Bundespolizei Trojaner selber entfernt?

cody29 · 11.08.2011, 23:01

Auch ich hatte plötzlich während des Surfens ein Popup der "Bundespolizei". Ich habe zunächst selbständig über ein zweites Benutzerkonto den fehlerhaften Registry Schlüssel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
der auf die Datei
C:\Users\***\AppData\Local\Temp\0.10280323110239376.exe
zeigte wieder auf
explorer.exe
gesetzt.

Nun bin ich mir nicht sicher, ob ich den Trojaner und evtl. weitere nachgeladene Schadsoftware komplett wieder runter habe.

Ich bin alle Schritte für die Erstellung eines neuen Threads durchgegangen...

defogger gestartet -> ok
Einen benutzerdefinierten Quick Scan mit OTL durchgeführt -> Log Dateien
gmer durchlaufen lassen -> Log Datei

Zusätzlich habe ich einen Full Scan mit Malwarebytes durchgeführt. -> Log Datei

Hier die OTL.txt

Code:

ATTFilter

OTL logfile created on: 11.08.2011 18:16:02 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = E:\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,29% Memory free
2,94 Gb Paging File | 1,84 Gb Available in Paging File | 62,70% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 0,29 Gb Free Space | 1,21% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 0,15 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Drive E: | 7,81 Gb Total Space | 1,39 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive F: | 94,68 Gb Total Space | 3,59 Gb Free Space | 3,79% Space Free | Partition Type: FAT32
Drive G: | 234,93 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.11 18:14:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\***\Desktop\OTL.exe
PRC - [2011.08.11 18:12:54 | 000,050,477 | ---- | M] () -- E:\Download\Defogger.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.30 22:45:24 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 21:00:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.02 22:08:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.12.26 17:08:48 | 000,053,248 | ---- | M] () -- C:\Programme\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe
PRC - [2006.11.08 19:47:14 | 001,066,528 | ---- | M] (Dell Inc) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2006.11.02 01:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.11 18:14:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\***\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.30 22:45:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 21:00:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.03.03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.18 23:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxion\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.30 22:45:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 22:45:29 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.03.03 15:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2007.03.20 15:13:38 | 000,300,544 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2007.01.12 10:52:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006.11.21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.08.04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2004.04.27 00:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 23:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 23:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 22:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.19 07:52:26 | 000,000,000 | ---D | M]
 
[2008.08.11 20:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.07.27 19:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions
[2010.04.27 23:24:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.28 15:10:41 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2008.10.07 20:39:52 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009.07.25 20:14:37 | 000,000,000 | ---D | M] (Ask Chrome Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\askopensearch-VTS@ask.com
[2010.11.18 00:19:48 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.09.21 23:43:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.07.13 09:16:48 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\foxmarks@kei.com
[2011.03.12 12:32:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\personas@christopher.beard
[2011.06.21 20:01:24 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\azqgcgkw.default\extensions\piclens@cooliris.com
[2008.07.27 23:33:57 | 000,005,310 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\azqgcgkw.default\searchplugins\footiefox.xml
[2011.03.24 21:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.22 21:18:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 21:46:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 21:51:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 21:02:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
[2009.01.09 21:37:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.25 00:04:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.02.08 00:53:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.22 21:18:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 21:46:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 21:51:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 21:02:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZQGCGKW.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZQGCGKW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZQGCGKW.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
[2011.07.02 22:35:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.07 23:42:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: () - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\Programme\Star Downloader\SDIEInt.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter]  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [tvjbmonitor] C:\Programme\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter]  File not found
O8 - Extra context menu item: Download with Star Downloader - C:\Programme\Star Downloader\sdie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Bilder\Wallpaper\IMG_6663.JPG
O24 - Desktop BackupWallPaper: F:\Bilder\Wallpaper\IMG_6663.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a2db21f-9312-11dd-bc1f-00197edc7e35}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{0a672670-27d1-11df-8d36-00197edc7e35}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{0a672670-27d1-11df-8d36-00197edc7e35}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{f6c3aece-eacf-11dd-b5ff-00197edc7e35}\Shell\AutoRun\command - "" = H:\TrueCrypt.exe /q /a /e /m rm /v "tanken_6GB"
O33 - MountPoints2\{f6c3aece-eacf-11dd-b5ff-00197edc7e35}\Shell\mount\command - "" = H:\TrueCrypt.exe /q /a /e /m rm /v "tanken_6GB"
O33 - MountPoints2\{f6c3aece-eacf-11dd-b5ff-00197edc7e35}\Shell\open\command - "" = H:\TrueCrypt.exe /e /m rm /v "tanken_6GB"
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.11 18:14:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- E:\***\Desktop\OTL.exe
[2011.08.11 07:18:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.08.10 23:31:46 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.10 23:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.10 23:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.10 23:31:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.10 23:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.29 21:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008.12.01 23:12:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
[1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.11 18:14:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\***\Desktop\OTL.exe
[2011.08.11 18:13:36 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.08.11 18:12:31 | 000,382,852 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.11 18:12:31 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.11 18:12:31 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.11 18:12:31 | 000,013,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.11 17:48:15 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.11 17:04:32 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.11 17:04:32 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.11 13:52:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.11 07:04:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.11 07:04:37 | 000,249,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.11 07:04:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.11 07:04:18 | 2137,460,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.11 00:10:03 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.10 23:31:46 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.10 12:19:27 | 000,158,720 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.03 07:27:39 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\{CF0599A2-42A0-48D3-AFFB-A3A226422097}
[2011.07.21 21:43:01 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\{1B9E9103-BE81-4198-89F0-112F6173EB10}
[2011.07.14 21:43:00 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\{C54367A9-F865-4FD9-93C0-BF500BF9C655}
[1 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.11 18:13:36 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.08.10 23:31:46 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.03 07:27:39 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{CF0599A2-42A0-48D3-AFFB-A3A226422097}
[2011.07.21 21:43:01 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{1B9E9103-BE81-4198-89F0-112F6173EB10}
[2011.07.14 21:43:00 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{C54367A9-F865-4FD9-93C0-BF500BF9C655}
[2011.06.26 22:36:49 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{0FF33413-6670-4052-8659-23CA3B8DB294}
[2011.05.19 22:22:56 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{7B663564-DB46-4B79-B4B3-47D876A906DB}
[2011.05.17 21:37:00 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{75EB25E7-160D-4609-94EA-DD0210880734}
[2011.05.17 11:32:06 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{EF79E007-8E29-42D4-8DCA-757B4FEBF200}
[2011.05.17 11:30:06 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{2115FAF6-6DEA-4171-8623-25F55D9FD6C3}
[2011.03.12 23:14:33 | 000,000,356 | ---- | C] () -- C:\Windows\wiso.ini
[2010.10.25 22:08:29 | 000,000,062 | ---- | C] () -- C:\Windows\wds.ini
[2010.02.20 22:00:37 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.02.20 22:00:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.09.14 01:19:41 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.08.10 21:52:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.10 21:52:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.27 23:44:57 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2009.03.19 23:49:47 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.01.20 12:50:03 | 000,303,616 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.01.20 12:50:02 | 000,000,202 | ---- | C] () -- C:\Windows\System32\Ic32.ini
[2008.08.26 14:06:14 | 000,000,071 | ---- | C] () -- C:\Windows\wmpg2.ini
[2008.08.13 19:43:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.02 21:56:30 | 000,000,196 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin
[2007.11.04 17:39:49 | 000,005,632 | ---- | C] () -- C:\Windows\System32\CNMVS47.DLL
[2007.09.06 23:27:44 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.09.05 22:35:16 | 000,158,720 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.04 23:08:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.04 22:57:49 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007.09.04 22:57:48 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007.09.02 17:36:13 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.09.02 17:31:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.09.02 17:18:30 | 000,796,048 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll
[2007.09.02 09:43:34 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.07.01 19:50:16 | 000,064,976 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll
[2006.12.12 11:13:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006.12.12 10:02:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006.12.12 10:01:48 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006.11.29 21:08:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 17:33:31 | 000,382,852 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,249,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:33:01 | 000,013,514 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.20 23:02:32 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.20 23:02:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004.03.26 10:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== LOP Check ==========
 
[2009.09.29 00:15:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.kde
[2011.03.13 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.03.12 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2011.03.31 21:44:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.08.10 11:13:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2008.12.22 20:09:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2011.06.23 01:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2007.09.11 23:33:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ID3-TagIT 3
[2010.12.11 22:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2007.09.25 21:18:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect
[2009.01.27 00:13:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Picturenaut
[2007.09.05 22:53:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pixmantec
[2007.11.03 11:47:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pokerth
[2011.06.18 08:29:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RavensburgerTipToi
[2011.05.01 09:01:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2011.08.11 00:10:03 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2007.09.02 13:22:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2007.11.04 17:40:59 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2007.09.06 22:42:49 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2011.08.11 07:05:29 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2007.11.26 00:42:47 | 000,000,000 | ---D | M] -- C:\Dell
[2011.02.12 23:28:25 | 000,000,000 | ---D | M] -- C:\divx
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.09.02 09:50:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.02.20 21:48:20 | 000,000,000 | ---D | M] -- C:\Intel
[2008.08.11 19:48:41 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.08.10 23:31:41 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.10 23:31:44 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.09.02 09:50:23 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.10 22:52:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.09.02 13:22:32 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.13 21:19:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 00:19:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.15 00:19:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-10 18:36:25
 
<           >

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 11.08.2011 18:16:02 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = E:\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,29% Memory free
2,94 Gb Paging File | 1,84 Gb Available in Paging File | 62,70% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 0,29 Gb Free Space | 1,21% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 0,15 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Drive E: | 7,81 Gb Total Space | 1,39 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive F: | 94,68 Gb Total Space | 3,59 Gb Free Space | 3,79% Space Free | Partition Type: FAT32
Drive G: | 234,93 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{54EEB489-D34A-49A6-9A4B-D1BB5F51C2DF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{698DE17F-F65E-4E89-AA7E-E0A1E5B2210C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8AEB53E4-DAB0-426C-BAEC-D772BDA2DAB0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9FA2992B-307E-45D8-A028-5E5785CAEDD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{58138580-A0BB-476B-B672-D9C4B93CCBB6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{6049CA3C-7FA7-4701-B773-EC3AF8536738}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{85E4B62D-819F-4615-925F-ED2D78D6DC41}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8AA9FD5A-D9A6-47E6-940E-44933A35CE47}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{DCAA29C1-A4A5-45DC-8BBF-E22A736F09B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F93CD31A-4BEE-43EC-B7A3-6A1E79B31461}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{1A8B0C28-39DC-4790-B476-EF19A4ADD813}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{249E1F37-76A3-43E7-9B66-0E7130EF60E2}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{2DDE7A56-6280-4B1F-8865-983F1F0B970F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{3D9F0185-E5A5-4D04-91A8-4CAE2A5B0D5F}C:6\backup_app\bilder\rsync.exe" = protocol=6 | dir=in | app=c:6\backup_app\bilder\rsync.exe | 
"TCP Query User{928C9B02-3811-4BF8-AEFB-934446D802DE}E:0\backup_app\benutzer\rsync.exe" = protocol=6 | dir=in | app=e:0\backup_app\benutzer\rsync.exe | 
"TCP Query User{BC5D7E8B-57DE-4515-8A8C-6C7ABF3A1F9A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{CE069B6B-8DB6-4313-A80A-ADD0A6F78149}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{DCDD5D51-EC85-4226-95EA-EDF79BAC12CE}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{FE4BD617-EF7B-4AF9-96FA-3720E42BFD08}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{01656FD9-9D5F-47FA-8DC8-96122C0C7156}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{60E45206-1543-43C9-95B8-78DD85C41D1D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6A908665-A737-4CA5-A891-4356E87CDF2D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{75A5BE36-BE7F-49F9-BB3D-1BF73D78A49F}C:6\backup_app\bilder\rsync.exe" = protocol=17 | dir=in | app=c:6\backup_app\bilder\rsync.exe | 
"UDP Query User{8EF803C8-56DE-4EC1-B155-4CFD1292502E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{DD398D51-B52F-46B5-BBE0-15BBED7EFE00}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{DE30A99D-30F1-4931-BC83-520B41DB744D}E:0\backup_app\benutzer\rsync.exe" = protocol=17 | dir=in | app=e:0\backup_app\benutzer\rsync.exe | 
"UDP Query User{EB88DD6A-AFB3-42A0-8486-30DF6CD71DEF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{F34C58F7-EBA0-4540-A8EE-9F9B2EA30ED9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.1
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Autopano_SIFT_23" = Autopano-SIFT 2.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon RAW Codec" = Canon RAW Codec
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Deutsch Stratego 1.0" = Deutsch Stratego 1
"Deutsche Geschichte" = Deutsche Geschichte
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Exifer_is1" = Exifer
"Google Updater" = Google Updater
"HappyFish" = HappyFish 1.5.0.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hotpot_is1" = HotPotatoes v 6.2.5.4
"Hugin_is1" = Hugin 0.7.0 (SVN 3465)
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PDF reDirect" = PDF reDirect (remove only)
"Praxis Geschichte 1998-2002" = Praxis Geschichte 1998-2002
"Ravensburger tiptoi" = Ravensburger tiptoi
"RawShooter essentials 2006" = RawShooter essentials 2006
"Star Downloader Free" = Star Downloader Free
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.4
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.10.2009 12:45:01 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.10.2009 12:53:11 | Computer Name = Laptop | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 09.10.2009 12:54:02 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 13:54:06 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 14:54:06 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 16:10:10 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 17:27:17 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 18:27:14 | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 09.10.2009 18:59:47 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.10.2009 18:59:47 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 28.06.2011 16:00:00 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 28.06.2011 16:00:00 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
Error - 06.07.2011 16:28:19 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 06.07.2011 16:28:19 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
Error - 09.07.2011 11:32:36 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 09.07.2011 11:32:36 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
Error - 18.07.2011 16:46:35 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 18.07.2011 16:46:35 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
Error - 09.08.2011 00:16:26 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
Error - 09.08.2011 00:16:26 | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Unable to provide access to "Everyone" for container Broadcom
 Wireless Adapter Manager Container Laptop\*** 
 
[ System Events ]
Error - 10.08.2011 16:03:59 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 10.08.2011 16:03:59 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.08.2011 16:39:00 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 10.08.2011 17:08:51 | Computer Name = Laptop | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 10.08.2011 17:09:43 | Computer Name = Laptop | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 10.08.2011 17:10:43 | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.08.2011 um 23:08:08 unerwartet heruntergefahren.
 
Error - 10.08.2011 17:11:15 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.08.2011 01:04:00 | Computer Name = Laptop | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 11.08.2011 01:04:16 | Computer Name = Laptop | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 11.08.2011 01:05:58 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

gmer.log:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-11 19:23:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH rev.0085001C
Running: 4q7eff8b.exe; Driver: C:\Users\Mario\AppData\Local\Temp\uwddapow.sys


---- System - GMER 1.0.15 ----

SSDT            8D02FBE6                                                                                         ZwCreateSection
SSDT            8D02FBEB                                                                                         ZwSetContextThread
SSDT            8D02FB87                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                    82ABD998 4 Bytes  [E6, FB, 02, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                    82ABDCF0 4 Bytes  [EB, FB, 02, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                    82ABDDA4 4 Bytes  [87, FB, 02, 8D]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edc7e35                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edc7e35@0021feaccd0c         0x52 0xF2 0xEC 0xFC ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197edc7e35 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197edc7e35@0021feaccd0c             0x52 0xF2 0xEC 0xFC ...

---- EOF - GMER 1.0.15 ----

mbam.log

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7435

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

11.08.2011 21:02:08
mbam-log-2011-08-11 (21-02-08).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 423689
Time elapsed: 1 hour(s), 33 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Bundespolizei Trojaner selber entfernt?

Log-Analyse und Auswertung: Bundespolizei Trojaner selber entfernt?

Bundespolizei Trojaner selber entfernt?

Ähnliche Themen: Bundespolizei Trojaner selber entfernt?