb auf dem Desktop fehlt.
- Programm-Ordner im Startmenü sind vorhanden, aber NICHT meine an Startmenü angeheftete Programmliste.
- "Zuletzt geöffnete Dateien" in Startmenü angezeigt, obwohl vorher ausgeschaltet.

Bzgl. Internet traue ich mich aktuell nicht, dieses zu öffnen. Der Zugriff auf Firefox wäre aufgrund der jetzt wieder sichtbaren Dateien/Ordner aber wohl möglich. Soll/kann ich es ausprobieren?

Fehler habe ich bisher nicht bemerkt. Dateien kann ich problemlos öffnen.
Was könnte denn auftreten?

Ach so, auf dem Desktop liegt jetzt auch dieses Windows Vista Repair.

M-K-D-B · 27.06.2011, 13:49

Hallo deckbett,

Schritt # 1: Programmliste im Startmenü wiederherstellen

Rechtsklick auf die Taskleiste -> Eigenschaften
Klicke auf den Tab Startmenü
Vergewissere dich, dass unter Datenschutz beide Haken gesetzt sind
Klicke oben auf Anpassen
Klicke ganz unten auf Standardeinstellungen und anschließend auf Ok.
Klicke im zweiten Fenster auf Übernehmen und anschließend auf Ok.

Schritt # 2: Papierkorb auf dem Desktop wiederherstellen

Rechtsklicke auf dem Desktop -> Anpassen
Wähle Desktopsymbole ändern
Setzen einen Haken vor Papierkorb
Klicke auf Übernehmen und abschließend auf Ok.

Schritt # 3: Manuelles Löschen von Dateien

Zitat:

auf dem Desktop liegt jetzt auch dieses Windows Vista Repair.

Rechtsklicke auf die Datei Windows Vista Repair.lnk und wähle Löschen.
Leere anschließend den Papierkorb.

Schritt # 4: Beantwortung deiner Fragen

Zitat:

Soll/kann ich es ausprobieren?

Ja, kannst du.

Und du musst es auch, da wir mit der Bereinigung noch nicht fertig sind und weitere Tools benötigen.

Zitat:

Fehler habe ich bisher nicht bemerkt. Dateien kann ich problemlos öffnen.
Was könnte denn auftreten?

Normalerweise lässt sich dieser Schädlinge vollständig entfernen. Wir müssen aber ausschließen, dass sich noch andere Malware auf deinem Rechner befindet. Daher bitte ich dich wie folgt weiter zu arbeiten:

Schritt # 5: aswMBR.exe ausführen
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt # 6: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 7: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

eine Rückmeldung bezüglich der Programmliste und dem Papierkorb,
das Logfile von aswMBR und
die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

deckbett · 29.06.2011, 07:51

Hallo! Weiter gehts:

Die Programme sind alle wieder sichtbar, auch der Papierkorb. Allerdings sind weiterhin versteckte Dateien dargestellt, auf dem Desktop sind dies: 2x "desktop.ini" und 1x "Thumbs.db". Ich nehme an, die gehören da auch hin.

Ansonsten öggnete sich während des OTL-Scans folgendes Fenster:

Zitat:

Meldung von Webseite
Herzlichen Gl⎕ckwunsch! Du bist der 10.000 Besucher. Klicke jetzt f⎕r deinen SOFORT-GEWINN!

Habe ich natürlich wegge-x-t. Im TaskManager vielen mir dann aber die zwei(!) Prozesse "iexplore.exe" auf...

Kommen wir zu den Log-Dateien:

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-28 16:02:40
-----------------------------
16:02:40.572    OS Version: Windows 6.0.6002 Service Pack 2
16:02:40.572    Number of processors: 2 586 0x605
16:02:40.572    ComputerName: *****-PC  UserName: *****
16:03:22.271    Initialize success
16:03:30.804    AVAST engine defs: 11062700
16:03:56.170    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:03:56.185    Disk 0 Vendor: SAMSUNG_ CP10 Size: 305245MB BusType: 3
16:03:56.185    Disk 0 MBR read successfully
16:03:56.185    Disk 0 MBR scan
16:03:56.185    Disk 0 unknown MBR code
16:03:56.201    Disk 0 scanning sectors +625137345
16:03:56.263    Disk 0 scanning C:\Windows\system32\drivers
16:04:13.283    Service scanning
16:04:14.874    Disk 0 trace - called modules:
16:04:14.874    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x876fd1ed]<<
16:04:14.890    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8711eac8]
16:04:14.890    3 CLASSPNP.SYS[8c1a18b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x856ff030]
16:04:14.890    \Driver\iaStor[0x856e6908] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x876fd1ed
16:04:17.762    AVAST engine scan C:\Windows
19:23:16.355    AVAST engine scan C:\Users\*****
20:35:14.163    AVAST engine scan C:\ProgramData
20:38:55.631    Scan finished successfully
20:39:25.354    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
20:39:25.362    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"

OTL:

Code:

ATTFilter

OTL logfile created on: 29.06.2011 08:18:34 - Run 3
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 67,63% Memory free
7,20 Gb Paging File | 6,25 Gb Available in Paging File | 86,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,16 Gb Total Space | 164,49 Gb Free Space | 56,30% Space Free | Partition Type: NTFS
Drive D: | 5,93 Gb Total Space | 0,88 Gb Free Space | 14,84% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (HCWU2DTD) -- C:\Windows\System32\drivers\hcwu2dtd.sys (Hauppauge Computer Works)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HCWU2DTL) -- C:\Windows\System32\drivers\hcwu2dtl.sys (Hauppauge Computer Works)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 A8 69 2B 2C 24 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de) "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.21
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.27 15:12:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 12:23:09 | 000,000,000 | ---D | M]
 
[2010.11.10 16:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.06.27 15:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions
[2011.02.15 13:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}-trash
[2011.04.05 07:28:12 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org
[2011.04.05 07:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2011.04.05 07:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2011.04.05 07:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2010.11.10 17:28:16 | 000,001,094 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\abkuerzungende.xml
[2010.11.10 17:28:46 | 000,001,211 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\amazonde-.xml
[2010.11.10 17:31:05 | 000,001,788 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\ardapedia.xml
[2010.11.10 17:28:58 | 000,001,887 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\bookbutler.xml
[2010.11.10 17:31:46 | 000,001,167 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\club300-fotos-d.xml
[2010.11.10 17:32:08 | 000,001,169 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\club300-fotos-wp.xml
[2010.11.10 17:29:49 | 000,001,036 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\dictcc-de---en.xml
[2010.11.10 17:30:10 | 000,000,451 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\filmstartsde.xml
[2010.11.10 17:29:11 | 000,000,924 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\jokersde.xml
[2010.11.10 17:30:34 | 000,001,490 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\lastfm.xml
[2010.11.10 17:30:47 | 000,001,603 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\lautde.xml
[2010.11.10 17:29:33 | 000,001,884 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\leo-de---en.xml
[2011.01.28 19:49:47 | 000,001,707 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\naturguckerde.xml
[2010.11.10 17:27:05 | 000,001,162 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wikipedia-de-.xml
[2010.11.10 17:27:18 | 000,001,151 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wikipedia-en.xml
[2010.11.10 17:27:54 | 000,001,156 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wiktionary.xml
[2010.11.10 17:26:30 | 000,000,723 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wissende.xml
[2011.05.03 07:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.02.15 15:56:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZP24T3H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZP24T3H.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011.06.27 15:12:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.01 11:03:51 | 000,435,945 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	163ns.com
O1 - Hosts: 15001 more lines...
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2cf1e437-7876-11df-bbfb-001a92eb8022}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf1e437-7876-11df-bbfb-001a92eb8022}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8842034a-1f22-11dc-8034-001a92eb8022}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Recycled\ctfmon.exe
O33 - MountPoints2\{8842034a-1f22-11dc-8034-001a92eb8022}\Shell\Open(&0)\command - "" = J:\Recycled\ctfmon.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.27 15:21:29 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.06.27 15:20:13 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe
[2011.06.24 18:16:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.23 19:28:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2011.06.23 19:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.23 19:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.06.23 13:39:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
[2011.06.20 17:49:04 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Klausuren_PhyGeo_WiGeo
[2011.06.18 12:22:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.06.15 18:54:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.15 18:54:25 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.06.15 18:54:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.06.15 18:54:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.04 14:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2011.06.04 14:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Home & Student Suite X5
[2011.06.04 08:30:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Meine Paletten
[2011.06.04 08:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011.06.02 11:53:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\vlc
[2011.06.02 11:36:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2011.06.02 11:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011.06.02 11:20:54 | 000,022,504 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2011.06.02 11:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
[2011.06.02 11:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\CPU-Z
[2011.06.01 23:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.06.01 22:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\VLC
[2011.06.01 21:30:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Opera
[2011.06.01 21:29:55 | 000,000,000 | R--D | C] -- C:\Users\*****\Downloads
[2011.06.01 12:34:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.06.01 12:34:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.06.01 12:34:43 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.06.01 12:34:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.06.01 12:34:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.06.01 12:34:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.01 12:34:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.06.01 12:34:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.06.01 12:34:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.06.01 12:34:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.01 12:34:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.06.01 12:34:42 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.01 12:34:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.06.01 12:34:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.06.01 12:34:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.06.01 12:34:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.06.01 12:34:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.06.01 12:34:41 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.06.01 12:34:41 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.01 12:34:41 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.06.01 12:34:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.06.01 12:34:41 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.06.01 12:34:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.06.01 12:34:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.01 12:34:40 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.06.01 12:34:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.06.01 12:34:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.06.01 12:34:40 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.06.01 12:34:40 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.01 12:34:40 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.06.01 12:34:40 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.06.01 12:34:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.06.01 12:34:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.01 12:34:40 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.06.01 12:34:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.01 10:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.05.31 07:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.29 07:56:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.29 07:55:48 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.29 07:55:48 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.29 07:55:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.28 20:46:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.28 20:41:31 | 000,604,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.28 20:41:31 | 000,107,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.28 20:41:30 | 000,638,858 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.28 20:41:30 | 000,130,582 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.28 20:39:25 | 000,000,512 | ---- | M] () -- C:\Users\*****\Desktop\MBR.dat
[2011.06.27 15:21:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.06.27 15:20:41 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe
[2011.06.20 13:18:54 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI
[2011.06.02 11:42:26 | 000,508,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.01 12:35:02 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.06.01 12:35:02 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.06.01 12:34:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.06.01 12:34:43 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.06.01 12:34:43 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.06.01 12:34:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.06.01 12:34:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.06.01 12:34:43 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.01 12:34:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.06.01 12:34:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.06.01 12:34:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.06.01 12:34:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.01 12:34:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.06.01 12:34:42 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.01 12:34:42 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.06.01 12:34:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.06.01 12:34:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.06.01 12:34:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.06.01 12:34:42 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.06.01 12:34:42 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.06.01 12:34:41 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.06.01 12:34:41 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.01 12:34:41 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.06.01 12:34:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.06.01 12:34:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.06.01 12:34:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.06.01 12:34:41 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.01 12:34:40 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.06.01 12:34:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.06.01 12:34:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.06.01 12:34:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.06.01 12:34:40 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.01 12:34:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.06.01 12:34:40 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.06.01 12:34:40 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.06.01 12:34:40 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.01 12:34:40 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.06.01 12:34:40 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.01 11:03:51 | 000,435,945 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
 
========== Files Created - No Company Name ==========
 
[2011.06.28 20:39:25 | 000,000,512 | ---- | C] () -- C:\Users\*****\Desktop\MBR.dat
[2011.06.24 18:26:53 | 000,000,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr - Verknüpfung.lnk
[2011.06.24 18:26:49 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.06.24 18:26:49 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.06.24 18:26:49 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.06.01 12:34:42 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.01.10 12:09:35 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2010.03.25 18:11:47 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010.03.25 18:06:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2010.03.01 20:03:40 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2010.02.19 22:48:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.06 18:48:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.06 18:46:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.16 01:41:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.18 20:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008.03.25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007.11.30 13:43:22 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2007.11.28 21:05:39 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2007.11.06 09:55:50 | 000,000,021 | ---- | C] () -- C:\Windows\PMK35_SETUP.ini
[2007.10.31 18:54:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1364.dll
[2007.10.23 14:03:27 | 000,064,466 | ---- | C] () -- C:\Users\*****\AppData\Roaming\mdb.bin
[2007.10.12 17:01:07 | 000,000,096 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2007.10.02 13:52:25 | 000,217,088 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2007.10.02 13:41:18 | 000,217,088 | R--- | C] () -- C:\Users\*****\AppData\Roaming\MafiaSetup.exe
[2007.08.24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.06.30 19:41:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2007.06.30 19:41:23 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.06.30 19:41:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007.06.30 19:41:20 | 000,151,552 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2007.06.30 19:39:58 | 000,002,796 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007.06.26 16:47:14 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2007.06.24 09:43:44 | 000,114,938 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.06.21 10:22:42 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.18 15:22:31 | 000,022,016 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.16 23:40:17 | 000,028,915 | ---- | C] () -- C:\Users\*****\AppData\Roaming\UserTile.png
[2007.06.16 16:39:55 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2007.03.23 05:31:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007.03.23 05:28:35 | 000,638,858 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.03.23 05:28:35 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.03.23 05:28:35 | 000,130,582 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.03.23 05:28:35 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.22 20:45:35 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007.03.22 20:42:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007.03.22 20:42:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007.03.06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007.01.10 13:56:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,508,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,434 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,678 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 00:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.08.11 00:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.06.23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll

< End of report >

OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 29.06.2011 08:18:34 - Run 3
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 67,63% Memory free
7,20 Gb Paging File | 6,25 Gb Available in Paging File | 86,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,16 Gb Total Space | 164,49 Gb Free Space | 56,30% Space Free | Partition Type: NTFS
Drive D: | 5,93 Gb Total Space | 0,88 Gb Free Space | 14,84% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3154840364-857642331-359066050-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3154840364-857642331-359066050-1007]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46F1FB8F-B9B5-46FC-8A76-4E968AE60BB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{59CE40F6-1F41-41DD-89B9-37AC3CC4BD7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{69C004FD-0511-4B89-9386-18CD2C22378E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6B137440-1497-421A-8EF2-5F8FFC411DEC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7BFAF25A-38C6-4BFF-91FD-35D2D27DFA45}" = lport=137 | protocol=17 | dir=in | app=system | 
"{843EC9EA-CBF4-4AE3-943F-DA042866F7D8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9BC3842D-EC22-4F0C-9DB1-8E26B28D15FB}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | 
"{B02B64D7-6C01-4196-BFEC-0FE2CAAE485A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B4D8709F-174F-424C-B0C8-1CEB1412FACB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D3D078A3-73A1-4B2F-82B8-1B0D394A8F22}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3FA0E18-AB75-4879-BBB0-703C07166E8A}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | 
"{FCF96072-7C83-4ADB-9BBC-08BA2245AB6B}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31CE8977-CF4B-4D4A-935E-3358F419F75E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{3494ACDF-4394-4E32-988C-DC1B5B640F5F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{373EA412-9C9B-41A7-B4DB-3A1A31EE649F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3D31E802-5404-4346-938F-C08F95C14EA7}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{3EFE3451-9143-4A8F-B0E0-1B4A03DF5292}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{43B2A958-7BE4-441C-85A6-57C02D23703F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4C4EF4A7-1B0C-4F79-AF21-9361EF6E2968}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{615DC410-8A66-4337-BB41-F1BFA9F4F9A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61B4ADC1-6DD2-4BA3-964A-A53DF14C2087}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{801F25DE-94E5-4575-80FC-256558864074}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{857A104D-4909-4F4C-A64F-F1F635AA11DB}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{9D1490D6-30E5-490B-B1C2-277AB7B35391}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A4A45014-8AD8-4519-AD01-D2EABBB9983D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AE527263-7C5C-4FB5-A786-BBA63261E7B8}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{B1761E96-35B2-4173-B19E-94AFDA8F66A3}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BAE466A5-8A96-4F9D-9643-9374BA2A831C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C221AEED-3C47-40B4-B702-46EC64F1715C}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{C899516A-8DF2-475D-9CE5-B8C7105691D9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{DD83C523-57B3-49B3-AA7B-68A0E361F5B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{2BF13BDE-A49F-4991-9561-714A718745DF}E:\bin\win32\player.exe" = protocol=6 | dir=in | app=e:\bin\win32\player.exe | 
"TCP Query User{2FE38655-17FE-4BE4-9B1A-D979E0D59F93}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{62A90A24-08AD-4DC0-80AA-041B7730568C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{745EC40F-68B1-4E45-BBC6-50CCE1916CF4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{84F5D283-9558-40D6-A51E-DEC08190FEA4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9460DF45-51C5-4C3A-AEFC-BF35AA20415C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CCC4128F-49B8-41A0-816B-29B68E35CDF9}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"TCP Query User{D5DE1C5E-3FDC-435E-B518-771509FB0370}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F9FD911D-B788-4ACB-91F0-D4DCE80E3898}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{01087E94-1B4A-485D-8BD9-633720CBF86E}E:\bin\win32\player.exe" = protocol=17 | dir=in | app=e:\bin\win32\player.exe | 
"UDP Query User{32509996-C047-4D33-82A9-9CB36D7830F5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{500309D8-6500-45BC-8DD1-C61746967634}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"UDP Query User{51388839-FCF5-41A3-8456-A986094CC65A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{68DB9B9E-E98B-4C5B-B6A2-21AC37E792C9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{818EE3B6-6353-4D3E-ABE2-C7B9468E7EA7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{821FE946-8910-4EA4-98BB-5622D22AF786}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E440117D-C18C-459A-8E51-6CF5DA591CA6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E63EB759-79BB-4C47-846A-E133AC1B623E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Home & Student Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content
"{031340C8-1733-40FE-BF52-83B599021BA9}" = CorelDRAW Graphics Suite X5 - IPM HSE
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{3463EABB-47C9-454D-BF13-474CAE5A9DA7}" = INKAR 2009
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{356658C7-8C60-4A43-AF50-75CA8E642934}" = CorelDRAW Graphics Suite X5 - CZ
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{48C503D7-15A0-414A-B32E-0EFFA13B68E2}" = CorelDRAW Home & Student Suite X5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{938C2383-A692-4D2C-AE45-024F91EF7B1D}" = CorelDRAW Graphics Suite X5 - PL
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CA12DA1D-25DD-4495-92D5-B1DE65D43C77}" = CorelDRAW Graphics Suite X5 - RU
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.6.0 Final
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"EAX Unified" = EAX Unified
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LHTTSGED" = L&H TTS3000 Deutsch
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"SpywareBlaster_is1" = SpywareBlaster 4.4
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2010 08:17:00 | Computer Name = *****-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 11.03.2010 08:17:01 | Computer Name = *****-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 15.03.2010 02:47:27 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:27 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:28 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:28 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:29 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.03.2010 02:47:29 | Computer Name = *****-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2010 07:41:24 | Computer Name = *****-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 19.03.2010 07:41:26 | Computer Name = *****-PC | Source = Perflib | ID = 1008
Description = 
 
[ Media Center Events ]
Error - 19.03.2011 15:54:02 | Computer Name = *****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 19.03.2011 18:35:08 | Computer Name = *****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 22.03.2011 14:36:42 | Computer Name = *****-PC | Source = Media Center Guide | ID = 4
Description = Ereignisinformationen: Unbekannter Verbindungsfehler. Windows Media
 Center konnte keine Internetverbindung herstellen. Weitere Informationen finden
 Sie in der Hilfe. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
Error - 02.05.2011 18:02:24 | Computer Name = *****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
[ OSession Events ]
Error - 19.01.2011 04:44:37 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 245
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 23.05.2011 10:17:25 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5639
 seconds with 4320 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.06.2011 02:08:31 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2011 02:10:01 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2011 02:11:32 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2011 02:13:02 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2011 02:14:32 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2011 02:16:02 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2011 02:17:32 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2011 02:19:03 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2011 02:20:33 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.06.2011 02:22:03 | Computer Name = *****-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

Beste Grüße!

M-K-D-B · 29.06.2011, 19:45

Hallo deckbett,

Zitat:

Zitat von deckbett

Die Programme sind alle wieder sichtbar, auch der Papierkorb. Allerdings sind weiterhin versteckte Dateien dargestellt, auf dem Desktop sind dies: 2x "desktop.ini" und 1x "Thumbs.db". Ich nehme an, die gehören da auch hin.

Ja, aber das Anzeigen von versteckten Dateien ist im Allgemeinen nicht sinnvoll. Darum kümmern wir uns gleich.

Zitat:

Zitat von deckbett

Im TaskManager vielen mir dann aber die zwei(!) Prozesse "iexplore.exe" auf...

Aufgrund der Werbung und den IE Prozessen vermute ich ein Rootkit.

So gehts weiter:

Schritt # 1: Systemdateien verstecken
Gehe bitte auf Start -> Computer --> Organisieren --> Ordner und Suchoptionen.
Wechsle auf den Reiter Ansicht.

Setze den Hacken bei Geschützte Systemdateien ausblenden ( empfohlen )
Setze den Hacken bei Erweiterungen bei bekannten Dateitypen ausblenden
Aktiviere Alle Dateien und Ordner nicht anzeigen

Drücke auf Übernehmen und OK

Lösche keinesfalls Ordner oder Dateien ohne Anweisung

Schritt # 2: Registry Cleaner
Ich sehe, dass Du sogenannte Registry Cleaner am System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.

Schritt # 3: TDSS Killer ausführen
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.

Schließe alle laufenden Programme.
Trenne dich von Internet.
Deaktiviere deine AntiViren Software.
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Drücke auf Start scan.
Mache während dem Scan nichts am Rechner
1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
  Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
Bitte poste mir den Inhalt hier in deinen Thread.

Schritt # 4: ComboFix ausführen

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

eine Rückmeldung, ob versteckte Dateien noch immer angezeigt werden,
eine Rückmeldung bezüglich CCleaner,
das Logfile des TDSS Killers und
das Logfile von ComboFix.

deckbett · 01.07.2011, 10:09

Hallo!

Die Dateien sind versteckt, CCleaner deinstalliert. Allerdings komme ich mit dem TDSS Killer nicht weiter!
Ich habe das Programm heruntergeladen, Internetverbindung getrennt, Antivir deaktiviert und wollte TDSS Killer als Administrator öffnen - aber es passiert nichts!
Ich habe längere Zeit gewartet, es nochmal probiert, auch mit Doppelklick, zusätzlich noch die Firewall geschlossen, aber nichts passiert...

M-K-D-B · 01.07.2011, 10:53

Hallo deckbett,

Zitat:

Zitat von deckbett

Ich habe längere Zeit gewartet, es nochmal probiert, auch mit Doppelklick, zusätzlich noch die Firewall geschlossen, aber nichts passiert...

Das Rootkit blockiert den TDSS Killer höchstwahrscheinlich.

Lass den TDSS Killer aus und führe stattdessen gleich ComboFix, wie in der Anleitung beschrieben, aus.
Achte hierbei auch darauf, dass du deinen Virenscanner deaktivierst und ComboFix mit Rechtsklick als Administrator ausführst!

Poste anschließend das gewünschte Logfile. Vielen Dank.

deckbett · 01.07.2011, 13:00

Hier die ComboFix.txt:

Code:

ATTFilter

ComboFix 11-06-30.03 - ***** 01.07.2011  13:37:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3574.2271 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\recycled\Recycled
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair\Uninstall Windows Vista Repair.lnk
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair\Windows Vista Repair.lnk
c:\windows\IsUn0407.exe
.
----- BITS: Eventuell infizierte Webseiten -----
.
hxxp://apnmedia.ask.com
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-01 bis 2011-07-01  ))))))))))))))))))))))))))))))
.
.
2011-07-01 11:45 . 2011-07-01 11:45	--------	d-----w-	c:\users\*****\AppData\Local\temp
2011-07-01 11:27 . 2011-07-01 11:29	--------	d-----w-	C:\32788R22FWJFW
2011-07-01 08:10 . 2011-06-07 15:55	7074640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F668101-11C5-462D-899E-E94ABD65DACA}\mpengine.dll
2011-06-29 09:23 . 2011-04-29 15:59	276992	----a-w-	c:\windows\system32\schannel.dll
2011-06-27 13:12 . 2011-06-27 13:12	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 13:12 . 2011-06-27 13:12	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-24 16:26 . 2011-06-01 08:55	388608	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis204.exe
2011-06-24 16:16 . 2011-06-24 16:16	--------	d-----w-	C:\_OTL
2011-06-23 17:28 . 2011-06-23 17:28	--------	d-----w-	c:\users\*****\AppData\Roaming\Malwarebytes
2011-06-23 17:27 . 2011-06-23 17:27	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-23 17:27 . 2011-06-27 10:17	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-15 16:54 . 2011-04-22 23:25	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-06-15 16:54 . 2011-04-25 15:29	141104	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 16:54 . 2011-04-22 23:35	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-06-15 03:44 . 2011-04-14 14:59	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-06-15 03:44 . 2011-04-21 13:58	273408	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-15 03:44 . 2011-04-29 13:25	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-15 03:44 . 2011-04-29 13:25	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-15 03:44 . 2010-12-20 16:35	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-06-15 03:43 . 2011-05-02 17:16	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-06-15 03:43 . 2011-04-29 13:24	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 03:43 . 2011-04-29 13:24	79872	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 03:43 . 2011-04-29 13:24	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 03:43 . 2011-05-02 12:02	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-06-07 10:35 . 2011-06-07 10:35	103864	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 10:35 . 2011-06-07 10:35	103864	----a-w-	c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-06-04 12:43 . 2011-06-04 12:43	--------	d-----w-	c:\program files\Common Files\Corel
2011-06-04 12:43 . 2011-06-04 12:47	--------	d-----w-	c:\programdata\CorelDRAW Home & Student Suite X5
2011-06-04 06:30 . 2011-06-04 06:30	--------	d-----w-	c:\programdata\Protexis
2011-06-02 09:53 . 2011-06-02 09:55	--------	d-----w-	c:\users\*****\AppData\Roaming\vlc
2011-06-02 09:36 . 2011-02-28 06:09	53248	----a-w-	c:\windows\system32\CSVer.dll
2011-06-02 09:27 . 2011-06-02 09:27	--------	d-----w-	c:\program files\SystemRequirementsLab
2011-06-02 09:20 . 2011-01-19 15:47	22504	----a-w-	c:\windows\system32\drivers\cpuz135_x32.sys
2011-06-02 09:20 . 2011-06-02 09:20	--------	d-----w-	c:\program files\CPU-Z
2011-06-01 20:59 . 2011-06-01 21:00	--------	d-----w-	c:\program files\VLC
2011-06-01 19:30 . 2011-06-01 19:41	--------	d-----w-	c:\users\*****\AppData\Local\Opera
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 08:07 . 2010-03-25 08:07	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-01 08:07 . 2010-03-25 08:07	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-01 10:34 . 2011-06-01 10:34	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-06-01 10:34 . 2011-06-01 10:34	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-06-01 10:34 . 2011-06-01 10:34	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-06-01 10:34 . 2011-06-01 10:34	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-06-01 10:34 . 2011-06-01 10:34	161792	----a-w-	c:\windows\system32\msls31.dll
2011-06-01 10:34 . 2011-06-01 10:34	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-06-01 10:34 . 2011-06-01 10:34	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-06-01 10:34 . 2011-06-01 10:34	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-06-01 10:34 . 2011-06-01 10:34	367104	----a-w-	c:\windows\system32\html.iec
2011-06-01 10:34 . 2011-06-01 10:34	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-06-01 10:34 . 2011-06-01 10:34	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-06-01 10:34 . 2011-06-01 10:34	152064	----a-w-	c:\windows\system32\wextract.exe
2011-06-01 10:34 . 2011-06-01 10:34	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-06-01 10:34 . 2011-06-01 10:34	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-06-01 10:34 . 2011-06-01 10:34	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-06-01 10:34 . 2011-06-01 10:34	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-06-01 10:34 . 2011-06-01 10:34	11776	----a-w-	c:\windows\system32\mshta.exe
2011-06-01 10:34 . 2011-06-01 10:34	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-06-01 10:34 . 2011-06-01 10:34	101888	----a-w-	c:\windows\system32\admparse.dll
2011-05-24 17:14 . 2009-11-20 22:36	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-05-21 15:09 . 2011-05-21 15:09	1138440	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-27 13:12 . 2011-05-03 05:18	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-02-09 09:43 . CAB5F4D65D49C24FAA4EF0351B3755A3 . 23552 . . [1.0.0.4] . . c:\windows\System32\ctfmon.exe
[7] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
taskmgr - Verknpfung.lnk - c:\windows\System32\taskmgr.exe [2008-5-28 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 09:26	4874240	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3154840364-857642331-359066050-1001]
"EnableNotificationsRef"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3154840364-857642331-359066050-1007]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-07-31 264704]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 HCWU2DTD;Hauppauge Nova USB2 DVB-T TV Receiver;c:\windows\system32\Drivers\hcwu2dtd.sys [2005-12-13 33024]
R3 HCWU2DTL;Hauppauge Nova-USB2-T Adapter Firmware Loader;c:\windows\system32\DRIVERS\hcwu2dtl.sys [2005-11-29 17920]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2008-01-11 110304]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 10:05]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 10:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) 
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-01 13:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,f3,c3,94,b1,aa,52,40,95,62,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,f3,c3,94,b1,aa,52,40,95,62,3e,\
.
Zeit der Fertigstellung: 2011-07-01  13:49:10
ComboFix-quarantined-files.txt  2011-07-01 11:49
.
Vor Suchlauf: 13 Verzeichnis(se), 173.567.143.936 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 173.695.246.336 Bytes frei
.
- - End Of File - - 0CC88EC42B43704A288FB91FFC846AB3

M-K-D-B · 01.07.2011, 15:46

Hallo deckbett,

Zitat:

Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack

wurde wiederhergestellt

Das war das Rootkit.

Jetzt schaun wir mal, ob der TDSS Killer wieder läuft:

Schritt # 1: TDSS Killer ausführen
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.

Schließe alle laufenden Programme.
Trenne dich von Internet.
Deaktiviere deine AntiViren Software.
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Drücke auf Start scan.
Mache während dem Scan nichts am Rechner
1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
  Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
Bitte poste mir den Inhalt hier in deinen Thread.

Schritt # 2: aswMBR.exe ausführen

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
Klicke auf Scan
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt # 3: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
/md5start
explorer.exe
regedit.exe 
winlogon.exe
wininit.exe
userinit.exe
svchost.exe
ctfmon.exe
/md5stop

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des TDSS Killers,
das Logfile von aswMBR und
das neue Logfile von OTL (OTL.txt).

deckbett · 02.07.2011, 09:17

Guten Morgen!

Der TDSS Killer hat tatsächlich nichts gefunden.

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-07-02 09:15:38
-----------------------------
09:15:38.373    OS Version: Windows 6.0.6002 Service Pack 2
09:15:38.373    Number of processors: 2 586 0x605
09:15:38.373    ComputerName: *****-PC  UserName: *****
09:15:39.356    Initialize success
09:15:49.485    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:15:49.485    Disk 0 Vendor: SAMSUNG_ CP10 Size: 305245MB BusType: 3
09:15:49.500    Disk 0 MBR read successfully
09:15:49.516    Disk 0 MBR scan
09:15:49.516    Disk 0 unknown MBR code
09:15:49.516    Disk 0 scanning sectors +625137345
09:15:49.547    Disk 0 scanning C:\Windows\system32\drivers
09:15:54.352    Service scanning
09:15:55.584    Disk 0 trace - called modules:
09:15:55.616    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
09:15:55.616    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b6d438]
09:15:55.631    3 CLASSPNP.SYS[8c1aa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x856f3030]
09:15:55.631    Scan finished successfully
09:16:22.650    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
09:16:22.650    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"

OTL:

Code:

ATTFilter

OTL logfile created on: 02.07.2011 09:17:05 - Run 4
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 70,95% Memory free
7,17 Gb Paging File | 6,23 Gb Available in Paging File | 86,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,16 Gb Total Space | 161,05 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive D: | 5,93 Gb Total Space | 0,88 Gb Free Space | 14,84% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cpuz135) -- C:\Windows\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (HCWU2DTD) -- C:\Windows\System32\drivers\hcwu2dtd.sys (Hauppauge Computer Works)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HCWU2DTL) -- C:\Windows\System32\drivers\hcwu2dtl.sys (Hauppauge Computer Works)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 A8 69 2B 2C 24 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de) "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.21
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.27 15:12:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 12:23:09 | 000,000,000 | ---D | M]
 
[2010.11.10 16:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.07.02 09:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions
[2011.02.15 13:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}-trash
[2011.04.05 07:28:12 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org
[2011.07.02 09:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\staged
[2011.04.05 07:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2011.04.05 07:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2011.04.05 07:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\azp24t3h.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2010.11.10 17:28:16 | 000,001,094 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\abkuerzungende.xml
[2010.11.10 17:28:46 | 000,001,211 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\amazonde-.xml
[2010.11.10 17:31:05 | 000,001,788 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\ardapedia.xml
[2010.11.10 17:28:58 | 000,001,887 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\bookbutler.xml
[2010.11.10 17:31:46 | 000,001,167 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\club300-fotos-d.xml
[2010.11.10 17:32:08 | 000,001,169 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\club300-fotos-wp.xml
[2010.11.10 17:29:49 | 000,001,036 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\dictcc-de---en.xml
[2010.11.10 17:30:10 | 000,000,451 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\filmstartsde.xml
[2010.11.10 17:29:11 | 000,000,924 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\jokersde.xml
[2010.11.10 17:30:34 | 000,001,490 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\lastfm.xml
[2010.11.10 17:30:47 | 000,001,603 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\lautde.xml
[2010.11.10 17:29:33 | 000,001,884 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\leo-de---en.xml
[2011.01.28 19:49:47 | 000,001,707 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\naturguckerde.xml
[2010.11.10 17:27:05 | 000,001,162 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wikipedia-de-.xml
[2010.11.10 17:27:18 | 000,001,151 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wikipedia-en.xml
[2010.11.10 17:27:54 | 000,001,156 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wiktionary.xml
[2010.11.10 17:26:30 | 000,000,723 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\azp24t3h.default\searchplugins\wissende.xml
[2011.05.03 07:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.02.15 15:56:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZP24T3H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZP24T3H.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011.06.27 15:12:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.01 13:45:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.02 09:08:46 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\*****\Desktop\tdsskiller.exe
[2011.07.01 13:49:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.07.01 13:49:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\temp
[2011.07.01 13:31:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.07.01 13:31:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.07.01 13:31:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.07.01 13:29:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.07.01 13:29:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.07.01 13:27:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.01 13:27:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011.07.01 13:25:28 | 004,130,198 | R--- | C] (Swearware) -- C:\Users\*****\Desktop\ComboFix.exe
[2011.06.27 15:21:29 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.06.27 15:20:13 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe
[2011.06.24 18:16:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.23 19:28:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2011.06.23 19:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.23 19:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.06.20 17:49:04 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Klausuren_PhyGeo_WiGeo
[2011.06.18 12:22:59 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.06.04 14:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2011.06.04 14:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Home & Student Suite X5
[2011.06.04 08:30:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Meine Paletten
[2011.06.04 08:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011.06.02 11:53:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\vlc
[2011.06.02 11:36:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2011.06.02 11:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011.06.02 11:20:54 | 000,022,504 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2011.06.02 11:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
[2011.06.02 11:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\CPU-Z
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.02 09:16:22 | 000,000,512 | ---- | M] () -- C:\Users\*****\Desktop\MBR.dat
[2011.07.02 09:08:48 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\*****\Desktop\tdsskiller.exe
[2011.07.02 09:06:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.02 09:05:50 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.02 09:05:50 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.02 09:05:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.01 22:46:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.01 22:01:27 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI
[2011.07.01 13:45:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.01 13:25:45 | 004,130,198 | R--- | M] (Swearware) -- C:\Users\*****\Desktop\ComboFix.exe
[2011.07.01 10:55:30 | 000,000,109 | ---- | M] () -- C:\Users\*****\Desktop\Festplatte beschädigt - TRCrypt.XPACK.GEN3 - Trojaner-Board.URL
[2011.07.01 10:15:16 | 000,508,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.01 10:07:05 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.01 10:07:05 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.06.28 20:41:31 | 000,604,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.28 20:41:31 | 000,107,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.28 20:41:30 | 000,638,858 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.28 20:41:30 | 000,130,582 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.27 15:21:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.06.27 15:20:41 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011.06.23 19:28:00 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2011.07.01 13:41:23 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.01 13:31:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.07.01 13:31:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.07.01 13:31:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.07.01 13:31:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.07.01 13:31:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.07.01 10:55:30 | 000,000,109 | ---- | C] () -- C:\Users\*****\Desktop\Festplatte beschädigt - TRCrypt.XPACK.GEN3 - Trojaner-Board.URL
[2011.06.28 20:39:25 | 000,000,512 | ---- | C] () -- C:\Users\*****\Desktop\MBR.dat
[2011.06.24 18:26:53 | 000,000,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr - Verknüpfung.lnk
[2011.06.24 18:26:49 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.06.24 18:26:49 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.06.24 18:26:49 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.01.10 12:09:35 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2010.03.25 18:11:47 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010.03.25 18:06:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2010.03.01 20:03:40 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2010.02.19 22:48:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.06 18:48:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.06 18:46:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.16 01:41:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.18 20:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008.03.25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007.11.30 13:43:22 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2007.11.28 21:05:39 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2007.11.06 09:55:50 | 000,000,021 | ---- | C] () -- C:\Windows\PMK35_SETUP.ini
[2007.10.31 18:54:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1364.dll
[2007.10.23 14:03:27 | 000,064,466 | ---- | C] () -- C:\Users\*****\AppData\Roaming\mdb.bin
[2007.10.12 17:01:07 | 000,000,096 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2007.10.02 13:52:25 | 000,217,088 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2007.10.02 13:41:18 | 000,217,088 | R--- | C] () -- C:\Users\*****\AppData\Roaming\MafiaSetup.exe
[2007.08.24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.06.30 19:41:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2007.06.30 19:41:23 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.06.30 19:41:22 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007.06.30 19:41:20 | 000,151,552 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2007.06.30 19:39:58 | 000,002,796 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007.06.26 16:47:14 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2007.06.24 09:43:44 | 000,114,938 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.06.21 10:22:42 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.18 15:22:31 | 000,022,016 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.16 23:40:17 | 000,028,915 | ---- | C] () -- C:\Users\*****\AppData\Roaming\UserTile.png
[2007.06.16 16:39:55 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2007.03.23 05:31:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007.03.23 05:28:35 | 000,638,858 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.03.23 05:28:35 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.03.23 05:28:35 | 000,130,582 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.03.23 05:28:35 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.22 20:45:35 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007.03.22 20:42:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007.03.22 20:42:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007.03.06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007.01.10 13:56:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,508,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,434 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,678 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 00:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.08.11 00:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.06.23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll
 
========== LOP Check ==========
 
[2007.06.27 20:27:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ACD Systems
[2011.04.20 11:18:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AeroSnapApp
[2010.03.14 22:29:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Amazon
[2007.09.19 17:24:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity
[2011.01.10 12:30:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon
[2010.11.24 15:35:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CD-LabelPrint
[2011.02.20 16:13:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.28 09:41:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Gutscheinmieze
[2007.10.10 16:19:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICAClient
[2011.06.21 19:04:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2007.06.16 21:16:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ Toolbar
[2007.06.16 21:18:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQLite
[2010.08.29 17:47:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\InfoRapid KnowledgeMap
[2007.11.06 14:43:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nikon
[2011.06.02 13:40:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2011.06.02 13:40:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite
[2011.07.01 10:52:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++
[2009.08.07 10:02:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2011.06.01 21:41:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2010.12.02 15:44:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Orbit
[2011.01.09 21:33:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2007.06.16 23:46:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PeerNetworking
[2010.12.02 15:41:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProgSense
[2011.02.05 11:12:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Software4u
[2011.02.09 15:08:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Swiss Academic Software
[2007.06.16 20:43:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template
[2007.06.20 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2009.12.22 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2007.06.18 13:45:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinBatch
[2011.07.01 23:13:56 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.07.01 13:49:18 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.07.01 13:29:47 | 000,000,000 | ---D | M] -- C:\32788R22FWJFW
[2009.08.06 19:12:18 | 000,000,000 | ---D | M] -- C:\Boot
[2011.07.01 13:49:15 | 000,000,000 | ---D | M] -- C:\ComboFix
[2011.06.27 17:53:23 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.06.16 16:18:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.02 15:42:57 | 000,000,000 | ---D | M] -- C:\Downloads
[2008.05.17 13:23:25 | 000,000,000 | ---D | M] -- C:\hp
[2007.07.11 13:12:27 | 000,000,000 | ---D | M] -- C:\Intel
[2010.01.12 13:06:11 | 000,000,000 | R--D | M] -- C:\MSOCache
[2007.06.30 19:42:47 | 000,000,000 | ---D | M] -- C:\MyVideos
[2008.05.28 13:06:51 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.01 10:51:37 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.06.24 18:16:20 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.07.01 13:49:14 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.20 13:49:04 | 000,000,000 | ---D | M] -- C:\Swsetup
[2011.07.01 10:09:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.01.23 11:11:37 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.01 13:45:41 | 000,000,000 | ---D | M] -- C:\Windows
[2011.06.24 18:16:19 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES%\*. >
[2011.02.02 18:23:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010.02.21 13:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2010.11.10 16:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010.03.25 10:06:59 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010.11.10 16:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011.01.10 12:11:32 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011.01.10 12:09:24 | 000,000,000 | ---D | M] -- C:\Program Files\CanonBJ
[2010.11.24 15:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\CD-LabelPrint
[2009.07.05 08:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\ClearProg
[2011.07.01 13:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011.04.06 17:16:55 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2011.06.02 11:20:54 | 000,000,000 | ---D | M] -- C:\Program Files\CPU-Z
[2007.10.02 13:52:26 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2007.06.16 16:18:13 | 000,000,000 | -HSD | M] -- C:\Program Files\Gemeinsame Dateien
[2011.01.14 00:57:49 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011.04.06 17:26:48 | 000,000,000 | ---D | M] -- C:\Program Files\gs
[2007.06.24 09:44:01 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007.03.22 20:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011.05.20 09:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\ICQ7.5
[2011.01.14 16:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\INKAR 2009
[2011.05.20 09:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2011.06.02 11:36:13 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011.06.15 19:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011.01.30 14:23:32 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011.01.30 14:25:03 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011.02.15 15:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011.06.27 12:17:41 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009.03.16 17:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ICE
[2010.02.19 16:31:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011.05.18 15:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010.06.25 17:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010.08.12 21:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011.05.19 13:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\MozBackup
[2011.06.27 15:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010.09.22 13:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\MP3Gain
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011.05.31 07:41:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2007.06.16 18:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011.06.02 13:43:42 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2011.07.01 10:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2007.03.22 21:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Online-Dienste
[2007.11.15 18:43:05 | 000,000,000 | ---D | M] -- C:\Program Files\Panorama Maker 3
[2011.06.02 12:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2011.07.01 10:52:26 | 000,000,000 | ---D | M] -- C:\Program Files\PDF24
[2011.01.20 20:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008.04.14 11:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007.03.22 20:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010.02.28 14:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011.06.01 10:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2011.06.02 11:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009.12.22 12:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006.11.02 15:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2011.06.01 23:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\VLC
[2009.08.06 19:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009.08.06 19:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009.08.06 19:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009.08.06 19:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011.06.15 18:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010.10.23 13:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2007.06.16 16:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009.08.06 19:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009.11.21 13:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009.08.06 19:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008.02.19 18:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
 
 
< MD5 for: CTFMON.EXE  >
[2006.11.02 11:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[2008.02.09 11:43:33 | 000,023,552 | ---- | M] (Gerhard Schlager) MD5=CAB5F4D65D49C24FAA4EF0351B3755A3 -- C:\Windows\System32\ctfmon.exe
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.14 19:02:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.14 19:02:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\c8769c0a3306661ec8d7dc7ef7231b1c\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
 
< MD5 for: SVCHOST.EXE  >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\c8769c0a3306661ec8d7dc7ef7231b1c\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >

M-K-D-B · 02.07.2011, 13:43

Hallo deckbett,

Schritt # 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

:commands
[Reboot]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)

Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt # 3: Scan mit SuperAntiSpyware (SAS)
Downloade Dir bitte SUPERAntiSpyware FREE Edition

Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
Schließe alle Anwendungen inkl. Browser.
Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
Bitte kopiere diesen Bericht hier in den Thread.

Schritt # 4: Kontrolle mit VirusTotal
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Durchsuchen
Kopiere nun folgendes in die Suchleiste.
Code:
ATTFilter
```
C:\Windows\System32\ctfmon.exe
         
```
und klicke auf Öffnen.
Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.

Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Schritt # 5: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Wirst du immer noch auf andere Seiten umgeleitet?
Hast du einmal den CTFMON-Remover eingesetzt? Wenn ja, warum?

Schritt # 6: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des OTL-Fix,
das Logfile von MBAM,
das Logfile von SAS,
den Link zum Ergebnis von VirusTotal und
die Beantwortung der gestellten Fragen.

"Festplatte beschädigt" - TR/Crypt.XPACK.GEN3

Plagegeister aller Art und deren Bekämpfung: "Festplatte beschädigt" - TR/Crypt.XPACK.GEN3