Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware

Maddin92 · 29.06.2010, 21:19

Hallo,

danke für deine Antwort. Anbei die Logs. MBAM hat 3 Dateien gefunden, wovon 2 allerdings zu CryptLoad gehören, die andere habe ich gelöscht.

Gruß
Martin

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4258

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.06.2010 21:38:30
mbam-log-2010-06-29 (21-38-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 227653
Laufzeit: 1 Stunde(n), 49 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{F2FE938B-A755-4FC6-80EC-148EA957A80F}\RP509\A0113562.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Kowsko\Desktop\CryptLoad_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Not selected for removal.
C:\Dokumente und Einstellungen\Kowsko\Desktop\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Not selected for removal.

Code:

ATTFilter

OTL logfile created on: 29.06.2010 21:45:09 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 595,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 54,39 Gb Free Space | 48,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***1
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe ()
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwimg.dll ()
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe (Acronis)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (prfldsvc) -- C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
SRV - (OOD2000) -- C:\WINDOWS\System32\OOD2000.exe (O&O Software GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SKYNET) -- C:\WINDOWS\system32\drivers\SkyNET.sys (TechniSat Digital, S.A.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Prvflder) -- C:\WINDOWS\system32\drivers\prvflder.sys (Windows (R) 2000 DDK provider)
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (vmm) -- C:\WINDOWS\system32\drivers\VMM.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (jfdcd) -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\jfdcd.sys ()
DRV - (Cinemsup) -- C:\WINDOWS\system32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (QCDonner) -- C:\WINDOWS\system32\drivers\OVCD.sys (Microsoft Corporation)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2008.04.09 15:34:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010.06.04 22:40:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.12 16:05:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.04 14:56:03 | 000,000,000 | ---D | M]
 
[2009.03.16 17:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2009.02.22 22:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{a23983c0-fd0e-11dc-95ff-0800200c9a66}
[2009.03.16 17:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2009.02.22 22:08:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Fennec\Profiles\94gd9dro.default\extensions
[2010.06.20 17:06:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions
[2010.05.17 15:42:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.06.03 18:08:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.17 15:42:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.17 15:42:26 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2009.07.27 14:46:49 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.05.17 15:42:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009.03.23 20:22:16 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010.05.17 15:42:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\locationbar2@design-noir.de
[2009.06.25 20:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\longurlplease@darragh.curran
[2009.05.24 15:36:38 | 000,000,916 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\searchplugins\pons-englisch--deutsch.xml
[2010.06.20 17:06:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.24 19:46:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.24 19:46:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.24 19:46:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.24 19:46:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.24 19:46:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2002.08.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [zinit32] C:\WINDOWS\Zinit32.exe (Agenda Informationssysteme GmbH)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\CAPIControl.lnk = C:\Programme\DeTeWe\OpenDimension\driver\Capictrl.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\HomeNet Control.lnk = C:\Programme\DeTeWe\OpenDimension\driver\HNetCtrl.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\WinFlip.lnk = C:\Dokumente und Einstellungen\***\Desktop\Installationsdateien\WFlip050\WinFlip.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Internet Explorer Updater = c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Internet Explorer Updater = c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.02 15:52:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.08.17 14:48:16 | 000,000,040 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ee1f1cc0-68d6-11de-b293-001c4af66951}\Shell - "" = AutoRun
O33 - MountPoints2\{ee1f1cc0-68d6-11de-b293-001c4af66951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.29 21:44:24 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.06.20 18:56:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.20 18:36:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.06.20 18:36:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.20 18:36:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.20 18:36:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.20 18:36:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.20 18:29:29 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.06.20 18:16:04 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.20 18:14:30 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.06.20 17:54:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe
[2010.06.16 19:44:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Weidi Forrest Gump
[2010.06.16 18:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\CryptLoad_1.1.8
[2010.06.16 08:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp
[2010.06.15 19:25:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\usb stick pfälzer klang
[2010.06.12 12:13:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Facebook
[2010.06.11 12:49:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.11 10:56:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.06.09 20:29:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\bilder und videos
[2010.06.09 17:03:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\m
[2010.06.08 18:35:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\bk weinblatt
[2010.06.07 16:54:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Rom Flashen
[2010.06.07 15:58:37 | 000,000,000 | ---D | C] -- C:\Programme\PocketRAR
[2010.06.06 13:16:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\WM Programme
[2010.06.06 12:29:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\My Mobile
[2010.06.06 01:39:28 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync
[2010.06.04 11:36:44 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2010.06.04 11:36:42 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCDE.DLL
[2010.06.04 11:36:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2DE.DLL
[2010.06.04 11:36:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2010.06.04 11:36:41 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2010.06.03 15:45:18 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010.06.03 15:45:18 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2008.10.07 23:42:42 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.29 21:44:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.06.29 21:43:17 | 000,000,032 | ---- | M] () -- C:\WINDOWS\AROEY95.INI
[2010.06.29 21:43:10 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.29 21:43:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.29 21:40:49 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.06.29 21:40:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.29 21:40:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.29 21:40:30 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.29 21:39:24 | 007,340,032 | ---- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat
[2010.06.29 21:39:24 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.06.29 21:25:06 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.29 21:14:39 | 000,001,220 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2010.06.29 19:30:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.20 18:36:06 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.20 18:16:10 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.06.20 18:15:04 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.06.20 18:14:47 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2010.06.20 17:54:43 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe
[2010.06.19 20:21:47 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Word 2003.lnk
[2010.06.19 17:29:26 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\vvl 1und1.doc
[2010.06.16 20:41:00 | 000,075,239 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\EV_Fehlende_Teile.pdf
[2010.06.16 19:40:14 | 000,004,705 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\19413612874be2ed78f197d.ccf
[2010.06.15 22:24:51 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010.06.14 01:28:57 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Review of Jerzy Kosinskis book.doc
[2010.06.13 12:32:26 | 000,050,628 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\maddingoddiyannick#.jpg
[2010.06.12 14:05:14 | 000,301,549 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMAG0019.jpg
[2010.06.12 12:13:20 | 000,452,832 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.12 12:13:20 | 000,435,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.12 12:13:20 | 000,081,208 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.12 12:13:20 | 000,068,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.12 12:13:19 | 001,044,938 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.11 21:07:36 | 013,683,542 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\VIDEO0010.mp4
[2010.06.11 19:13:54 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.11 12:48:39 | 000,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.10 22:46:17 | 000,520,459 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\astra st.jpg
[2010.06.09 16:49:12 | 002,037,702 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\e3c.jpg
[2010.06.09 16:42:40 | 003,254,056 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\e3.jpg
[2010.06.09 16:38:38 | 002,881,975 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\e2.jpg
[2010.06.09 16:35:51 | 001,678,360 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\e.jpg
[2010.06.07 20:55:00 | 000,347,096 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\mymobiler screenshot.jpg
[2010.06.07 19:07:29 | 000,071,115 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\800from1.jpg
[2010.06.07 19:00:54 | 000,002,187 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft ActiveSync.lnk
[2010.06.06 01:43:54 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2010.06.05 13:23:15 | 000,007,709 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\leppel sau voll.jpg
[2010.06.04 10:28:21 | 000,006,279 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-06-04 vor ref akt
[2010.06.01 21:48:22 | 000,000,258 | ---- | M] () -- C:\WINDOWS\.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.20 18:36:06 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.20 18:16:09 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.06.20 18:14:41 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2010.06.19 17:29:26 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\vvl 1und1.doc
[2010.06.16 20:41:00 | 000,075,239 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\EV_Fehlende_Teile.pdf
[2010.06.16 19:40:12 | 000,004,705 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\19413612874be2ed78f197d.ccf
[2010.06.14 00:28:49 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Review of Jerzy Kosinskis book.doc
[2010.06.13 12:32:25 | 000,050,628 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\maddingoddiyannick#.jpg
[2010.06.12 15:14:21 | 013,683,542 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\VIDEO0010.mp4
[2010.06.12 14:16:43 | 000,301,549 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMAG0019.jpg
[2010.06.10 22:46:16 | 000,520,459 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\astra st.jpg
[2010.06.09 16:49:11 | 002,037,702 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\e3c.jpg
[2010.06.09 16:42:39 | 003,254,056 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\e3.jpg
[2010.06.09 16:38:38 | 002,881,975 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\e2.jpg
[2010.06.09 16:35:50 | 001,678,360 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\e.jpg
[2010.06.07 20:55:00 | 000,347,096 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\mymobiler screenshot.jpg
[2010.06.07 19:07:29 | 000,071,115 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\800from1.jpg
[2010.06.06 13:01:47 | 000,002,187 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft ActiveSync.lnk
[2010.06.06 01:43:54 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2010.06.05 13:23:15 | 000,007,709 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\leppel sau voll.jpg
[2010.06.04 11:36:44 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.06.04 10:28:21 | 000,006,279 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-06-04 vor ref akt
[2010.02.03 22:04:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010.02.01 21:54:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AROEY95.INI
[2009.08.10 15:58:44 | 000,000,667 | ---- | C] () -- C:\WINDOWS\Banana3.ini
[2009.05.25 20:52:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009.05.25 20:46:08 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2009.03.12 17:31:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.03.10 17:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.10.18 13:00:40 | 000,000,258 | ---- | C] () -- C:\WINDOWS\.ini
[2008.10.11 13:04:49 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2008.09.16 18:15:13 | 000,001,037 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.09.06 21:15:45 | 000,000,123 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008.08.27 21:49:20 | 000,024,580 | ---- | C] () -- C:\WINDOWS\System32\wsfaxmon.dll
[2008.08.27 21:48:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OAISetup.INI
[2008.08.27 21:48:45 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2008.08.04 18:35:38 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2008.08.04 18:35:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008.08.04 18:35:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BROHL143.INI
[2008.08.04 18:35:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008.08.04 18:35:23 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2008.08.04 18:35:23 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2008.08.04 18:35:21 | 000,013,110 | ---- | C] () -- C:\WINDOWS\HL-1430.INI
[2008.08.03 19:23:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1430.ini
[2008.08.03 18:58:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1470.ini
[2008.08.03 18:58:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008.08.03 18:58:55 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008.08.03 14:32:36 | 000,000,057 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008.08.03 14:32:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2008.08.03 14:31:50 | 000,000,502 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008.06.28 12:44:28 | 000,000,916 | ---- | C] () -- C:\WINDOWS\GTA-SA_Trn_Settings.ini
[2008.04.25 09:11:45 | 000,244,984 | ---- | C] () -- C:\WINDOWS\TUTIL32.DLL
[2008.04.25 09:11:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tm.ini
[2008.04.25 09:11:09 | 001,573,888 | ---- | C] () -- C:\WINDOWS\System32\WertZu80.dll
[2008.04.22 17:10:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2008.04.22 17:10:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008.04.07 14:50:11 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.04.06 19:14:44 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.01.31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006.10.22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.06.09 15:20:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999.09.20 10:05:32 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 498 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
< End of report >

--- --- ---

Code:

ATTFilter

OTL Extras logfile created on: 29.06.2010 21:45:09 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 595,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 54,39 Gb Free Space | 48,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***1
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\imageN\imageN.exe" = C:\Programme\imageN\imageN.exe:*:Enabled:imageN -- File not found
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- File not found
"C:\Programme\TeamViewer3\TeamViewer.exe" = C:\Programme\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Apps\2.0\LNEL6MGP.8CV\ZH5GTZNR.8MH\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf0f9b5c5281\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Apps\2.0\LNEL6MGP.8CV\ZH5GTZNR.8MH\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf0f9b5c5281\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin)
"C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe" = C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe:*:Enabled:FRITZ!Box Monitor -- File not found
"C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe" = C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server -- File not found
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe" = C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player -- File not found
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\173871141200354A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\173871141200354A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:skype -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***\Desktop\My Mobile\MyMobiler\MyMobiler.exe" = C:\Dokumente und Einstellungen\***\Desktop\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobiler -- (MTUX Corp)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{213B996A-A55B-4F9F-B897-2F8C4397EF97}" = WinFunktion Mathematik + 16
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3AE8FC9B-0784-4ACB-92FE-69683FB905CA}_is1" = GTR
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D24A762-F5A2-41C1-9F0A-300B4D8D5A2B}" = Mathe Klasse 8-10
"{4BD44C14-85A1-4EC2-94D3-2F8CC2B80EA4}" = Uniwell  PLM v2.22 (CD06)
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{644EA08F-87D2-48C0-AE94-B327D1C85A97}" = Microsoft Private Folder 1.0
"{648F9C94-EC44-487B-9DA4-44ED72A082CC}" = Logitech Gaming Software
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C7DDE5A-6A22-4D65-BA0F-AB41289A1E70}" = Microsoft Windows CE 5.0 Emulator
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Seagate*DiscWizard
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E86E5246-AA7E-11D4-88C9-00105ADBE398}" = O&O Defrag 2000 Freeware Edition
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Banana Buchhaltung 3 - CashBook" = Banana Buchhaltung 3 - CashBook
"Brother HL-1430" = Brother HL-1430
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fragen-Lern-CD" = Fragen-Lern-CD
"Google Updater" = Google Updater
"HD Tune_is1" = HD Tune 2.55
"HDD Health_is1" = HDD Health v3.3 Beta
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motherboard Monitor 5.3.7.0 Languages_is1" = Motherboard Monitor 5 Languages
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PocketRAR" = Pocket RAR documentation
"QIP 2005_is1" = QIP 2005 8090
"QIP2005" = QIP 2005 Uninstall
"RealPlayer 6.0" = RealPlayer
"SPG-Verein-28" = SPG-Verein 2.8
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 3" = TeamViewer 3
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 0.9.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"Facebook Plug-In" = Facebook Plug-In
"QIP 2005" = QIP 2005 8092
"QIP Infium" = QIP Infium 2.0.9030 RC4
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 16:25:06 | Computer Name = ***1 | Source = Google Update | ID = 20
Description = 
 
Error - 20.06.2010 17:25:05 | Computer Name = ***1 | Source = Google Update | ID = 20
Description = 
 
Error - 29.06.2010 14:25:09 | Computer Name = ***1 | Source = Google Update | ID = 20
Description = 
 
Error - 29.06.2010 15:25:06 | Computer Name = ***1 | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 05.06.2010 19:33:14 | Computer Name = ***1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 06.06.2010 12:34:03 | Computer Name = ***1 | Source = PSched | ID = 14103
Description = QoS [Adapter {F16BF5AF-49A1-49BC-AD8C-CA2F688FD9C0}]:  Die Abfrage des
 Netzwerkkartentreibers nach OID_GEN_LINK_SPEED ist fehlgeschlagen.
 
Error - 07.06.2010 01:44:02 | Computer Name = ***1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 09.06.2010 09:02:42 | Computer Name = ***1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 11.06.2010 04:44:40 | Computer Name = ***1 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman.
 
Error - 13.06.2010 06:01:14 | Computer Name = ***1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 14.06.2010 06:18:25 | Computer Name = ***1 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RECHNER01",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6ED714CE-B4D3-441C-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 17.06.2010 16:25:32 | Computer Name = ***1 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService.
 
Error - 20.06.2010 12:56:53 | Computer Name = ***1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet:
 0
 
Error - 29.06.2010 13:31:49 | Computer Name = ***1 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
 
< End of report >

--- --- ---

EDIT: Soll ich diese beiden Einträge mit HijackThis fixen?

Code:

ATTFilter

O4 - HKLM\..\Policies\Explorer\Run: [Internet Explorer Updater] c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe
O4 - HKCU\..\Policies\Explorer\Run: [Internet Explorer Updater] c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware

Log-Analyse und Auswertung: Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware

Ähnliche Themen: Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware