Google leitet auf falsche Seiten weiter - hier mein HiJackThis log

oberfläche · 21.06.2010, 13:04

Hallo, habe wie manch andere hier auch das Problem, dass wenn ich auf Google Links klicke, ich auf falschen Seiten herauskomme. Bin bereits mit CCleaner drüber gegangen.
Hier erst mal der Bericht von Malwarebytes: (weiter unten ist der von HJT)

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4219

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.06.2010 13:30:52
mbam-log-2010-06-21 (13-30-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136331
Laufzeit: 4 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 12
Infizierte Verzeichnisse: 1
Infizierte Dateien: 13

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\926a3d6d-8b76-4a41-a4bb-190d05d3edca_40 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com/ie6.html) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com/search?q={searchTerms}) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com/search?q=%s) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com/ie6.html) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com/search?q={searchTerms}) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com/search?q=%s) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (h**p://windiwsfsearch.com) Good: (h**p://www.Google.com/) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\912525 (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Temp\0.5553444350494555.exe (Trojan.Scar) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Temp\ins11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\xxxx\Favoriten\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Programme\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\926a3d6d-8b76-4a41-a4bb-190d05d3edca_40.avi (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Hier ist mein Bericht von HJT:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:20, on 21.06.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\MagicTune Premium\MagicTuneEngine.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programme\MagicTune Premium\MagicTune.exe
C:\Programme\MagicRotation\MagicPvt.exe
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MagicTune Premium\GammaTray.exe
C:\Programme\SEC\Natural Color Pro\NCProTray.exe
C:\PVSW\bin\w3dbsmgr.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\xxxxxxxxx\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD2TV3RZ\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://aolwebmail.aol.de/landing-page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://renewalcenter.symantec.com/storefront/user/home.jsp?NOS=kjhawazbOPIPChxtwAiBKDsNTNUCtAKaygiCv4RZDQBDvStB8mfCsrINTDwijrTCF5LpTgFlCBe4zHFH834QXHFM6%2F2ybNAvVAi6ITiDIjDdGQswC2zFMN2GDWRmzVjCC1pbS%2B2GCcSCT0CCs8eEDNNeGRgBECA%2BvlHFH834QXHFM6&SASSERVER=lcsitemain.symantec.com&TRANSID=%2F10097711%2FC6bb746DB858FD14E066B&GUID=786D05A5A0F14055BCB6543C451E5F7F&SSLT=2&GER&DEU&GE&oslang=iso:GER&oslocale=iso:DEU&vendid=003&vendtag=0&epid=786D05A5A0F14055BCB6543C451E5F7F
O1 - Hosts: 84.16.244.54 w*w.google.com
O1 - Hosts: 84.16.244.54 us.search.yahoo.com
O1 - Hosts: 84.16.244.54 uk.search.yahoo.com
O1 - Hosts: 84.16.244.54 search.yahoo.com
O1 - Hosts: 84.16.244.54 w*w.google.com.br
O1 - Hosts: 84.16.244.54 w*w.google.it
O1 - Hosts: 84.16.244.54 w*w.google.es
O1 - Hosts: 84.16.244.54 w*w.google.co.jp
O1 - Hosts: 84.16.244.54 w*w.google.com.mx
O1 - Hosts: 84.16.244.54 w*w.google.ca
O1 - Hosts: 84.16.244.54 w*w.google.com.au
O1 - Hosts: 84.16.244.54 w*w.google.nl
O1 - Hosts: 84.16.244.54 w*w.google.co.za
O1 - Hosts: 84.16.244.54 w*w.google.be
O1 - Hosts: 84.16.244.54 w*w.google.gr
O1 - Hosts: 84.16.244.54 w*w.google.at
O1 - Hosts: 84.16.244.54 w*w.google.se
O1 - Hosts: 84.16.244.54 w*w.google.ch
O1 - Hosts: 84.16.244.54 w*w.google.pt
O1 - Hosts: 84.16.244.54 w*w.google.dk
O1 - Hosts: 84.16.244.54 w*w.google.fi
O1 - Hosts: 84.16.244.54 w*w.google.ie
O1 - Hosts: 84.16.244.54 w*w.google.no
O1 - Hosts: 84.16.244.54 w*w.google.de
O1 - Hosts: 84.16.244.54 w*w.google.fr
O1 - Hosts: 84.16.244.54 w*w.google.co.uk
O1 - Hosts: 84.16.244.54 w*w.bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Programme\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NortonUtilities] C:\Programme\Norton Utilities 14\nu.exe /H
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe
O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Zahlungserinnerung.lnk = C:\Profi cash\wzed.exe
O4 - Global AltStartup: GammaTray.lnk = ?
O4 - Global AltStartup: NCProTray.lnk = ?
O4 - Global AltStartup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe
O4 - Global AltStartup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O4 - Global AltStartup: Zahlungserinnerung.lnk = C:\Profi cash\wzed.exe
O4 - Global User AltStartup: GammaTray.lnk = ?
O4 - Global User AltStartup: NCProTray.lnk = ?
O4 - Global User AltStartup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe
O4 - Global User AltStartup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O4 - Global User AltStartup: Zahlungserinnerung.lnk = C:\Profi cash\wzed.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: h**p://navigate.aol.de
O15 - Trusted Zone: h**p://*.aol.de
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - h**p://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - h**p://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212647954218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c9c8aded9d4818) (gupdate1c9c8aded9d4818) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Programme\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 10833 bytes

Wäre echt super dankbar für Hilfe!
Falls noch irgendetwas benötigt wird bitte sagen.
MFG

markusg · 21.06.2010, 13:11

hallo,ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "run Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
falls die zu groß sind, bitte aufteilen

oberfläche · 22.06.2010, 10:50

Hi, also hier die zwei OTL Reports:
OTL.txt

Code:

ATTFilter

OTL Logfile:

	Code: 

 ATTFilter

  
	OTL logfile created on: 22.06.2010 11:25:53 - Run 1
OTL by OldTimer - Version 3.2.6.1     Folder = C:\Dokumente und Einstellungen\xxxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 195,31 Gb Total Space | 165,82 Gb Free Space | 84,90% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 263,95 Gb Free Space | 97,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 154,36 Gb Total Space | 145,16 Gb Free Space | 94,03% Space Free | Partition Type: NTFS
Drive N: | 154,36 Gb Total Space | 145,16 Gb Free Space | 94,03% Space Free | Partition Type: NTFS
Drive P: | 154,36 Gb Total Space | 145,16 Gb Free Space | 94,03% Space Free | Partition Type: NTFS
Drive U: | 482,51 Mb Total Space | 482,00 Mb Free Space | 99,89% Space Free | Partition Type: FAT32
 
Computer Name: xxxx
Current User Name: xxxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\xxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\MagicTune Premium\MagicTune.exe (SEC)
PRC - C:\Programme\SEC\Natural Color Pro\NCProTray.exe (Samsung)
PRC - C:\Programme\MagicRotation\MagicPvt.exe (Samsung Electronics, Inc.)
PRC - C:\Programme\MagicTune Premium\MagicTuneEngine.exe ()
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\MagicTune Premium\GammaTray.exe ()
PRC - N:\BWWIN32.exe ()
PRC - N:\FullTextSvr.exe (SoftENGINE GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\PVSW\bin\w3dbsmgr.exe ()
PRC - C:\Programme\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\xxxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\attruota.dll ()
MOD - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Automatisches LiveUpdate - Scheduler) --  File not found
SRV - (Norton Internet Security) -- C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (MagicTuneEngine) -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100617.005\IDSXpx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100621.038\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100621.038\NAVENG.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (MSICPL) -- C:\WINDOWS\msicpl.ini ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (aucapi) -- C:\WINDOWS\system32\drivers\aucapi.sys (Auerswald GmbH & Co.KG                         )
DRV - (aumpa) -- C:\WINDOWS\system32\drivers\aumpa.sys (Auerswald GmbH & Co.KG                         )
DRV - (auusb) -- C:\WINDOWS\system32\drivers\auusb.sys (Auerswald GmbH & Co.KG                         )
DRV - (NCPro) -- C:\WINDOWS\system32\drivers\MTictwl.sys (Samsung Electronics, Inc. )
DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (magicpvt) -- C:\WINDOWS\system32\drivers\magicpvt.sys (Samsung Electronics, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = h**p://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = h**p://www.Google.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.Google.com/
IE - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://www.Google.com/
IE - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = h**p://www.Google.com/
IE - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://aolwebmail.aol.de/landing-page
IE - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.Google.com/
IE - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\Software\Microsoft\Internet Explorer\SearchURL\w, = h**p://www.Google.com/
IE - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.24 11:09:15 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010.06.21 13:37:17 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 84.16.244.54 w*w.google.com
O1 - Hosts: 84.16.244.54 us.search.yahoo.com
O1 - Hosts: 84.16.244.54 uk.search.yahoo.com
O1 - Hosts: 84.16.244.54 search.yahoo.com
O1 - Hosts: 84.16.244.54 w*w.google.com.br
O1 - Hosts: 84.16.244.54 w*w.google.it
O1 - Hosts: 84.16.244.54 w*w.google.es
O1 - Hosts: 84.16.244.54 w*w.google.co.jp
O1 - Hosts: 84.16.244.54 w*w.google.com.mx
O1 - Hosts: 84.16.244.54 w*w.google.ca
O1 - Hosts: 84.16.244.54 w*w.google.com.au
O1 - Hosts: 84.16.244.54 w*w.google.nl
O1 - Hosts: 84.16.244.54 w*w.google.co.za
O1 - Hosts: 84.16.244.54 w*w.google.be
O1 - Hosts: 84.16.244.54 w*w.google.gr
O1 - Hosts: 84.16.244.54 w*w.google.at
O1 - Hosts: 84.16.244.54 w*w.google.se
O1 - Hosts: 84.16.244.54 w*w.google.ch
O1 - Hosts: 84.16.244.54 w*w.google.pt
O1 - Hosts: 84.16.244.54 w*w.google.dk
O1 - Hosts: 84.16.244.54 w*w.google.fi
O1 - Hosts: 84.16.244.54 w*w.google.ie
O1 - Hosts: 84.16.244.54 w*w.google.no
O1 - Hosts: 84.16.244.54 w*w.google.de
O1 - Hosts: 84.16.244.54 w*w.google.fr
O1 - Hosts: 3 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MagicRotation] C:\Programme\MagicRotation\MagicPvt.exe (Samsung Electronics, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005..\Run: [NortonUtilities] C:\Programme\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GammaTray.lnk = C:\Programme\MagicTune Premium\GammaTray.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NCProTray.lnk = C:\Programme\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Zahlungserinnerung.lnk = C:\Profi cash\wzed.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..Trusted Domains: aol.com ([my.screenname] https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..Trusted Domains: aol.com ([webmail] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..Trusted Domains: aol.com ([webmail1.webmail] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..Trusted Domains: aol.de ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..Trusted Domains: aol.de ([navigate] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..Trusted Domains: fhws001 ([]file in Local intranet)
O15 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..Trusted Domains: xxxx ([]file in Local intranet)
O15 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..Trusted Domains: qserver1 ([]file in Local intranet)
O15 - HKU\S-1-5-21-1957994488-1757981266-839522115-1005\..Trusted Ranges: Range1 ([file] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} h**p://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} h**p://dev.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} h**p://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212647954218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.04 17:07:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: extrpbar - (C:\WINDOWS\system32\attruota.dll) - C:\WINDOWS\system32\attruota.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.06.04 18:53:20 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^EPSON Status Monitor 3 Environment Check(3).lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (15776209447157760)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.22 11:23:54 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxx\Desktop\OTL.exe
[2010.06.21 13:23:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Malwarebytes
[2010.06.21 13:23:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.21 13:23:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.21 13:23:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.21 13:23:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.21 12:57:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxxx\Recent
[2010.06.19 12:22:28 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxxx\PrivacIE
[2010.06.19 12:20:46 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxxx\IETldCache
[2010.06.19 12:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.06.19 12:15:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.06.19 12:14:05 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.06.09 15:03:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.22 11:23:55 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxx\Desktop\OTL.exe
[2010.06.22 10:36:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.22 08:17:55 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.22 08:17:21 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.22 08:17:17 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.22 08:16:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.22 08:16:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.22 08:16:24 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\magicpvt.dat
[2010.06.22 08:16:07 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\driver.dat
[2010.06.22 08:15:22 | 004,718,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\xxxx\NTUSER.DAT
[2010.06.22 08:15:22 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxxx\ntuser.ini
[2010.06.21 15:02:41 | 000,002,449 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\Microsoft Office Picture Manager.lnk
[2010.06.21 14:07:06 | 000,029,696 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Malwarebytes.doc
[2010.06.21 13:37:17 | 000,000,794 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.21 13:23:38 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.21 12:52:42 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\CCleaner.lnk
[2010.06.21 09:01:11 | 000,000,205 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\Yahoo! Deutschland.url
[2010.06.21 09:00:52 | 000,000,734 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.19 12:20:58 | 000,000,795 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\Internet Explorer Browser starten.lnk
[2010.06.19 10:03:46 | 000,002,545 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010.06.19 09:53:44 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\attruota.dll
[2010.06.19 09:53:32 | 000,000,443 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\.js
[2010.06.16 08:43:59 | 000,613,362 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\mdbu.bin
[2010.06.11 08:40:40 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Office Word 2007.lnk
[2010.06.10 08:22:38 | 000,000,249 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\Google.url
[2010.06.10 07:57:28 | 000,296,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.09 14:58:49 | 001,041,504 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.09 14:58:49 | 000,477,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.09 14:58:49 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.09 14:58:49 | 000,090,924 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.09 14:58:49 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.28 17:43:00 | 000,079,872 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\eckhardt.doc_=
[2010.05.28 17:40:34 | 000,079,872 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\=_utf-8_Q_2010-05-16=5F=C3=84mter-GD=5FFR-Ost=5FAB=5FFR=5F.doc_=
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.21 13:31:28 | 000,029,696 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Malwarebytes.doc
[2010.06.21 13:23:38 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.21 12:52:42 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\CCleaner.lnk
[2010.06.19 12:20:58 | 000,000,795 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\Internet Explorer Browser starten.lnk
[2010.06.19 09:53:44 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\attruota.dll
[2010.06.19 09:53:32 | 000,000,443 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\.js
[2010.06.10 09:41:19 | 000,000,205 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\Yahoo! Deutschland.url
[2010.05.28 17:43:24 | 000,079,872 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\xxx.doc_=
[2010.05.28 17:36:06 | 000,079,872 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\=_utf-8_Q_2010-05-16=5F=C3=84mter-GD=5FFR-Ost=5FAB=5FFR=5F.doc_=
[2010.04.21 09:58:09 | 000,000,436 | ---- | C] () -- C:\WINDOWS\OPPW.INI
[2009.09.02 11:16:11 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.11.13 04:02:17 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.09.29 10:47:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.06.20 08:16:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.06.13 13:34:17 | 000,315,444 | ---- | C] () -- C:\WINDOWS\System32\isdnapi32.dll
[2008.06.13 13:34:17 | 000,055,856 | ---- | C] () -- C:\WINDOWS\System32\AuerCapiJNINative.dll
[2008.06.13 11:40:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.06.13 11:21:21 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008.06.13 11:21:21 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008.06.13 11:21:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008.06.12 16:53:21 | 000,000,253 | ---- | C] () -- C:\WINDOWS\OPHG.INI
[2008.06.12 15:13:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2008.06.12 15:11:46 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2008.06.04 17:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.05.03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.02.14 10:44:08 | 000,055,856 | ---- | C] () -- C:\WINDOWS\System32\aucapjni.dll
 
========== LOP Check ==========
 
[2009.09.02 11:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ALDI Sued Foto Service
[2010.03.09 09:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice
[2010.05.06 09:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2009.07.28 10:46:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LIDL Fotoservice
[2009.09.02 10:34:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lidl_Fotos
[2010.01.04 10:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2009.09.05 17:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2008.12.16 14:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2010.06.22 08:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.06.12 17:01:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Template Manager
[2010.04.21 10:37:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Auslogics
[2010.05.06 09:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Babylon
[2010.02.26 08:29:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\FileZilla
[2010.01.04 10:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\MAGIX
[2010.03.05 16:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Ordner HP Share-to-Web
[2008.09.18 12:11:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Windows Desktop Search
[2009.01.12 16:27:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.06.13 12:26:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Adobe
[2008.09.29 10:47:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Ahead
[2010.04.21 10:37:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Auslogics
[2010.05.06 09:42:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Babylon
[2008.09.25 19:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\CyberLink
[2010.02.26 08:29:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\FileZilla
[2010.01.26 17:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Google
[2008.07.03 08:09:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Help
[2008.06.13 12:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Hewlett-Packard
[2008.06.12 14:04:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Identities
[2008.06.12 17:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\InstallShield
[2008.06.12 15:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Macromedia
[2010.01.04 10:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\MAGIX
[2010.06.21 13:23:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Malwarebytes
[2009.09.05 17:09:49 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Microsoft
[2010.03.05 16:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Ordner HP Share-to-Web
[2008.06.12 14:14:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Sun
[2008.06.12 15:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec
[2008.07.21 15:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\U3
[2008.09.18 12:11:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Windows Desktop Search
[2009.01.12 16:27:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Windows Search
 
< %APPDATA%\*.exe /s >
[2008.02.07 11:20:52 | 000,233,848 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\CDStart.exe
[2008.02.19 22:05:48 | 002,576,776 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup.exe
[2008.02.07 02:06:26 | 000,778,080 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Stub.exe
[2005.03.29 10:06:24 | 022,504,744 | R--- | M] (Netopsystems AG                         ) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Manual\ADBERDR7.EXE
[2008.01.18 18:43:28 | 001,250,656 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\NAV\External\CommonFi\COH32\COH32.exe
[2008.01.18 18:58:48 | 001,996,336 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\NAV\External\CommonFi\COH64\COH64.exe
[2007.06.15 22:03:54 | 000,476,816 | R--- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\NAV\External\CommonFi\SYMSHARE\SMNLnch.exe
[2008.02.07 07:05:04 | 000,129,896 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\NAV\External\NORTON\APP\NavShcom.exe
[2008.02.07 07:05:12 | 000,251,752 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\NAV\External\NORTON\APP\Navw32.exe
[2008.02.07 07:05:16 | 000,061,288 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\NAV\External\NORTON\APP\Navwnt.exe
[2008.02.06 21:05:36 | 000,378,224 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\NCO\NCO\APP\COExport.exe
[2008.02.06 21:05:08 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\NCO\NCO\APP\coVisPrx.exe
[2007.11.29 17:15:06 | 000,288,088 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\NCO\NCO\SYMSHARE\COL\COLUpdtr.exe
[2008.01.25 16:57:36 | 000,031,576 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\FWCfg.exe
[2007.07.30 16:54:34 | 000,071,056 | R--- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\sshelper.exe
[2008.02.06 23:50:06 | 000,121,712 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\App\nisoptui.exe
[2008.02.06 23:49:38 | 000,276,848 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\App\nmapapp.exe
[2008.02.06 23:49:38 | 000,718,704 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\App\osCheck.exe
[2008.02.19 20:15:02 | 000,084,360 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\App\WSCStub.exe
[2008.01.30 19:14:56 | 000,423,304 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\OPC\cltUAC.exe
[2008.01.30 19:15:00 | 000,439,688 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\OPC\cltUIStb.exe
[2008.01.30 19:14:00 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\OPC\SSAutoRN.exe
[2008.01.30 19:14:44 | 000,611,712 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\OPC\SYMCUW.exe
[2008.01.30 13:55:54 | 001,279,368 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\PIF_96E2\pifCrawl.exe
[2008.01.30 13:55:34 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\PIF_96E2\PIFSvc.exe
[2007.06.15 22:03:54 | 000,476,816 | R--- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\SYMSHARE\SMNLnch.exe
[2008.01.22 15:09:02 | 002,368,888 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\SYMSHARE\IDS\IdsInst.exe
[2008.02.06 23:49:36 | 000,443,760 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\SYMSHARE\SecHist\MCUI32.exe
[2007.08.22 01:21:30 | 000,055,640 | R--- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\SYMSHARE\VASCAN\comHost.exe
[2007.08.22 01:22:08 | 000,267,096 | R--- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Setup\Setup\SYMSHARE\VASCAN64\comHost.exe
[2008.01.25 10:17:00 | 001,022,848 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Suport64\SEVINST\Sevntx64.exe
[2008.01.25 18:47:22 | 000,051,048 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\ccCommon\ccCommon\ccApp.exe
[2008.01.25 18:47:24 | 000,056,168 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\ccCommon\ccCommon\ccEvtMgr.exe
[2008.01.25 18:46:50 | 000,268,648 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\ccCommon\ccCommon\ccLgView.exe
[2008.01.25 18:47:00 | 000,046,440 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\ccCommon\ccCommon\ccSetMgr.exe
[2008.01.25 18:47:40 | 000,876,392 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\ccCommon\ccCommon\ccSEUPDT.exe
[2008.01.25 18:47:02 | 000,149,864 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\ccCommon\ccCommon\ccSvcHst.exe
[2008.02.09 17:06:16 | 000,152,952 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\ALUNOTIF.EXE
[2008.02.09 17:06:34 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\ALUSDSVC.EXE
[2008.02.09 17:06:16 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\AUPDATE.EXE
[2008.02.09 17:06:48 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\LSETUP.EXE
[2008.02.09 17:06:20 | 000,873,848 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\LUALL.EXE
[2008.02.09 17:06:28 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\LUCBPRXY.EXE
[2008.02.09 17:06:48 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\LUCheck.exe
[2008.02.09 17:06:26 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\LUCOMSVR.EXE
[2008.02.09 17:06:22 | 000,804,216 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\LuConfig.EXE
[2008.02.09 17:06:24 | 000,016,760 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\LUpdate\WLUEX\NotifyHA.exe
[2005.05.19 14:50:36 | 002,584,848 | R--- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\MSI\wiupdate.exe
[2008.02.07 11:20:54 | 000,074,616 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\NISTools\ISRlRstr.exe
[2008.02.07 02:06:30 | 000,160,112 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\Remover\Remover.exe
[2008.02.07 02:06:24 | 000,990,056 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\Reporter\Reporter.exe
[2008.01.25 10:16:58 | 000,832,896 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\SEVINST\Sevinst.exe
[2008.01.26 01:27:32 | 000,661,896 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe
[2008.02.07 02:06:22 | 000,687,976 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\SymLnch\SymLnch.exe
[2007.08.09 12:55:44 | 000,136,544 | R--- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\uiNPC\uiNPC\APP\SUPPSOFT\wificfg.exe
[2008.02.06 14:10:56 | 000,051,576 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\uiNPC\uiNPC\NPC\HSLoader.exe
[2008.02.06 14:11:02 | 000,036,728 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\uiNPC\uiNPC\NPC\isUAC.exe
[2008.02.06 14:11:06 | 000,042,360 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\uiNPC\uiNPC\NPC\npcLULdr.exe
[2008.02.06 14:11:08 | 000,082,808 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\uiNPC\uiNPC\NPC\npcLUStb.exe
[2008.02.06 14:11:22 | 000,104,312 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\uiNPC\uiNPC\NPC\uiStub2.exe
[2007.02.12 20:10:44 | 002,682,880 | R--- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\VCRedist\redist32.exe
[2007.02.12 20:10:44 | 003,161,088 | R--- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Symantec\Layouts\Norton Internet Security\15.0.0.60\SymAllLanguages\NIS_RETAIL\70100\Support\VCRedist\redist64.exe
[2005.06.06 10:29:14 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\U3\temp\cleanup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.06.04 18:56:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.06.04 18:56:50 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.06.04 18:56:50 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008.04.14 07:52:20 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 173 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D287FACF
< End of report >
         
 --- --- ---

Extras.txt
[CODE]
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 22.06.2010 11:25:53 - Run 1
OTL by OldTimer - Version 3.2.6.1     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 195,31 Gb Total Space | 165,82 Gb Free Space | 84,90% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 263,95 Gb Free Space | 97,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 154,36 Gb Total Space | 145,16 Gb Free Space | 94,03% Space Free | Partition Type: NTFS
Drive N: | 154,36 Gb Total Space | 145,16 Gb Free Space | 94,03% Space Free | Partition Type: NTFS
Drive P: | 154,36 Gb Total Space | 145,16 Gb Free Space | 94,03% Space Free | Partition Type: NTFS
Drive U: | 482,51 Mb Total Space | 482,00 Mb Free Space | 99,89% Space Free | Partition Type: FAT32
 
Computer Name: xxxx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\MagicTune Premium\MagicTune.exe" = C:\Programme\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\PVSW\bin\w3dbsmgr.exe" = C:\PVSW\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager -- ()
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\DOKUME~1\FRIEDR~1\LOKALE~1\Temp\0.9426957749426517.exe" = [String data over 1000 bytes]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0EFC334E-0BFE-4387-8E67-A0DAA54D998D}" = AutoRotation Premium
"{1A91342B-042E-46B3-AD06-897FF1BAC8F4}" = OKI C3300_3400 Status Monitor
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{48AB06FF-059D-43DE-ACC1-15920D5A7FF2}" = JRE 1.4.2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5D729200-F340-4A74-A1E9-32387CDC63EF}" = OKI Color Correct Utility
"{5F045A94-B4B0-4F24-BE71-8491B7121CB0}" = Auerswald COMtools 2.2.69
"{65B2B4C4-A67F-485E-9A6B-E72E07AB8DFF}" = Auerswald COMlist 2.4.36
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESSR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{938996BF-AE93-451A-853C-91F16CF4333A}" = Auerswald COMfortel Melody 1.0.37
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch-Dienstprogramm
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{BC3EAA6A-FA0A-4E88-87DE-A34D0DFF3FDF}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{C095AB64-EF16-4636-9A78-5E72C3DC3173}" = Auerswald COMset 2.6.29
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43EE115-39FC-4FC4-9DAA-ACF527620298}" = Auerswald COMfortel Set 2.0.08
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360A313-4656-4A1F-929A-243F668C12DA}" = Template Manager 3.0
"{D8C0330E-C815-4C6F-9BFD-0FD570155790}" = Pervasive.SQL 9 SP2 Workgroup for Windows (9.5)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Auerswald CAPI 2.0 Treiber" = Auerswald-CAPI-2.0-Treiber
"Auerswald UNI TSP Treiber" = Auerswald UNI TSP Treiber
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.3.1
"FreePDF_XP" = FreePDF XP (Remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"LIDL Fotoservice_is1" = LIDL Fotoservice
"Lidl-Fotos_is1" = Lidl-Fotos
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Xtreme Web Designer 5 D" = MAGIX Xtreme Web Designer 5 5.0.1.10003 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities_is1" = Norton Utilities
"NVIDIA Drivers" = NVIDIA Drivers
"Pervasive System Analyzer" = Pervasive System Analyzer
"Profi cash" = Profi cash
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SystemRequirementsLab" = System Requirements Lab
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.05.2010 03:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
Error - 08.05.2010 04:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
Error - 08.05.2010 05:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
Error - 08.05.2010 06:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
Error - 08.05.2010 07:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
Error - 08.05.2010 08:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
Error - 08.05.2010 09:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
Error - 08.05.2010 10:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
Error - 08.05.2010 11:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
Error - 08.05.2010 12:34:14 | Computer Name = xxxx | Source = Google Update | ID = 20
Description = 
 
[ OSession Events ]
Error - 18.09.2008 04:56:00 | Computer Name = xxxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 209
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2009 07:40:56 | Computer Name = xxxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2009 07:41:02 | Computer Name = xxxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2009 07:41:07 | Computer Name = xxxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.06.2010 06:21:42 | Computer Name = xxxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 19.06.2010 06:29:17 | Computer Name = xxxx | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 21.06.2010 02:23:42 | Computer Name = xxxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 21.06.2010 07:03:04 | Computer Name = xxxx | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 21.06.2010 07:06:02 | Computer Name = xxxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 21.06.2010 07:31:34 | Computer Name = xxxx | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 21.06.2010 07:32:54 | Computer Name = xxxx | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 21.06.2010 07:34:19 | Computer Name = xxxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 22.06.2010 02:15:12 | Computer Name = xxxx | Source = Service Control Manager | ID = 7034
Description = Dienst "MagicTuneEngine" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 22.06.2010 02:17:58 | Computer Name = xxxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
 
< End of report >

--- --- ---

Hoffe ihr könnt was damit anfangen!
MFG

markusg · 22.06.2010, 11:16

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - N:\BWWIN32.exe ()
O36 - AppCertDlls: extrpbar - (C:\WINDOWS\system32\attruota.dll) - C:\WINDOWS\system32\attruota.dll ()
[2010.06.16 08:43:59 | 000,613,362 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\mdbu.bin
:Files
N:\BWWIN32.exe
C:\WINDOWS\system32\attruota.dll
:HOSTS
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

oberfläche · 24.06.2010, 16:03

Hi, hier der Report:

Code:

ATTFilter

All processes killed
========== OTL ==========
No active process named BWWIN32.exe was found!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\extrpbar:C:\WINDOWS\system32\attruota.dll deleted successfully.
C:\WINDOWS\system32\attruota.dll moved successfully.
C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\mdbu.bin moved successfully.
========== FILES ==========
N:\BWWIN32.exe moved successfully.
File\Folder C:\WINDOWS\system32\attruota.dll not found.
Error: Unable to interpret <:HOSTS> in the current context!
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 405 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 41 bytes
 
User: xxxx
->Flash cache emptied: 2780 bytes
 
User: LocalService
->Flash cache emptied: 405 bytes
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 739463276 bytes
->Temporary Internet Files folder emptied: 3065380 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: xxxx
->Temp folder emptied: 185662838 bytes
->Temporary Internet Files folder emptied: 7193067 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 263337 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148906 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89608222 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 980,00 mb
 
 
OTL by OldTimer - Version 3.2.6.1 log created on 06242010_165715

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JETE176.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_244.dat not found!

Registry entries deleted on Reboot...

MFG

markusg · 24.06.2010, 16:16

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

oberfläche · 25.06.2010, 16:22

Hier die logdatei von combofix:

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 10-06-24.03 - xxxx 25.06.2010  17:13:47.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1318 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxxx\Desktop\ComboFix.exe
.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-25 bis 2010-06-25  ))))))))))))))))))))))))))))))
.

2010-06-25 15:04 . 2010-06-25 15:04	--------	d-sh--w-	c:\dokumente und einstellungen\xxxx\IECompatCache
2010-06-24 14:57 . 2010-06-24 14:57	--------	d-----w-	C:\_OTL
2010-06-21 11:23 . 2010-06-21 11:23	--------	d-----w-	c:\dokumente und einstellungen\xxxx\Anwendungsdaten\Malwarebytes
2010-06-21 11:23 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-21 11:23 . 2010-06-21 11:23	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-06-21 11:23 . 2010-06-21 11:23	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-21 11:23 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-19 10:22 . 2010-06-19 10:22	--------	d-sh--w-	c:\dokumente und einstellungen\xxxx\PrivacIE
2010-06-19 10:22 . 2010-06-19 10:22	--------	d-sh--w-	c:\dokumente und einstellungen\LocalService\IETldCache
2010-06-19 10:20 . 2010-06-19 10:20	--------	d-sh--w-	c:\dokumente und einstellungen\xxxx\IETldCache
2010-06-19 10:18 . 2010-06-21 10:48	--------	d-----w-	c:\windows\ie8updates
2010-06-19 10:15 . 2010-06-19 10:17	--------	dc-h--w-	c:\windows\ie8
2010-06-19 10:14 . 2010-05-06 10:31	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2010-06-19 10:14 . 2010-05-06 10:31	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2010-06-19 10:14 . 2010-05-06 10:31	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2010-06-19 10:13 . 2010-04-16 11:43	41984	-c----w-	c:\windows\system32\dllcache\iecompat.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 05:49 . 2009-12-10 14:50	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-06-24 19:46 . 2008-06-09 10:34	16	----a-w-	c:\windows\system32\magicpvt.dat
2010-06-24 19:46 . 2008-06-09 10:34	32	----a-w-	c:\windows\system32\driver.dat
2010-06-24 14:57 . 2006-02-28 12:00	90924	----a-w-	c:\windows\system32\perfc007.dat
2010-06-24 14:57 . 2006-02-28 12:00	477134	----a-w-	c:\windows\system32\perfh007.dat
2010-06-21 11:30 . 2008-10-07 12:30	--------	d-----w-	c:\programme\Applications
2010-06-21 10:52 . 2009-02-26 15:09	--------	d-----w-	c:\programme\CCleaner
2010-06-19 10:20 . 2009-04-29 09:36	--------	d-----w-	c:\programme\Google
2010-06-09 13:03 . 2008-06-09 07:31	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-06-08 12:45 . 2008-06-09 08:08	--------	d-----w-	c:\programme\Microsoft Silverlight
2010-05-06 10:31 . 2006-02-28 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-06 07:42 . 2010-05-06 07:42	--------	d-----w-	c:\dokumente und einstellungen\xxxx\Anwendungsdaten\Babylon
2010-05-06 07:42 . 2010-05-06 07:42	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Babylon
2010-05-02 08:05 . 2006-02-28 12:00	1851392	----a-w-	c:\windows\system32\win32k.sys
2010-04-28 08:54 . 2009-09-02 09:18	--------	d-----w-	c:\programme\Aldi Sued Fotoservice
2010-04-20 05:29 . 2006-02-28 12:00	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-03-30 22:16 . 2010-03-30 22:16	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2008-06-12 13:12 . 2008-06-12 13:11	190	----a-w-	c:\programme\Gemeinsame Dateien\psasetup.log
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="c:\programme\Norton Utilities 14\nu.exe" [2009-09-23 4105576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"CamMonitor"="c:\programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"MagicRotation"="c:\programme\MagicRotation\MagicPvt.exe" [2007-08-24 1097728]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
GammaTray.lnk - c:\programme\MagicTune Premium\GammaTray.exe [2008-6-9 36864]
NCProTray.lnk - c:\programme\SEC\Natural Color Pro\NCProTray.exe [2008-6-9 49220]
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\bin\w3dbsmgr.exe [2006-5-18 106546]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Zahlungserinnerung.lnk - c:\profi cash\wzed.exe [2009-2-26 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^EPSON Status Monitor 3 Environment Check(3).lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\EPSON Status Monitor 3 Environment Check(3).lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17	952768	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42	36272	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 09:13	152872	----a-w-	c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 08:42	69632	----a-w-	c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-12 15:18	136600	----a-w-	c:\programme\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\MagicTune Premium\\MagicTune.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\PVSW\\bin\\w3dbsmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [28.01.2010 04:45 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [28.01.2010 04:45 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [28.01.2010 04:45 482432]
R1 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100624.001\IDSXpx86.sys [25.06.2010 05:58 331640]
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [09.06.2008 12:34 9728]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [06.05.2009 18:53 1220608]
R2 Norton Internet Security;Norton Internet Security;c:\programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [28.01.2010 04:45 117640]
R3 aucapi;Auerswald CAPI2.0 Device;c:\windows\system32\drivers\aucapi.sys [14.02.2008 10:44 188976]
R3 aumpa;Auerswald ISDN WAN Miniport Driver;c:\windows\system32\drivers\aumpa.sys [14.02.2008 10:44 140336]
R3 auusb;Auerswald ISDN USB Driver;c:\windows\system32\drivers\auusb.sys [01.02.2008 07:56 160816]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02.06.2010 02:29 102448]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S2 gupdate1c9c8aded9d4818;Google Update Service (gupdate1c9c8aded9d4818);c:\programme\Google\Update\GoogleUpdate.exe [29.04.2009 11:36 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 10:10 3276800]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Inhalt des "geplante Tasks" Ordners

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-29 09:36]

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-29 09:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://aolwebmail.aol.de/landing-page
uDefault_Search_URL = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Connection Wizard,ShellNext = hxxp://renewalcenter.symantec.com/storefront/user/home.jsp?NOS=kjhawazbOPIPChxtwAiBKDsNTNUCtAKaygiCv4RZDQBDvStB8mfCsrINTDwijrTCF5LpTgFlCBe4zHFH834QXHFM6%2F2ybNAvVAi6ITiDIjDdGQswC2zFMN2GDWRmzVjCC1pbS%2B2GCcSCT0CCs8eEDNNeGRgBECA%2BvlHFH834QXHFM6&SASSERVER=lcsitemain.symantec.com&TRANSID=%2F10097711%2FC6bb746DB858FD14E066B&GUID=786D05A5A0F14055BCB6543C451E5F7F&SSLT=2&GER&DEU&GE&oslang=iso:GER&oslocale=iso:DEU&vendid=003&vendtag=0&epid=786D05A5A0F14055BCB6543C451E5F7F
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\my.screenname
Trusted Zone: aol.com\webmail
Trusted Zone: aol.com\webmail1.webmail
Trusted Zone: aol.de
Trusted Zone: aol.de\navigate
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-HijackThis - c:\dokumente und einstellungen\xxxx\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JD2TV3RZ\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2010-06-25 17:16
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programme\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-06-25  17:17:51
ComboFix-quarantined-files.txt  2010-06-25 15:17

Vor Suchlauf: 11 Verzeichnis(se), 178.774.376.448 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 178.794.553.344 Bytes frei

- - End Of File - - BC872DC7E8EF7FF8D96C137D2AA16259
         
 --- --- ---

MFG

markusg · 25.06.2010, 16:35

du willst doch weiterhin norton nutzen? warum hast du noch kein norton 2010 instaliert, bitte mach das und scanne dann damit deinen pc.

24.06.2010, 16:16	#6
markusg /// Malware-holic	Google leitet auf falsche Seiten weiter - hier mein HiJackThis log bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix

25.06.2010, 16:35	#8
markusg /// Malware-holic	Google leitet auf falsche Seiten weiter - hier mein HiJackThis log du willst doch weiterhin norton nutzen? warum hast du noch kein norton 2010 instaliert, bitte mach das und scanne dann damit deinen pc.

Google leitet auf falsche Seiten weiter - hier mein HiJackThis log

Log-Analyse und Auswertung: Google leitet auf falsche Seiten weiter - hier mein HiJackThis log