Hallo an alle!
Habe gestern Abend von Antivir auf meinem Arbeitsrechner (iMac 2,8 Ghz, läuft über Win XP, SP3 (alle erforderlichen Updates immer gemacht)) die Virenmeldung "backdoor.gen 5" gefunden erhalten.
Maßnahmen danach:
1. Virus in die Quarantäne verschoben
2. Von einem sicheren Rechner aus alle PW geändert
3. Recherche was kann man tun...
Bei meinen Recherchen im Netz (ja, ich kann mit dem verseuchten Rechner noch aufs Netz zugreifen, was ich inzwischen aber von einem sicheren Rechner aus mache) habe ich eigentlich nur Foren gefunden, in denen empfohlen wurde den Rechner neu aufzusetzen... Allerdings möchte ich mir das (wenn möglich) sparen und bin auf dieses Forum gestoßen. Da ja vor kurzer Zeit schon einmal bei jemand erfolgreich durch eure Hilfe das Ding entfernt werden konnte, möchte ich hier noch einmal nach der genauen Vorgehensweise fragen.

Danke & Gruß

jotteff

hi,
öffne avira, berichte, poste, falls der fund bei nem scan auftauchte, den scan bericht, falls es eine guard meldung war, avira, ereignisse.

Hallo Markus!
Es handelte sich im eine Guard Meldung:
Log1:

Code: Alles auswählenAufklappen

ATTFilter

12.01.2012 19:50 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\System Volume 
      Information\_restore{F5554D4E-844F-4DF6-9569-01277F0A7211}\RP179\A0104338.exe'
      wurde ein Virus oder unerwünschtes Programm 'BDS/Backdoor.Gen5' [backdoor] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         

Log2:

Code: Alles auswählenAufklappen

ATTFilter

12.01.2012 20:22 [System Scanner] Malware gefunden
      Die Datei 'C:\System Volume 
      Information\_restore{F5554D4E-844F-4DF6-9569-01277F0A7211}\RP179\A0104338.exe'
      enthielt einen Virus oder unerwünschtes Programm 'BDS/Backdoor.Gen5' [backdoor].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d3a9226.qua' 
      verschoben!
         

hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die
  OTL.exe
  .
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die
  Textbox.

Code: Alles auswählenAufklappen

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere
  nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Erst einmal vielen Dank für die schnelle Hilfe & Antworten!

So, hier nun die Logfiles (sorry, habe gerade festgestellt das ich anstatt des QuickScans den Normalen Scan gemacht habe...soll ich wiederholen?):

OTL.txt:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 13.01.2012 13:26:41 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Jörg Frohn\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,98 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,68% Memory free
3,83 Gb Paging File | 3,40 Gb Available in Paging File | 88,71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 249,89 Gb Total Space | 164,59 Gb Free Space | 65,86% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: Jörg Frohn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.13 13:23:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jörg Frohn\My Documents\Downloads\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.11.14 23:40:46 | 000,427,296 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2009.11.14 23:40:46 | 000,136,504 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2009.11.14 23:40:46 | 000,099,640 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2009.11.12 20:34:33 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.03.16 12:29:28 | 006,562,432 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2008.12.10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2008.04.15 14:31:18 | 000,147,456 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\IRW.exe
PRC - [2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.12.26 17:08:48 | 000,053,248 | ---- | M] () -- C:\Program Files\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.11.14 23:40:46 | 000,136,504 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
MOD - [2009.03.16 12:29:28 | 006,562,432 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
MOD - [2009.02.25 15:54:26 | 002,076,672 | ---- | M] () -- C:\xampp\apache\bin\libmysql.dll
MOD - [2009.02.25 15:54:26 | 000,464,172 | ---- | M] () -- C:\xampp\apache\bin\libpq.dll
MOD - [2009.02.25 15:54:26 | 000,166,912 | ---- | M] () -- C:\xampp\apache\bin\libmcrypt.dll
MOD - [2008.01.18 00:17:16 | 000,073,782 | ---- | M] () -- C:\xampp\apache\bin\zlib1.dll
MOD - [2008.01.07 16:47:48 | 000,721,095 | ---- | M] () -- C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll
MOD - [2007.10.30 13:28:00 | 000,086,016 | ---- | M] () -- C:\xampp\apache\bin\pxlib.dll
MOD - [2007.10.25 09:34:00 | 000,163,840 | ---- | M] () -- C:\xampp\apache\bin\pslib.dll
MOD - [2007.02.04 10:14:48 | 000,020,687 | ---- | M] () -- C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll
MOD - [2006.12.26 17:08:48 | 000,053,248 | ---- | M] () -- C:\Program Files\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.11.14 23:40:46 | 000,136,504 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2009.11.14 23:40:46 | 000,099,640 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2009.03.16 12:29:28 | 006,562,432 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2009.03.03 13:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2009.03.03 11:19:28 | 000,691,200 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2008.12.10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.09 00:04:25 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.22 07:45:26 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2011.08.17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.20 15:42:27 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.20 15:42:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.11.14 23:40:46 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009.10.16 07:36:50 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2009.05.30 12:22:32 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.15 15:36:37 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.15 14:35:01 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008.04.15 14:33:14 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.04.15 14:31:18 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008.04.15 14:30:24 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008.04.15 14:29:18 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.03.20 14:13:38 | 000,300,544 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2004.10.14 01:27:54 | 000,054,272 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys -- (Serial)
DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2001.02.01 15:10:12 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: catalog-csv-export@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: colournotes@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:1.0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jörg Frohn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jörg Frohn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\PHPEditXdebugExtension@waterproof.fr: C:\Program Files\WaterProof\PHPEdit\4.0.6\Tools\FirefoxExtension\unpacked
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.23 21:38:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 10:25:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\PHPEditXdebugExtension@waterproof.fr: C:\Program Files\WaterProof\PHPEdit\4.0.6\Tools\FirefoxExtension\unpacked
 
[2009.08.19 22:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jörg Frohn\Application Data\Mozilla\Extensions
[2009.07.24 17:30:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jörg Frohn\Application Data\Mozilla\Extensions\{6376c195-6789-9a8b-ef87-f5268f87e875}
[2009.08.19 22:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jörg Frohn\Application Data\Mozilla\Extensions\celtx@celtx.com
[2011.12.27 11:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jörg Frohn\Application Data\Mozilla\Firefox\Profiles\y9z0xjiy.default\extensions
[2011.12.16 17:53:41 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Jörg Frohn\Application Data\Mozilla\Firefox\Profiles\y9z0xjiy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.11.11 18:58:19 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Documents and Settings\Jörg Frohn\Application Data\Mozilla\Firefox\Profiles\y9z0xjiy.default\extensions\webrank-toolbar@probcomp.com
[2012.01.13 08:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.13 08:45:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JöRG FROHN\APPLICATION DATA\GREYFIRST\CELTX\PROFILES\QHAOEDF1.DEFAULT\EXTENSIONS\CATALOG-CSV-EXPORT@CELTX.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JöRG FROHN\APPLICATION DATA\GREYFIRST\CELTX\PROFILES\QHAOEDF1.DEFAULT\EXTENSIONS\COLOURNOTES@CELTX.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JöRG FROHN\APPLICATION DATA\GREYFIRST\CELTX\PROFILES\QHAOEDF1.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG
[2010.03.15 18:21:09 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2010.03.15 18:21:09 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2010.03.15 18:21:09 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2010.03.15 18:21:09 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010.03.15 18:21:08 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2010.03.15 18:21:08 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2010.03.15 18:21:08 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2011.12.23 21:38:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask.com Deutschland (Enabled)
CHR - default_search_provider: search_url = hxxp://de.ask.com/web?q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.de.ask.com/query?q={searchTerms}&li=ff
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\J\u00F6rg Frohn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\J\u00F6rg Frohn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\J\u00F6rg Frohn\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlus for Adobe 15235 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\J\u00F6rg Frohn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Jörg Frohn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Documents and Settings\Jörg Frohn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Documents and Settings\Jörg Frohn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.07.18 20:39:49 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IRW] C:\WINDOWS\system32\IRW.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe ()
O4 - HKCU..\Run: [IBP]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe (NewSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001E95A2-81CD-466B-844D-F6ACE407E56F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.23 07:37:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6e50c14c-4955-11de-8e86-00231247ebb8}\Shell - "" = AutoRun
O33 - MountPoints2\{6e50c14c-4955-11de-8e86-00231247ebb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e50c14c-4955-11de-8e86-00231247ebb8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {32D4FC70-215E-90B5-983C-8D5F74380D80} - Outlook Express
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2D45FA4-4F81-2D39-A753-4F22239799DB} - Outlook Express
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash Object
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.13 09:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
[2012.01.13 09:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32
[2012.01.13 08:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011.12.26 14:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jörg Frohn\Application Data\Scribus
[2011.12.26 14:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jörg Frohn\Start Menu\Programs\Scribus 1.4.0.rc6
[2011.12.26 14:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Scribus 1.4.0.rc6
[2011.12.26 12:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011.12.26 12:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jörg Frohn\Local Settings\Application Data\Paint.NET
[2011.12.20 12:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\pdfCreator
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.13 13:09:02 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel (2).lnk
[2012.01.13 12:41:43 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.13 12:41:43 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.13 12:36:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.13 10:39:33 | 002,425,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.12 18:07:59 | 000,002,585 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee 9 Foto-Manager.lnk
[2012.01.12 15:31:53 | 000,002,529 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012.01.11 11:00:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.01.10 17:54:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.01.10 13:00:54 | 000,165,466 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\k-b.png
[2012.01.10 13:00:24 | 000,153,759 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\b-k.png
[2012.01.09 14:10:23 | 000,224,742 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\fa.png
[2012.01.04 20:19:12 | 000,591,761 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\3.png
[2012.01.04 20:09:56 | 000,604,660 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\2.png
[2012.01.04 20:07:34 | 000,927,832 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\1.png
[2012.01.03 11:31:21 | 000,013,684 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.02 17:33:31 | 000,013,278 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\product_listing_v1.html
[2012.01.02 17:11:44 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\mailvorlage.htm
[2011.12.27 20:13:31 | 000,381,004 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\babyzimmer fehlermeldung.png
[2011.12.26 17:27:18 | 000,059,580 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\FireShot Screen Capture #148 - 'Installer - Welcome' - www_mein-baby-kinderzimmer_de_xtc_installer.png
[2011.12.24 14:12:44 | 000,081,401 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\db export.png
[2011.12.23 12:40:00 | 003,670,678 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Desktop\New Year 12.bmp
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.10 13:00:54 | 000,165,466 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\k-b.png
[2012.01.10 13:00:24 | 000,153,759 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\b-k.png
[2012.01.09 14:10:23 | 000,224,742 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\fa.png
[2012.01.04 20:10:49 | 000,591,761 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\3.png
[2012.01.04 20:09:56 | 000,604,660 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\2.png
[2012.01.04 20:07:34 | 000,927,832 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\1.png
[2012.01.02 17:30:29 | 000,013,278 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\product_listing_v1.html
[2012.01.02 17:03:54 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\mailvorlage.htm
[2011.12.27 20:13:31 | 000,381,004 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\babyzimmer fehlermeldung.png
[2011.12.26 17:27:18 | 000,059,580 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\FireShot Screen Capture #148 - 'Installer - Welcome' - www_mein-baby-kinderzimmer_de_xtc_installer.png
[2011.12.26 12:39:55 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
[2011.12.24 14:12:44 | 000,081,401 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\db export.png
[2011.12.23 12:40:00 | 003,670,678 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Desktop\New Year 12.bmp
[2011.12.06 01:01:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.12.04 11:58:21 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\af15irtbl.bin
[2011.04.09 15:27:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010.06.26 10:26:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.05.04 21:54:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.05.04 21:51:47 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2010.03.27 23:42:19 | 000,088,576 | -H-- | C] () -- C:\Documents and Settings\Jörg Frohn\Application Data\rbap550.dll
[2010.03.27 23:42:19 | 000,038,912 | -H-- | C] () -- C:\Documents and Settings\Jörg Frohn\Application Data\RBShell550.dll
[2010.02.26 18:11:26 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010.01.13 13:40:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010.01.13 13:40:37 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010.01.13 13:40:37 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2010.01.13 13:00:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009.12.20 15:42:27 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.12.20 15:42:22 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.12.08 17:10:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.11.15 14:40:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2009.11.14 23:40:46 | 000,136,504 | ---- | C] () -- C:\WINDOWS\System32\AppleOSSMgr.exe
[2009.08.16 14:38:00 | 000,000,514 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2009.07.06 01:58:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.07.06 01:58:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.07.06 01:58:56 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.07.06 01:58:56 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.07.06 01:58:56 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.07.06 01:58:56 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2009.06.20 13:37:04 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2009.06.20 13:37:03 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2009.06.20 13:37:02 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009.06.18 01:41:14 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Jörg Frohn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.28 20:18:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.05.23 23:04:31 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009.05.23 22:59:47 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.05.23 19:53:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.05.23 19:28:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.05.23 19:26:55 | 002,425,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.05.23 07:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.05.23 07:45:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.05.23 07:44:18 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009.05.23 07:43:55 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009.05.23 07:43:55 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.05.23 07:43:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.05.23 07:43:55 | 000,160,289 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.05.23 07:38:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.05.23 07:35:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2005.03.22 19:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.22 19:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 11:00:00 | 000,432,928 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 11:00:00 | 000,067,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.03.21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1995.03.14 05:22:21 | 000,000,080 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.08.09 11:41:43 | 000,000,000 | ---D | M] -- C:\0e833532355feea1bfc1a192382d3c
[2009.05.23 07:46:03 | 000,000,000 | ---D | M] -- C:\255e011e13b2771731befbaf58b7
[2009.12.27 13:44:10 | 000,000,000 | ---D | M] -- C:\BrowserPlusPlugins
[2009.05.23 07:37:45 | 000,000,000 | ---D | M] -- C:\DELL
[2010.04.04 18:04:01 | 000,000,000 | ---D | M] -- C:\dj5551
[2009.06.20 13:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2010.01.13 13:06:45 | 000,000,000 | ---D | M] -- C:\epson
[2009.05.23 07:45:08 | 000,000,000 | ---D | M] -- C:\fe6ddff631733c6c552e970cd28f20
[2009.05.23 07:43:52 | 000,000,000 | ---D | M] -- C:\Intel
[2010.07.16 18:57:10 | 000,000,000 | ---D | M] -- C:\MRecord
[2012.01.13 09:59:36 | 000,000,000 | ---D | M] -- C:\Program Files
[2009.12.09 02:04:44 | 000,000,000 | ---D | M] -- C:\Programme
[2009.05.23 20:06:04 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.11.30 11:44:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.12 09:54:26 | 000,000,000 | ---D | M] -- C:\tango solo Daten
[2011.10.24 10:24:11 | 000,000,000 | ---D | M] -- C:\temp
[2011.08.03 13:41:44 | 000,000,000 | ---D | M] -- C:\websites
[2012.01.12 18:07:21 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2011.08.06 00:13:30 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\i386\atapi.sys
[2004.08.04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.04 11:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 22:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\dell\iastor\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATA.SYS  >
[2006.10.18 23:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\nvata.sys
 
< MD5 for: NVATABUS.SYS  >
[2006.10.18 22:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 04:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2004.08.04 11:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 11:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 11:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.05.23 19:25:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.05.23 19:25:56 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.05.23 19:25:56 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.10.19 12:32:35 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\.gtk-bookmarks
[2011.10.19 12:33:07 | 000,002,440 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\.recently-used.xbel
[2012.01.13 13:24:12 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Jörg Frohn\NTUSER.DAT
[2012.01.13 13:29:30 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Jörg Frohn\ntuser.dat.LOG
[2012.01.13 10:58:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jörg Frohn\ntuser.ini
[2011.10.19 00:39:07 | 000,015,428 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\RefEdit.exd
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
[2011.12.04 17:48:29 | 042,132,368 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\Nokia_PC_Suite_ger.exe
[2011.12.04 17:36:15 | 091,665,264 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\Nokia_Suite_PCS_update.exe
[2011.12.20 12:54:36 | 010,245,752 | ---- | M] (Geek Software GmbH                                          ) -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\pdf24-creator-update.exe
[2011.12.01 14:17:11 | 023,803,016 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\SkypeSetup.exe
[2007.04.05 14:39:32 | 000,455,600 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\_is23A.exe
[2007.04.04 22:39:32 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\_is42.exe
[2007.04.05 14:39:32 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\_is43.exe
[2007.04.05 14:39:32 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\_is44.exe
[2007.04.05 14:39:32 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\_is45.exe
[192 C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
[2011.12.04 17:16:21 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\NEventMessages.dll
[2011.12.04 17:17:57 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\NOSEventMessages.dll
[192 C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jörg Frohn\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 14:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 488 bytes -> C:\Documents and Settings\Jörg Frohn\My Documents\Firmenpräsentation de Breuyn.ppp:SummaryInformation

< End of report >
         

und die Extras.txt:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 13.01.2012 13:26:41 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Jörg Frohn\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,98 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,68% Memory free
3,83 Gb Paging File | 3,40 Gb Available in Paging File | 88,71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 249,89 Gb Total Space | 164,59 Gb Free Space | 65,86% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: Jörg Frohn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020F7CC-87D8-44B1-B065-505C74355986}" = SmartFTP Client
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{410F24C4-ACD8-411B-9F9A-991E0AAE760C}" = Carbide.ui Theme Edition 3.4
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5589CD-C73E-4C8A-B755-F454A94BD7D9}" = SmartFTP Client German (Germany) MUI
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AE25201-3E12-4FA2-9E65-67CD475D9263}" = ACDSee 9 Foto-Manager
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B2E83D4-ABED-4709-B908-4B5022FDED9B}" = Serif PagePlus X5
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD26CB5-035A-495E-83B8-92215B6DA3DE}" = Avid Free DV
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C88386DE-0D91-4738-9ABD-A991D118A191}" = HiNetRecorder
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3FD74FE-BF2C-46E3-B708-8FBF535364A1}" = tango solo
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp-Dienste
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.1
"02FEC2FAAA7DED51CAF15F06DB8B63E735EE735C" = Windows Driver Package - Apple Inc. (applebt) Bluetooth  (04/06/2008 2.1.0.1)
"144A90A8644F24BDCA0607CBAE7F90C2F5427DA4" = Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net  (04/03/2006 9.3.39.0)
"2CA2C2712E3120F27F44A38A6FA5540D9A93CA01" = Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
"3 Heroes V maps: Landet_is1" = 3 Heroes V maps: Landet
"3F930CC3EE841B82D6D463716B5F67BD240BBD46" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net  (03/23/2007 10.12.7.3)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"7-Zip" = 7-Zip 4.65
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net  (01/06/2006 8.6.17.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System  (07/20/2007 1.2.76.0)
"8BBE3DC2B1A38488ADAF1D96E1296F4F88B7F69C" = Windows Driver Package - CirrusLogic (HdAudAddService) MEDIA  (09/15/2009 1.0.0.26)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.4.3.18)
"AD3F97DB12E1CE21FA0120AB7CE80FADD54FC0AB" = Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"BeClean_is1" = BeClean
"C71CD722DD357F78301EAEA028431241C2D91890" = Windows Driver Package - Apple Inc. System  (09/12/2007 2.0.1.1)
"CD6212024668E03491C257CA53617893F2E8E924" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net  (04/05/2007 5.3.0.35)
"Celtx (2.7)" = Celtx (2.7)
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net  (06/26/2007 6.0.3.94)
"D922ADD1498E7464ED76231D79D703FC1320C80C" = Windows Driver Package - Broadcom (BCM43XX) Net  (09/20/2007 4.170.25.12)
"DATA BECKER Visitenkarten Druckerei 2002" = DATA BECKER Visitenkarten Druckerei 2002
"Direct Stream Recorder" = Direct Stream Recorder (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular 12.4.0.7094u" = ElsterFormular
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"F5A89004299B5282B8B5D7D9F7253FF13C58628F" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
"FileZilla Client" = FileZilla Client 3.5.3
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.5
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"HWiNFO32_is1" = HWiNFO32 Version 3.91
"IBP11_is1" = IBP 11.9.1
"ie8" = Windows Internet Explorer 8
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NetObjects Fusion Essentials" = NetObjects Fusion Essentials
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Paper Label Maker_is1" = Paper Label Maker 1.16
"Pfanneberg_Standard" = Pfanneberg - Herings Lexikon der Küche
"RealPlayer 12.0" = RealPlayer
"Scribus 1.4.0" = Scribus 1.4.0.rc6
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMART PANEL for Scanner" = EPSON SMART PANEL for Scanner
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"StPaint_is1" = StPaint Ver. 1.4.1.1
"TClockEx_is1" = TClockEx
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"xampp" = XAMPP 1.7.1
"xp-AntiSpy" = xp-AntiSpy 3.97-3
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.11.2011 12:18:54 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 8.0.0.4325, faulting module
 jvm.dll, version 20.4.0.2, fault address 0x0005e4e2.
 
Error - 24.11.2011 06:13:32 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application acdsee9.exe, version 9.0.55.0, faulting module
 acdsee9.exe, version 9.0.55.0, fault address 0x001620a4.
 
Error - 26.11.2011 06:03:30 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application acdsee9.exe, version 9.0.55.0, faulting module
 kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
 
Error - 28.11.2011 12:22:44 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 10.0.0.0, faulting module
 msvcr80.dll, version 8.0.50727.4053, fault address 0x00008aa0.
 
Error - 29.11.2011 12:12:42 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 10.0.0.0, faulting module
 msvcr80.dll, version 8.0.50727.4053, fault address 0x00008aa0.
 
Error - 30.11.2011 05:55:02 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 10.0.0.0, faulting module
 msvcr80.dll, version 8.0.50727.4053, fault address 0x00008aa0.
 
Error - 21.12.2011 11:12:32 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application acdsee9.exe, version 9.0.55.0, faulting module
 kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
 
Error - 29.12.2011 10:55:18 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application h5_game.exe, version 3.0.1.141, faulting module
 h5_game.exe, version 3.0.1.141, fault address 0x002683cb.
 
Error - 30.12.2011 06:36:36 | Computer Name = HOME | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Outlook.
 
Error - 10.01.2012 13:04:44 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 10.0.0.0, faulting module
 photoshop.exe, version 10.0.0.0, fault address 0x00ba8be8.
 
[ System Events ]
Error - 09.01.2012 23:05:20 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
Error - 10.01.2012 07:19:30 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
Error - 11.01.2012 05:47:47 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
Error - 11.01.2012 06:03:40 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
Error - 11.01.2012 14:20:44 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
Error - 12.01.2012 05:22:51 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
Error - 12.01.2012 13:05:39 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
Error - 13.01.2012 03:37:55 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
Error - 13.01.2012 05:38:27 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
Error - 13.01.2012 07:36:25 | Computer Name = HOME | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
 
 
< End of report >
         

kein problem, sieht erst mal gut aus.

malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

So, da bin ich wieder mit neuen Ergebnissen...

Logfile Malewarebytes:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.13.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jörg Frohn :: HOME [Administrator]

13.01.2012 14:20:47
mbam-log-2012-01-13 (14-20-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 371097
Laufzeit: 3 Stunde(n), 37 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\System Volume Information\_restore{F5554D4E-844F-4DF6-9569-01277F0A7211}\RP86\A0043752.dll (PUP.PWSTool.SnadBoy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{F5554D4E-844F-4DF6-9569-01277F0A7211}\RP86\A0043753.exe (HackTool.Snadboy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{F5554D4E-844F-4DF6-9569-01277F0A7211}\RP87\A0043765.exe (PUP.PWDump) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{F5554D4E-844F-4DF6-9569-01277F0A7211}\RP87\A0043768.exe (HackTool.SnadBoy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{F5554D4E-844F-4DF6-9569-01277F0A7211}\RP87\A0043775.exe (HackTool.Asterisk) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{F5554D4E-844F-4DF6-9569-01277F0A7211}\RP97\A0050691.exe (Rogue.BoanK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{F5554D4E-844F-4DF6-9569-01277F0A7211}\RP151\A0080673.exe (RiskWare.TinyPE.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

• Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
  Tool
  
  Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  
• Hinweis:
  Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  
• Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

und hier der neue Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-01-13.03 - Jörg Frohn 13.01.2012  19:40:53.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1033.18.2029.1465 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Jörg Frohn\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jörg Frohn\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\dasetup.log
c:\windows\IsUn0407.exe
c:\windows\system32\AF15BDAEX.dll
c:\windows\unin0407.exe
.
c:\windows\system32\drivers\i8042prt.sys fehlte 
Kopie von - c:\windows\ServicePackFiles\i386\i8042prt.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-13 bis 2012-01-13  ))))))))))))))))))))))))))))))
.
.
2012-01-13 18:46 . 2008-04-13 22:48	52480	-c--a-w-	c:\windows\system32\dllcache\i8042prt.sys
2012-01-13 18:46 . 2008-04-13 22:48	52480	----a-w-	c:\windows\system32\drivers\i8042prt.sys
2012-01-13 18:17 . 2012-01-13 18:48	--------	d-----w-	c:\windows\SxsCaPendDel
2012-01-13 13:19 . 2012-01-13 13:19	--------	d-----w-	c:\documents and settings\Jörg Frohn\Application Data\Malwarebytes
2012-01-13 13:19 . 2012-01-13 13:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-13 13:19 . 2012-01-13 13:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-13 13:19 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-03 13:10 . 2012-01-03 13:10	182672	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10	182672	----a-w-	c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-26 13:53 . 2011-12-26 13:54	--------	d-----w-	c:\documents and settings\Jörg Frohn\Application Data\Scribus
2011-12-26 11:39 . 2012-01-13 18:17	--------	d-----w-	c:\program files\Paint.NET
2011-12-26 11:39 . 2011-12-26 12:32	--------	d-----w-	c:\documents and settings\Jörg Frohn\Local Settings\Application Data\Paint.NET
2011-12-23 20:38 . 2011-12-23 20:38	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-23 20:38 . 2011-12-23 20:38	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-23 20:38 . 2011-12-23 20:38	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-23 20:38 . 2011-12-23 20:38	43992	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 23:04 . 2011-10-20 08:46	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-25 21:57 . 2004-08-04 10:00	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 10:00	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 10:00	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 10:00	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 10:00	152064	----a-w-	c:\windows\system32\schannel.dll
2011-11-15 09:02 . 2011-05-17 17:11	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2006-03-04 03:33	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 10:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 10:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 10:00	385024	----a-w-	c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 10:00	386048	----a-w-	c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 10:00	1292288	----a-w-	c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 10:00	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 10:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-27 18:11 . 2011-10-27 18:11	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-10-25 13:37 . 2005-03-30 01:21	2148864	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01	2027008	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 10:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-12-23 20:38 . 2011-03-25 18:22	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\prxtbWin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Winload\prxtbWin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\prxtbWin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\prxtbWin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IRW"="c:\windows\system32\IRW.exe" [2008-04-15 147456]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2009-11-14 427296]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-12 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-15 16855552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"tvjbmonitor"="c:\program files\MMEDIA\TV Jukebox 3.1\tvjbMonitor.exe" [2006-12-26 53248]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-12-16 220744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe [2010-1-13 180224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [20.10.2011 09:46 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [20.10.2011 09:46 86224]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [14.11.2009 23:40 136504]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [14.11.2009 23:40 99640]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [14.11.2009 23:40 5760]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [15.04.2008 14:30 6528]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [23.05.2009 07:45 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [23.05.2009 07:46 23552]
S1 PDIDRV;PDIDRV; [x]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2010-03-10 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Jörg Frohn\Application Data\Mozilla\Firefox\Profiles\y9z0xjiy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-IBP - (no file)
AddRemove-DATA BECKER Visitenkarten Druckerei 2002 - c:\windows\IsUn0407.exe
AddRemove-NetObjects Fusion Essentials - c:\windows\IsUn0407.exe
AddRemove-SMART PANEL for Scanner - c:\windows\unin0407.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-13 19:51
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-963894560-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37DCA0EB-57C3-E44B-4173-8964D5AF4DC5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaeklmaabhemniimgm"=hex:6a,61,66,6c,68,63,70,67,67,6f,6f,66,63,69,65,62,65,69,
   68,6a,00,88
"hacnaoaipgfgimmh"=hex:6a,61,66,6c,68,63,70,67,67,6f,6f,66,63,69,65,62,65,69,
   68,6a,00,f0
.
[HKEY_USERS\S-1-5-21-1659004503-963894560-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:9f,09,96,f9,4e,c5,55,f3,57,9c,b3,88,29,29,55,22,b2,61,cd,81,ed,
   5c,d2,7a,fe,64,96,77,e1,98,36,85,96,e9,c7,85,f9,7c,9e,0f,ef,50,95,64,c8,91,\
"rkeysecu"=hex:16,b2,05,06,c7,20,72,d6,4c,f6,05,20,a9,74,0d,c3
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4d,07,48,89,fa,39,e9,e5,ac,2e,92,04,43,f0,9d,01,7d,8e,d5,77,11,
   a8,c1,74,22,ba,6b,26,25,ae,0e,3b,8e,9b,65,f9,e3,8d,13,74,db,38,ac,54,76,a5,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:4d,07,48,89,fa,39,e9,e5,ac,2e,92,04,43,f0,9d,01,7d,8e,d5,77,11,
   a8,c1,74,22,ba,6b,26,25,ae,0e,3b,8e,9b,65,f9,e3,8d,13,74,db,38,ac,54,76,a5,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-13  19:56:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-13 18:56
.
Vor Suchlauf: 181.911.027.712 bytes free
Nach Suchlauf: 182.063.304.704 bytes free
.
- - End Of File - - 70E70070E8F054EFCE83CAFC30A0B8D6
         

öffne mal arbeitsplatz c: qoobox
rechtsklick quarantain, mit winrar oder anderem packprogramm packen, archiv hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

Gepackte Datei ist hochgeladen!

nutzt du das system für onlinebanking, einkäufe sonstige zahlungsabwicklungen oder ähnlich wichtiges?

Das hört sich nicht gut an...

Mach ich, allerdings.. (habe allerdings auch alle PW über einen sicheren Rechner geändert, sodass sogar bei PW Klau alles wieder Ok sein sollte...)

Was findest du denn in der Datei wo (nur damit ich es mir auch mal ansehen kann...)

trotzdem, du hattest ein rootkit auf dem system, es ist damit nicht mehr sicher.
außerdem laut malwarebytes, einiges an passwort stealern welche zumindest in der vergangenheit aktiv gewesen sein müssen
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

• deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
• dann sichere Daten auf einen externen Datenträger (USB-Platte): http://www.trojaner-board.de/82533-d...ted-magic.html
  Bider, Dokumente, Musik, Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neuinstallieren:

• nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
• Recovery CD oder Recovery Partition?
• falls dies ein Fertig-PC ist, nenne Hersteller + Typ.
• Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Shice... Ich habs mir ja schon fast gedacht... Wenn es kommt dann wenigstens zum unpassensten Zeitpunkt, da ich den Rechner morgen dringend brauche...

Nun gut, die CD's liegen schon alle seit gestern bereit, dann werde ich mal...

TROTZDEM zwischendurch auch noch einmal 1000 Dank für Deine Mühe!!!

Vielleicht noch eine Frage. Da der Rechner ja ein ursprünglicher iMac ist, läuft über den Rootkit XP nur auf einer Partition. Du hast von formatieren gesprochen. grundsätzlich weiß ich wie es geht, habe nur schon länger nicht mehr mit dem Rootkit von Apple gearbeitet. Falls eine Formatierung mit dem Ding nicht möglich ist, reicht es auch einfach nur, XP neu aufzuspielen oder besteht die Gefahr das der Rechner dann trotzdem noch infiltriert ist?