Backdoor- und Hijackfiles gefunden

Sarah87 · 18.02.2011, 15:26

Hallo,

ein Routinetest auf dem Rechner meiner Mitbewohnerin hatte ein paar boese Ueberaschungen parat. Meine Frage ist, ob es ueberhaupt noch Sinn macht hier rum zu doktorn. Oder ob ein Neuaufsetzen nicht schon unumgaenglich ist.

PHP-Code:

  Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 
Datenbank Version: 5795

 
Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 
18.02.2011 15:04:57

mbam-log-2011-02-18 (15-04-45).txt

 
Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 161134

Laufzeit: 7 Minute(n), 1 Sekunde(n)

 
Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 6

Infizierte Registrierungswerte: 2

Infizierte Dateiobjekte der Registrierung: 1

Infizierte Verzeichnisse: 2

Infizierte Dateien: 3

 
Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

 
Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

 
Infizierte Registrierungsschlüssel:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> No action taken.

 
Infizierte Registrierungswerte:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\AppSecDll (Trojan.Agent) -> Value: AppSecDll -> No action taken.

 
Infizierte Dateiobjekte der Registrierung:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> No action taken.

 
Infizierte Verzeichnisse:

c:\RECYCLER\s-1-5-21-0243336031-4052116379-881863308-0851 (Trojan.Agent) -> No action taken.

c:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

 
Infizierte Dateien:

c:\RECYCLER\s-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Trojan.Agent) -> No action taken.

c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.

c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.

Alle Dateien wurden erfolgreich entfernt, das Log hab ich nur irgendwie verbaselt.
Mit freundlichen Gruessen

markusg · 18.02.2011, 16:02

bitte logs net als php code!!
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

Sarah87 · 19.02.2011, 10:33

Alles klar, kommt nicht wieder vor

OTL Logfile:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.02.2011 10:17:40 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Dokumente und Einstellungen\xxxAdmin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,00 Mb Total Physical Memory | 247,00 Mb Available Physical Memory | 48,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,29 Gb Total Space | 20,72 Gb Free Space | 44,76% Space Free | Partition Type: NTFS
Drive D: | 33,21 Gb Total Space | 2,20 Gb Free Space | 6,64% Space Free | Partition Type: NTFS
Drive E: | 13,65 Gb Total Space | 9,34 Gb Free Space | 68,46% Space Free | Partition Type: FAT32
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.02.19 10:10:39 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxAdmin\Eigene Dateien\Downloads\OTL.exe
PRC - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.05.29 11:18:32 | 000,202,016 | R--- | M] (SupportSoft, Inc.) -- C:\Programme\Belgacom\bin\sprtsvc.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.03.05 00:29:14 | 000,737,370 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005.03.05 00:29:14 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005.03.05 00:28:38 | 000,110,691 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005.03.05 00:28:34 | 000,184,421 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2004.11.01 16:55:40 | 000,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2004.06.26 00:17:06 | 000,254,224 | ---- | M] (Computer Associates International, Inc.) -- C:\Programme\CA\eTrust Antivirus\InoTask.exe
PRC - [2004.06.26 00:16:54 | 000,241,936 | ---- | M] (Computer Associates International, Inc.) -- C:\Programme\CA\eTrust Antivirus\InoRT.exe
PRC - [2004.06.26 00:16:50 | 000,139,536 | ---- | M] (Computer Associates International, Inc.) -- C:\Programme\CA\eTrust Antivirus\InoRpc.exe
PRC - [2004.06.26 00:16:30 | 000,209,168 | ---- | M] (Computer Associates International, Inc.) -- C:\Programme\CA\SharedComponents\ScanEngine\Inodist.exe
PRC - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.02.19 10:10:39 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxAdmin\Eigene Dateien\Downloads\OTL.exe
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008.05.29 11:18:32 | 000,202,016 | R--- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Programme\Belgacom\bin\sprtsvc.exe -- (sprtsvc_belgacom) SupportSoft Sprocket Service (belgacom)
SRV - [2008.05.29 11:17:12 | 000,382,320 | R--- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2005.03.05 00:29:14 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.03.05 00:28:38 | 000,110,691 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005.03.05 00:28:34 | 000,184,421 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004.11.01 16:55:40 | 000,057,344 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2004.06.26 00:17:06 | 000,254,224 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Programme\CA\eTrust Antivirus\InoTask.exe -- (InoTask)
SRV - [2004.06.26 00:16:54 | 000,241,936 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Programme\CA\eTrust Antivirus\InoRT.exe -- (InoRT)
SRV - [2004.06.26 00:16:50 | 000,139,536 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Programme\CA\eTrust Antivirus\InoRpc.exe -- (InoRPC)
SRV - [2003.06.20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008.04.13 18:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008.04.13 18:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008.04.13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005.03.01 15:13:08 | 001,013,248 | ---- | M] (Animation Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVHybrid.sys -- (LVHybrid)
DRV - [2005.02.25 13:32:34 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2005.02.11 00:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.01.13 14:11:52 | 001,038,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_dpv.sys -- (HSF_DPV)
DRV - [2005.01.13 14:11:04 | 000,172,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsfhwazl.sys -- (HSFHWAZL)
DRV - [2005.01.13 14:11:00 | 000,709,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.01.05 18:48:42 | 000,226,768 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slazldrv.sys -- (Slazldrv)
DRV - [2004.12.22 22:40:00 | 003,395,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.12.13 16:42:14 | 002,329,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004.11.29 19:34:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004.11.29 19:34:32 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004.11.29 19:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004.11.29 19:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.11.16 11:16:20 | 000,154,880 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2004.11.11 11:11:06 | 000,020,352 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2004.11.01 16:26:38 | 000,014,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys -- (RecAgent)
DRV - [2004.11.01 16:24:02 | 000,229,720 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004.11.01 16:19:02 | 000,100,176 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys -- (SlNtHal)
DRV - [2004.11.01 16:17:28 | 001,396,048 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys -- (Mtlstrm)
DRV - [2004.11.01 16:07:52 | 000,013,216 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys -- (SlWdmSup)
DRV - [2004.10.29 18:48:08 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004.10.27 07:24:00 | 000,223,104 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004.10.08 14:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004.08.12 17:45:52 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2004.01.16 13:02:58 | 000,017,408 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2003.12.08 11:53:50 | 000,036,256 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5ln.sys -- (alcan5ln) SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS)
DRV - [2003.12.08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002.07.17 07:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001.08.17 12:13:14 | 000,046,108 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cben5.sys -- (CBEN5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not found
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
 
IE - HKU\S-1-5-21-4053401081-857187498-617513720-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-4053401081-857187498-617513720-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4053401081-857187498-617513720-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.07 09:01:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.07 08:59:26 | 000,000,000 | ---D | M]
 
[2010.07.07 09:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Mozilla\Extensions
[2011.01.22 00:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Mozilla\Firefox\Profiles\trbiztwe.default\extensions
[2010.07.07 09:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Mozilla\Firefox\Profiles\trbiztwe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.18 09:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.06.26 09:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 09:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 09:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 09:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 09:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-4053401081-857187498-617513720-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4053401081-857187498-617513720-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - c:\programme\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - c:\programme\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - c:\programme\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Verweisseiten - c:\programme\google\GoogleToolbar2.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109277765367 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxxAdmin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxxAdmin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.03.03 12:27:57 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{67599716-97a1-11d9-bb21-00038a000015}\Shell\AutoRun\command - "" = G:\OEMBranding.exe
O33 - MountPoints2\{a5cb2279-8704-11d9-b46f-000e35af0cbc}\Shell\AutoRun\command - "" = H:\OEMBranding.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AlcWzrd - hkey= - key= - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: nwiz - hkey= - key= -  File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SupportSoft RemoteAssist - C:\Programme\Gemeinsame Dateien\Supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.18 14:53:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Malwarebytes
[2011.02.18 14:53:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.18 14:53:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.02.18 14:53:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.02.18 14:53:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.18 11:55:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxxAdmin\Recent
[2011.02.18 11:44:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011.01.21 21:01:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Canneverbe Limited
[2011.01.21 21:01:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.01.21 21:01:25 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2011.01.21 15:44:10 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2005.02.24 20:32:40 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.19 10:13:30 | 000,017,916 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.02.19 10:01:29 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.02.19 10:01:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.19 10:01:05 | 534,892,544 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.18 16:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011.02.18 15:00:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011.02.18 14:52:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.02.18 14:51:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.02.18 14:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011.02.18 13:00:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011.02.18 12:00:28 | 000,000,606 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxAdmin\Desktop\Verknüpfung mit CCleaner.exe.lnk
[2011.02.18 12:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011.02.16 18:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011.02.16 17:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011.02.16 11:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011.02.14 21:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011.02.13 10:46:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.13 10:46:25 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.11 10:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011.02.10 23:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011.02.09 13:39:49 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\wklnhst.dat
[2011.02.07 22:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011.02.07 20:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011.02.03 00:02:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011.01.30 19:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011.01.24 04:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011.01.24 03:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011.01.24 02:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011.01.24 01:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011.01.21 21:01:32 | 000,001,580 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2011.01.21 15:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011.01.21 15:44:10 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.18 12:00:28 | 000,000,606 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxAdmin\Desktop\Verknüpfung mit CCleaner.exe.lnk
[2011.01.21 21:01:32 | 000,001,580 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2011.01.21 21:01:31 | 000,001,524 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CDBurnerXP.lnk
[2011.01.21 21:01:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.12.21 08:59:38 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\wklnhst.dat
[2010.07.07 08:45:52 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxAdmin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.07 08:45:52 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxAdmin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.06.09 23:21:29 | 000,000,678 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.06.03 13:02:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2008.01.28 19:15:28 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2006.03.01 21:43:31 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005.11.28 14:59:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.10.03 12:57:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005.10.03 12:57:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005.10.03 12:57:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005.10.03 12:57:26 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005.10.03 12:57:26 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2005.10.03 10:15:35 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.10.03 10:14:38 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2005.09.19 17:47:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005.05.14 14:13:33 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005.05.14 14:00:45 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.03.31 10:55:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005.03.07 16:42:16 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.03.04 23:43:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.03.03 12:18:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005.03.03 11:47:59 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.02.25 19:21:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.02.25 18:35:29 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\EBD0FB56AE.sys
[2005.02.25 18:35:28 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005.02.25 16:47:41 | 000,021,276 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.02.25 09:54:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.02.24 22:02:22 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005.02.24 22:02:21 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005.02.24 20:32:40 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005.02.24 20:32:39 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005.02.24 20:32:39 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005.02.24 20:14:32 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.02.24 19:51:33 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.02.24 19:31:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.02.24 19:15:16 | 000,000,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.02.08 13:40:06 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005.02.08 13:40:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005.02.08 13:40:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\slcoinst.dll
[2004.11.29 19:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.09.28 22:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004.01.14 08:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003.02.27 10:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.03.28 15:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1834B
[2005.09.28 20:22:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2010.06.03 13:02:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.01.21 21:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.06.03 13:20:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2005.03.03 12:27:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies
[2008.11.03 20:42:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SupportSoft
[2005.03.04 08:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2010.03.19 13:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\X10 Commander
[2005.09.28 20:22:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ableton
[2005.09.28 20:54:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Applied Acoustics Systems
[2010.06.03 13:21:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\elsterformular
[2006.03.18 00:07:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\EverAd
[2005.10.03 10:14:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Pegasys Inc
[2011.01.21 21:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Canneverbe Limited
[2011.02.03 00:02:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011.01.18 09:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011.02.11 10:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011.02.16 11:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011.02.18 12:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011.02.18 13:00:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011.02.18 14:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011.02.18 15:00:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011.02.18 16:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011.02.16 17:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011.02.16 18:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011.01.24 01:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011.01.30 19:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011.02.07 20:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011.02.14 21:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011.02.07 22:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011.02.10 23:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011.01.24 02:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011.01.24 03:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011.01.24 04:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010.12.21 05:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010.12.21 06:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010.04.28 19:24:53 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010.04.28 19:24:53 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2008.11.03 20:42:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\SupportSoft
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.07 09:03:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Adobe
[2010.07.07 09:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\AdobeUM
[2010.12.21 00:35:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Avira
[2011.01.21 21:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Canneverbe Limited
[2005.03.04 22:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\CyberLink
[2010.07.07 08:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\DivX
[2005.02.24 19:39:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Identities
[2005.03.04 10:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Macromedia
[2011.02.18 14:53:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Malwarebytes
[2010.12.17 17:17:53 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Microsoft
[2010.07.07 09:02:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Mozilla
[2005.02.25 16:39:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Real
[2005.03.31 14:43:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxAdmin\Anwendungsdaten\Sun
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.12.09 20:58:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009.12.09 20:58:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.12.09 20:58:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009.12.09 20:58:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.02.24 20:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.02.24 20:20:08 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.02.24 20:20:08 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Files - Unicode (All) ==========
[2009.01.23 00:57:01 | 000,000,190 | ---- | M] ()(C:\WINDOWS\?ªAVSCAN-20090123-005701-5382C8B2.avp) -- C:\WINDOWS\脸ªAVSCAN-20090123-005701-5382C8B2.avp
[2009.01.23 00:57:01 | 000,000,190 | ---- | C] ()(C:\WINDOWS\?ªAVSCAN-20090123-005701-5382C8B2.avp) -- C:\WINDOWS\脸ªAVSCAN-20090123-005701-5382C8B2.avp

< End of report >

--- --- ---
--- --- ---

Extra-Log:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 19.02.2011 10:17:40 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Dokumente und Einstellungen\xxxAdmin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,00 Mb Total Physical Memory | 247,00 Mb Available Physical Memory | 48,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,29 Gb Total Space | 20,72 Gb Free Space | 44,76% Space Free | Partition Type: NTFS
Drive D: | 33,21 Gb Total Space | 2,20 Gb Free Space | 6,64% Space Free | Partition Type: NTFS
Drive E: | 13,65 Gb Total Space | 9,34 Gb Free Space | 68,46% Space Free | Partition Type: FAT32
 
Computer Name: xxx | User Name: xxxAdmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-4053401081-857187498-617513720-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- (Computer Associates International, Inc.)
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- (Computer Associates International, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- (Computer Associates International, Inc.)
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- (Computer Associates International, Inc.)
"C:\Programme\support.com\bin\tgcmd.exe" = C:\Programme\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Programme\support.com\bin\tgcmd .exe" = C:\Programme\support.com\bin\tgcmd .exe:*:Disabled:Support.com Scheduler and Command Dispatcher -- (SupportSoft, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B14B0C3-2D60-477C-A1FE-B88E60948854}" = OpenOffice.org 2.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2338DD13-9460-4EAA-96DD-2058688F7681}" = Belgacom Genius
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihr Notebook
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8C2D98B-B94F-4D10-A8CA-5D3FDF606CA1}" = DJBCP DVD RIP PACK
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC55BD24-C1A6-4397-8EA3-2F30E74BDA2B}" = CA eTrust Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 3.5
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FDE9FC7A-BF6D-4347-850D-05A16E6FEE17}" = Belgacom Genius
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_3055&SUBSYS_14F18001" = HSP56 Soft Modem
"Google Updater" = Google Updater
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"Lexikon der Geographie" = Lexikon der Geographie
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Bibliothek" = PC-Bibliothek
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"QuickTime" = QuickTime
"Shockwave" = Shockwave
"SLAMRNTV" = Smart Link 56K Voice Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"w810MmHk" = Arima LED Display Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.02.2011 17:19:33 | Computer Name = xxx | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 03.02.2011 18:25:17 | Computer Name = xxx | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 07.02.2011 15:29:46 | Computer Name = xxx | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 14.02.2011 08:58:45 | Computer Name = xxx | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 15.02.2011 07:06:17 | Computer Name = xxx | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 16.02.2011 13:57:52 | Computer Name = xxx | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 17.02.2011 11:52:23 | Computer Name = xxx | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 18.02.2011 07:05:51 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul lmpgspl.ax, Version 3.5.0.64, Fehleradresse 0x000117eb.
 
Error - 18.02.2011 10:05:24 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000372e3.
 
Error - 18.02.2011 10:05:49 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul lmpgspl.ax, Version 3.5.0.64, Fehleradresse 0x00003ad8.
 
[ System Events ]
Error - 17.02.2011 11:52:24 | Computer Name = xxx | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für die Microsoft .NET Framework 3.5 Service
 Pack 1- und .NET Framework 3.5-Produktfamilie für die .NET-Versionen 2.0 bis 3.5
 (KB951847) x86
 
Error - 18.02.2011 07:00:00 | Computer Name = xxx | Source = Schedule | ID = 7901
Description = Der Befehl "At13.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
 werden:   %%2147942402
 
Error - 18.02.2011 08:00:01 | Computer Name = xxx | Source = Schedule | ID = 7901
Description = Der Befehl "At14.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
 werden:   %%2147942402
 
Error - 18.02.2011 09:00:00 | Computer Name = xxx | Source = Schedule | ID = 7901
Description = Der Befehl "At15.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
 werden:   %%2147942402
 
Error - 18.02.2011 09:27:38 | Computer Name = xxx | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SPEEDPORT.IP",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{CB2D185E-F327-4-Transport zu
 sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 18.02.2011 10:00:01 | Computer Name = xxx | Source = Schedule | ID = 7901
Description = Der Befehl "At16.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
 werden:   %%2147942402
 
Error - 18.02.2011 10:09:05 | Computer Name = xxx | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 18.02.2011 10:09:23 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   IntelIde
 
Error - 18.02.2011 10:09:44 | Computer Name = xxx | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SPEEDPORT.IP",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{CB2D185E-F327-4-Transport zu
 sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 18.02.2011 11:00:00 | Computer Name = xxx | Source = Schedule | ID = 7901
Description = Der Befehl "At17.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
 werden:   %%2147942402
 
 
< End of report >

--- --- ---
--- --- ---

fuer die Muehe

markusg · 19.02.2011, 11:09

macht die gute onlinebanking, einkäufe oder sonst was wichtiges mit dem pc?

Geezus · 19.02.2011, 18:44

Jetzt von meinem Rechner.
Ja, tut sie. Ich hab ihr nach den Funden auch gesagt, dass sie die Passwörter wechseln soll.
Diesen Mist holt man sich doch sonst nicht so schnell, oder? Sie hat zumindest Antivir und Defender am Laufen. Und ist nicht als Admin reingegangen. Kein verlässlicher Schutz, ich weiß, aber immerhin. Da hatten wir schon andere Mitbewohner_Innen mit noch lässigeren Methoden.

markusg · 19.02.2011, 18:46

sie sollte den rechner neu aufsetzen, da wir nicht garantieren können das wir ihn sauber bekommen, das wäre nötig bei onlinebanking.
ich geb noch tipps was man weiterhin tun kann zur verbesserung der pc sicherheit.

19.02.2011, 18:46	#6
markusg /// Malware-holic	Backdoor- und Hijackfiles gefunden sie sollte den rechner neu aufsetzen, da wir nicht garantieren können das wir ihn sauber bekommen, das wäre nötig bei onlinebanking. ich geb noch tipps was man weiterhin tun kann zur verbesserung der pc sicherheit. __________________ --> Backdoor- und Hijackfiles gefunden

Backdoor- und Hijackfiles gefunden

Plagegeister aller Art und deren Bekämpfung: Backdoor- und Hijackfiles gefunden