ICQ verschickt Links / Internet Explorer öffnet Fenster

Plüschmietz · 05.05.2010, 16:31

Hi, ich habe das gleiche Problem wie Talla83 (http://www.trojaner-board.de/85711-i...t-fenster.html).
hab jetz auch schon mal den vollscan mit malware gemacht. dabei kam das raus:

Code:

ATTFilter

alwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4069

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

05.05.2010 17:26:21
mbam-log-2010-05-05 (17-26-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 117052
Laufzeit: 6 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Jenny\AppData\Local\Temp\Pwj.exe (Trojan.Fraudpack) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

werd jetz noch den OTL scan machen und das dann dazu editieren.

Edit: Hier die 2 Log Datein von OTL:
OTL:
#

Code:

ATTFilter

OTL logfile created on: 05.05.2010 17:35:25 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\Jenny\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
767,00 Mb Total Physical Memory | 130,00 Mb Available Physical Memory | 17,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 46,67 Gb Total Space | 16,17 Gb Free Space | 34,65% Space Free | Partition Type: NTFS
Drive D: | 60,23 Gb Total Space | 31,23 Gb Free Space | 51,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jenny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jenny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (O2Flash) -- C:\Windows\System32\o2flash.exe (O2Micro International)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2010.01.25 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2010.01.02 19:46:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.06.01 05:37:41 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Jenny\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Jenny\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1181392298\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [WEB.DE Update] C:\Programme\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VR\AOL.EXE File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe File not found
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKCU..\Run: [PowerBar] C:\Program Files\CyberLink\DVD Solution\PowerBar.exe (Cyberlink, Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WindowsSystemGuard] C:\Users\Public\winsvcn.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jenny\Pictures\Urlaub Teneriffa 09\JD800772.JPG
O24 - Desktop BackupWallPaper: C:\Users\Jenny\Pictures\Urlaub Teneriffa 09\JD800772.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0de54312-caa2-11dc-bcd9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0de54312-caa2-11dc-bcd9-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{0de54313-caa2-11dc-bcd9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0de54313-caa2-11dc-bcd9-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{10916996-ca9d-11dc-b421-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{10916996-ca9d-11dc-b421-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{223c1788-9508-11dc-b523-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{223c1788-9508-11dc-b523-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{223c1793-9508-11dc-b523-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{223c1793-9508-11dc-b523-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{2a83f121-a5a0-11dc-a486-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2a83f121-a5a0-11dc-a486-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6834d291-caa7-11dc-bcea-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6834d291-caa7-11dc-bcea-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{6b600823-bde9-11dc-b882-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6b600823-bde9-11dc-b882-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{826f27a1-a5a1-11dc-a31e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{826f27a1-a5a1-11dc-a31e-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{83df1b0d-be07-11dc-b88c-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{83df1b0d-be07-11dc-b88c-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{877664d6-be05-11dc-b094-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{877664d6-be05-11dc-b094-806e6f6e6963}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{9e921d60-f78b-11de-ac0b-00038a000015}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{b24f21cb-6e14-11dd-b872-00038a000015}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{db718c92-bdef-11dc-ae64-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{db718c92-bdef-11dc-ae64-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{dfce347b-e6e3-11dc-92cc-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{dfce347b-e6e3-11dc-92cc-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{fdef6a19-da71-11dc-b868-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fdef6a19-da71-11dc-b868-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.01 23:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.06.01 23:04:55 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.06.01 23:04:52 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010.06.01 23:04:51 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QTCF.dll
[2010.06.01 23:04:38 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime Alternative
[2010.06.01 05:48:15 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\skypePM
[2010.06.01 05:41:17 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Skype
[2010.06.01 05:39:51 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.06.01 05:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.06.01 05:37:18 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Gutscheinmieze
[2010.05.05 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes
[2010.05.05 17:08:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.05 17:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.05 17:08:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.05 17:08:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.05 17:07:35 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2010.05.05 17:06:10 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jenny\Desktop\mbam-setup.exe
[2010.05.05 16:03:38 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.05.04 21:02:43 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Musik 05.10
[2010.05.02 15:49:41 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.05.02 15:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.02 15:38:10 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.05.02 15:38:03 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.05.02 15:38:03 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.05.02 15:37:07 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\TuneUp Software
[2010.05.02 15:36:37 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.05.02 15:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.05.02 15:35:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.05.02 13:57:12 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6.5
[2010.04.26 18:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\RNGReporter_800beta3
[2010.04.14 16:38:57 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 16:38:55 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 16:38:52 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 16:38:51 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 16:38:51 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2006.12.04 04:01:39 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2002.01.08 02:10:18 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.31 17:49:08 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{13709893-F99D-4EEA-8305-6FF0DD479B96}.job
[2010.06.01 05:48:15 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.05.05 17:36:58 | 007,077,888 | -HS- | M] () -- C:\Users\Jenny\ntuser.dat
[2010.05.05 17:36:45 | 000,000,680 | ---- | M] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2010.05.05 17:08:35 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.05 17:07:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2010.05.05 17:06:10 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jenny\Desktop\mbam-setup.exe
[2010.05.05 16:52:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.05 16:42:06 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.05 16:41:13 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.05 16:19:14 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.05 16:03:38 | 000,001,884 | ---- | M] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2010.05.05 16:00:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.05 16:00:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.05 15:25:16 | 000,013,025 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\nvModes.001
[2010.05.05 15:23:41 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.05 15:23:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.05 00:16:18 | 000,524,288 | -HS- | M] () -- C:\Users\Jenny\ntuser.dat{4f7c6ba4-e267-11de-974a-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.05.05 00:16:18 | 000,065,536 | -HS- | M] () -- C:\Users\Jenny\ntuser.dat{4f7c6ba4-e267-11de-974a-00038a000015}.TM.blf
[2010.05.05 00:15:48 | 002,198,341 | -H-- | M] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2010.05.04 23:26:30 | 001,466,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.04 23:26:30 | 000,643,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.04 23:26:30 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.04 23:26:30 | 000,131,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.04 23:26:30 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.04 20:11:34 | 000,008,632 | ---- | M] () -- C:\Users\Jenny\Desktop\MY_AUDIO_050410_1.p2g
[2010.05.03 15:40:22 | 004,558,848 | ---- | M] () -- C:\Users\Jenny\Desktop\This Aint A Love Song - Official Video - Scouting For Girls.mp3
[2010.05.03 12:17:20 | 000,013,025 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\nvModes.dat
[2010.05.02 15:49:55 | 000,001,065 | ---- | M] () -- C:\Users\Jenny\Desktop\Spybot - Search & Destroy.lnk
[2010.05.02 15:37:46 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.02 15:37:46 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.05.02 14:00:17 | 000,001,619 | ---- | M] () -- C:\Users\Public\Desktop\ICQ6.5.lnk
[2010.05.01 19:06:31 | 000,637,812 | ---- | M] () -- C:\Users\Jenny\Desktop\Kotone & Chicorita.jpg
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.26 21:42:26 | 000,151,923 | ---- | M] () -- C:\Users\Jenny\Desktop\kyogre.jpg
[2010.04.26 20:53:34 | 000,010,038 | ---- | M] () -- C:\Users\Jenny\Desktop\hg und ss rng.abw
[2010.04.26 16:48:53 | 000,160,188 | ---- | M] () -- C:\Windows\hpoins14.dat
[2010.04.26 16:48:39 | 000,000,345 | ---- | M] () -- C:\Windows\win.ini
[2010.04.25 16:16:43 | 000,449,547 | ---- | M] () -- C:\Users\Jenny\Desktop\SeedVerifier_0.4_BETA.jar
[2010.04.24 15:54:23 | 000,009,047 | ---- | M] () -- C:\Users\Jenny\Desktop\vgc team aldin.abw
[2010.04.22 16:23:22 | 000,019,571 | ---- | M] () -- C:\Windows\hpqins13.dat
[2010.04.22 16:15:33 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010.04.22 16:13:42 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010.04.22 16:13:42 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.04.22 16:13:42 | 000,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat
[2010.04.22 16:13:42 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TM.blf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.01 05:48:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.05 17:36:45 | 000,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2010.05.05 17:08:35 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.05 16:03:38 | 000,001,884 | ---- | C] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2010.05.05 15:28:20 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.05 15:28:19 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.04 20:11:31 | 000,008,632 | ---- | C] () -- C:\Users\Jenny\Desktop\MY_AUDIO_050410_1.p2g
[2010.05.03 15:40:01 | 004,558,848 | ---- | C] () -- C:\Users\Jenny\Desktop\This Aint A Love Song - Official Video - Scouting For Girls.mp3
[2010.05.02 15:49:55 | 000,001,065 | ---- | C] () -- C:\Users\Jenny\Desktop\Spybot - Search & Destroy.lnk
[2010.05.02 15:37:46 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.02 15:37:46 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.05.02 14:00:17 | 000,001,619 | ---- | C] () -- C:\Users\Public\Desktop\ICQ6.5.lnk
[2010.05.01 19:02:00 | 000,637,812 | ---- | C] () -- C:\Users\Jenny\Desktop\Kotone & Chicorita.jpg
[2010.04.26 21:42:25 | 000,151,923 | ---- | C] () -- C:\Users\Jenny\Desktop\kyogre.jpg
[2010.04.25 16:16:22 | 000,449,547 | ---- | C] () -- C:\Users\Jenny\Desktop\SeedVerifier_0.4_BETA.jar
[2010.04.25 14:52:26 | 000,010,038 | ---- | C] () -- C:\Users\Jenny\Desktop\hg und ss rng.abw
[2010.04.22 22:13:14 | 000,009,047 | ---- | C] () -- C:\Users\Jenny\Desktop\vgc team aldin.abw
[2010.04.22 16:15:33 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010.04.22 16:13:46 | 000,019,571 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010.04.22 16:13:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010.04.22 16:13:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.04.22 16:13:42 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2010.04.22 16:13:42 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TM.blf
[2010.04.22 16:13:42 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2010.04.22 16:13:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2009.12.15 16:12:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.01.17 15:53:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.01.17 15:53:35 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.06.10 15:38:45 | 000,000,119 | ---- | C] () -- C:\Windows\Sierra.ini
[2006.12.04 05:07:28 | 000,098,304 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2006.12.04 05:07:28 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2006.12.04 05:07:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll
[2006.12.04 04:01:38 | 012,006,784 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2006.12.04 04:01:38 | 000,024,832 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2006.12.04 04:01:38 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.01.21 06:02:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\RMDevice.dll
< End of report >

#

und die Extras Log:
#

Code:

ATTFilter

OTL Extras logfile created on: 05.05.2010 17:35:25 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\Jenny\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
767,00 Mb Total Physical Memory | 130,00 Mb Available Physical Memory | 17,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 46,67 Gb Total Space | 16,17 Gb Free Space | 34,65% Space Free | Partition Type: NTFS
Drive D: | 60,23 Gb Total Space | 31,23 Gb Free Space | 51,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F852511-A7DD-4F81-9B0C-F469889DE0B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DC1BC825-ABC0-4268-8F41-D292769EDAC5}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F09D3CD-C154-4610-BA8F-849F17065EC1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{121C2CBA-3B58-4755-BA82-CB0F851AAC3E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{160C3FDB-B02A-43D4-B77E-A5C4B69509F2}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{169C9294-FC1C-4212-9F9A-6C19E438740D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{17E8EC23-473D-4F2F-B5DF-DC8C54993AC1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{1C1E2910-155D-4A35-9D4F-43CF5CA353DF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{1CE90AF1-C769-4F86-B783-AF639F980198}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{20190B90-C65B-4F4A-AD42-3DE8FEEEA6BA}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{24B2B6D3-AE6B-4EFE-9072-0FC2A8B2C7EC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{333907AB-E8F1-4E9F-833D-6CEBA8802EE8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{42D68E94-2E52-4CF3-82C3-08A352B97EF4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{4F46F71B-AEDC-481F-BF2E-8D20DD041CA7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{6310AD66-A829-46CA-A1C5-C4BD7122EE9F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{7C83AC8C-4644-481F-BB65-032E7D015221}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{92E24CCE-A588-4316-B017-FEC47FB6BC6C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{9D004257-B0C3-4259-8494-F1189530FA04}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{A47774E9-E700-4737-8920-523F68A1311E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{AE98DE47-696C-48BC-9224-9BDEACE2B25B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"TCP Query User{82648D48-E797-487B-A467-A6DF14775464}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F3ECDD2B-839E-4589-A55E-CFE35BC8424D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{12FB88AD-FB79-49D5-BEBC-C1D4B9733CBF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{E416415A-5923-431D-8FDD-014851055ABA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3562A082-CF01-419B-8A02-233E31B8A83C}" = O2Micro Flash Memory Card Windows Driver V3.00
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FD0CA9-884F-4525-97B8-0AE6179302E6}" = F2100
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDC7BEC8-D631-4e36-81D7-FC3689209AA6}" = F2100_Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Deinstallation" = AOL Deinstallation
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{3562A082-CF01-419B-8A02-233E31B8A83C}" = O2Micro Flash Memory Card Windows Driver V3.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.1
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WEB.DE Update" = WEB.DE Update
"Windows Media Encoder 9" = Codeur Windows Media Série 9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Shoddy Battle" = Shoddy Battle
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.05.2010 07:36:40 | Computer Name = Jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.05.2010 07:36:40 | Computer Name = Jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.05.2010 07:36:40 | Computer Name = Jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.05.2010 07:36:41 | Computer Name = Jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.05.2010 07:36:41 | Computer Name = Jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.05.2010 07:36:42 | Computer Name = Jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.05.2010 07:36:42 | Computer Name = Jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.05.2010 09:53:52 | Computer Name = Jenny-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung agent.exe, Version 6.1.100.61372, Zeitstempel
 0x460c1f45, fehlerhaftes Modul agent.exe, Version 6.1.100.61372, Zeitstempel 0x460c1f45,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00082ad3,  Prozess-ID 0xe54, Anwendungsstartzeit
 01cae9feda11139c.
 
Error - 02.05.2010 09:59:48 | Computer Name = Jenny-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18904 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: efc  Anfangszeit: 01cae9eb59afc29c  Zeitpunkt
 der Beendigung: 186
 
Error - 02.05.2010 10:01:52 | Computer Name = Jenny-PC | Source = Application Hang | ID = 1002
Description = Programm RNGReporter.exe, Version 1.0.0.0 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 370  Anfangszeit: 01cae9f3d4b37bfc  Zeitpunkt der
 Beendigung: 146
 
[ System Events ]
Error - 04.05.2010 10:00:45 | Computer Name = Jenny-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 04.05.2010 16:30:49 | Computer Name = Jenny-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 04.05.2010 17:51:17 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05.05.2010 10:52:16 | Computer Name = Jenny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.05.2010 um 16:46:17 unerwartet heruntergefahren.
 
Error - 05.05.2010 10:52:28 | Computer Name = Jenny-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 05.05.2010 10:52:36 | Computer Name = Jenny-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 05.05.2010 10:52:43 | Computer Name = Jenny-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 05.05.2010 10:52:45 | Computer Name = Jenny-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 05.05.2010 10:53:46 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 05.05.2010 10:53:46 | Computer Name = Jenny-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

#

cosinus · 06.05.2010, 16:27

Hallo,

Zitat:

Art des Suchlaufs: Quick-Scan

Das war kein Vollscan oder hast Du nur das falsche Log gepostet?

Plüschmietz · 06.05.2010, 20:03

Hmm, komisch.
Eigentlich hatte ich Vollscan ausgewählt, dachte ich =/

Mom, ich mach nochmal einen. Der von gestern ist garantiert eh veraltet..
Ich editier den neuen dann hier herein.

Plüschmietz · 07.05.2010, 16:40

hier mal der Vollscan log, den ich gestern noch gemacht habe:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4069

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

06.05.2010 22:58:37
mbam-log-2010-05-06 (22-58-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 233299
Laufzeit: 1 Stunde(n), 38 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Jenny\AppData\Local\Temp\Pwj.exe (Trojan.Fraudpack) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Bräuchte echt Hilfe, da ich davon keinen Plan habe. >_<

cosinus · 07.05.2010, 20:58

Ok. Dann erstell bitte auch frische OTL Logs, denn das erste ist schon zwei Tage alt und Malwarebytes hat danach noch was gelöscht. Die extras.txt von OTL brauch ich aber nicht nochmal.

Plüschmietz · 07.05.2010, 23:08

Gut, ok, hier nochmal die neue OTL Log List:

Code:

ATTFilter

OTL logfile created on: 08.05.2010 00:00:44 - Run 2
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\Jenny\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
767,00 Mb Total Physical Memory | 159,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 36,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 46,67 Gb Total Space | 13,55 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive D: | 60,23 Gb Total Space | 48,87 Gb Free Space | 81,13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jenny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jenny\AppData\Local\Temp\Pwl.exe ()
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
PRC - C:\Programme\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
PRC - C:\Programme\Common Files\aol\1181392298\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\tsnp2std.exe (SONIX)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Windows\System32\o2flash.exe (O2Micro International)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\CyberLink\DVD Solution\PowerBar.exe (Cyberlink, Corp.)
PRC - C:\Programme\System Control Manager\edd.exe ()
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jenny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (O2Flash) -- C:\Windows\System32\o2flash.exe (O2Micro International)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2010.01.25 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2010.01.02 19:46:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.06.01 05:37:41 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Jenny\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Jenny\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1181392298\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [WEB.DE Update] C:\Programme\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VR\AOL.EXE File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe File not found
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKCU..\Run: [PowerBar] C:\Program Files\CyberLink\DVD Solution\PowerBar.exe (Cyberlink, Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WindowsSystemGuard] C:\Users\Public\winsvcn.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jenny\Pictures\Urlaub Teneriffa 09\JD800772.JPG
O24 - Desktop BackupWallPaper: C:\Users\Jenny\Pictures\Urlaub Teneriffa 09\JD800772.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0de54312-caa2-11dc-bcd9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0de54312-caa2-11dc-bcd9-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{0de54313-caa2-11dc-bcd9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0de54313-caa2-11dc-bcd9-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{10916996-ca9d-11dc-b421-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{10916996-ca9d-11dc-b421-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{223c1788-9508-11dc-b523-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{223c1788-9508-11dc-b523-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{223c1793-9508-11dc-b523-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{223c1793-9508-11dc-b523-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{2a83f121-a5a0-11dc-a486-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2a83f121-a5a0-11dc-a486-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6834d291-caa7-11dc-bcea-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6834d291-caa7-11dc-bcea-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{6b600823-bde9-11dc-b882-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6b600823-bde9-11dc-b882-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{826f27a1-a5a1-11dc-a31e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{826f27a1-a5a1-11dc-a31e-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{83df1b0d-be07-11dc-b88c-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{83df1b0d-be07-11dc-b88c-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{877664d6-be05-11dc-b094-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{877664d6-be05-11dc-b094-806e6f6e6963}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\{9e921d60-f78b-11de-ac0b-00038a000015}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{b24f21cb-6e14-11dd-b872-00038a000015}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{db718c92-bdef-11dc-ae64-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{db718c92-bdef-11dc-ae64-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{dfce347b-e6e3-11dc-92cc-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{dfce347b-e6e3-11dc-92cc-00038a000015}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{fdef6a19-da71-11dc-b868-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fdef6a19-da71-11dc-b868-00038a000015}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.01 23:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.06.01 23:04:55 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.06.01 23:04:52 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010.06.01 23:04:51 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QTCF.dll
[2010.06.01 23:04:38 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime Alternative
[2010.06.01 05:48:15 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\skypePM
[2010.06.01 05:41:17 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Skype
[2010.06.01 05:39:51 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.06.01 05:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.06.01 05:37:18 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Gutscheinmieze
[2010.05.05 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes
[2010.05.05 17:08:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.05 17:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.05 17:08:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.05 17:08:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.05 17:07:35 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2010.05.05 17:06:10 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jenny\Desktop\mbam-setup.exe
[2010.05.05 16:03:38 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.05.04 21:02:43 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Musik 05.10
[2010.05.02 15:49:41 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.05.02 15:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.02 15:38:10 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.05.02 15:38:03 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.05.02 15:38:03 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.05.02 15:37:07 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\TuneUp Software
[2010.05.02 15:36:37 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.05.02 15:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.05.02 15:35:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.05.02 13:57:12 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6.5
[2010.04.14 16:38:57 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 16:38:55 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 16:38:52 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 16:38:51 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 16:38:51 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2006.12.04 04:01:39 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2002.01.08 02:10:18 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.31 17:49:08 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{13709893-F99D-4EEA-8305-6FF0DD479B96}.job
[2010.06.01 05:48:15 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.05.08 00:05:59 | 007,077,888 | -HS- | M] () -- C:\Users\Jenny\ntuser.dat
[2010.05.08 00:03:07 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.07 23:41:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.07 22:34:05 | 001,466,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.07 22:34:05 | 000,643,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.07 22:34:05 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.07 22:34:05 | 000,131,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.07 22:34:05 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.07 22:05:44 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.07 22:05:44 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.07 18:07:32 | 000,013,025 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\nvModes.001
[2010.05.07 18:05:52 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.07 18:05:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.07 18:05:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.07 18:05:32 | 804,708,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.07 18:03:52 | 000,524,288 | -HS- | M] () -- C:\Users\Jenny\ntuser.dat{4f7c6ba4-e267-11de-974a-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.05.07 18:03:52 | 000,065,536 | -HS- | M] () -- C:\Users\Jenny\ntuser.dat{4f7c6ba4-e267-11de-974a-00038a000015}.TM.blf
[2010.05.07 17:59:32 | 001,518,962 | -H-- | M] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2010.05.05 22:01:47 | 000,057,856 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.05 17:36:45 | 000,000,680 | ---- | M] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2010.05.05 17:08:35 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.05 17:07:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2010.05.05 17:06:10 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jenny\Desktop\mbam-setup.exe
[2010.05.05 16:03:38 | 000,001,884 | ---- | M] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2010.05.03 12:17:20 | 000,013,025 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\nvModes.dat
[2010.05.02 15:49:55 | 000,001,065 | ---- | M] () -- C:\Users\Jenny\Desktop\Spybot - Search & Destroy.lnk
[2010.05.02 15:37:46 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.02 15:37:46 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.05.02 14:00:17 | 000,001,619 | ---- | M] () -- C:\Users\Public\Desktop\ICQ6.5.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.26 21:42:26 | 000,151,923 | ---- | M] () -- C:\Users\Jenny\Desktop\kyogre.jpg
[2010.04.26 20:53:34 | 000,010,038 | ---- | M] () -- C:\Users\Jenny\Desktop\hg und ss rng.abw
[2010.04.26 16:48:53 | 000,160,188 | ---- | M] () -- C:\Windows\hpoins14.dat
[2010.04.26 16:48:39 | 000,000,345 | ---- | M] () -- C:\Windows\win.ini
[2010.04.24 15:54:23 | 000,009,047 | ---- | M] () -- C:\Users\Jenny\Desktop\vgc team aldin.abw
[2010.04.22 16:23:22 | 000,019,571 | ---- | M] () -- C:\Windows\hpqins13.dat
[2010.04.22 16:15:33 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010.04.22 16:13:42 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010.04.22 16:13:42 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.04.22 16:13:42 | 000,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat
[2010.04.22 16:13:42 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TM.blf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.01 05:48:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.05 19:11:44 | 804,708,352 | -HS- | C] () -- C:\hiberfil.sys
[2010.05.05 17:36:45 | 000,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2010.05.05 17:08:35 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.05 16:03:38 | 000,001,884 | ---- | C] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2010.05.05 15:28:20 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.02 15:49:55 | 000,001,065 | ---- | C] () -- C:\Users\Jenny\Desktop\Spybot - Search & Destroy.lnk
[2010.05.02 15:37:46 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.05.02 15:37:46 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.05.02 14:00:17 | 000,001,619 | ---- | C] () -- C:\Users\Public\Desktop\ICQ6.5.lnk
[2010.04.26 21:42:25 | 000,151,923 | ---- | C] () -- C:\Users\Jenny\Desktop\kyogre.jpg
[2010.04.25 14:52:26 | 000,010,038 | ---- | C] () -- C:\Users\Jenny\Desktop\hg und ss rng.abw
[2010.04.22 22:13:14 | 000,009,047 | ---- | C] () -- C:\Users\Jenny\Desktop\vgc team aldin.abw
[2010.04.22 16:15:33 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2010.04.22 16:13:46 | 000,019,571 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010.04.22 16:13:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010.04.22 16:13:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.04.22 16:13:42 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2010.04.22 16:13:42 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4fe0227e-4e16-11df-9dc0-00038a000015}.TM.blf
[2010.04.22 16:13:42 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2010.04.22 16:13:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2009.12.15 16:12:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.01.17 15:53:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.01.17 15:53:35 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.06.10 15:38:45 | 000,000,119 | ---- | C] () -- C:\Windows\Sierra.ini
[2006.12.04 05:07:28 | 000,098,304 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2006.12.04 05:07:28 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2006.12.04 05:07:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll
[2006.12.04 04:01:38 | 012,006,784 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2006.12.04 04:01:38 | 000,024,832 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2006.12.04 04:01:38 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.01.21 06:02:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\RMDevice.dll
< End of report >

cosinus · 07.05.2010, 23:14

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Users\Jenny\AppData\Local\Temp\Pwl.exe ()
PRC - C:\Programme\System Control Manager\edd.exe ()
SRV - (CLTNetCnService) --  File not found
:Files
C:\Programme\System Control Manager
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Plüschmietz · 08.05.2010, 16:59

Hi
hab das eben mal durchgeführt, und dieser Log kam nach dem Neustart:

Code:

ATTFilter

All processes killed
========== OTL ==========
No active process named Pwl.exe was found!
Process edd.exe killed successfully!
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File   File not found not found.
========== FILES ==========
File\Folder C:\Programme\System Control Manager not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Jenny
->Temp folder emptied: 886479796 bytes
->Java cache emptied: 2694089 bytes
->Flash cache emptied: 29250 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 146374 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2670165 bytes
RecycleBin emptied: 3671354 bytes
 
Total Files Cleaned = 854,00 mb
 
 
OTL by OldTimer - Version 3.2.4.1 log created on 05082010_174906

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Wars das schon, oder muss noch mehr getan werden?

Hab davon ja keine Ahnung..

cosinus · 09.05.2010, 16:16

Ok. Bitte CF jetzt anwenden:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

07.05.2010, 20:58	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ICQ verschickt Links / Internet Explorer öffnet Fenster Ok. Dann erstell bitte auch frische OTL Logs, denn das erste ist schon zwei Tage alt und Malwarebytes hat danach noch was gelöscht. Die extras.txt von OTL brauch ich aber nicht nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

ICQ verschickt Links / Internet Explorer öffnet Fenster

Plagegeister aller Art und deren Bekämpfung: ICQ verschickt Links / Internet Explorer öffnet Fenster