WindowsRecovery hat mich auch erreicht.

Truckbull · 27.04.2011, 21:19

Das wie so oft beschriebene Problem. Hier das ein oder andere Log:

OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.04.2011 21:54:59 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Jukuhu\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
446,00 Mb Total Physical Memory | 176,00 Mb Available Physical Memory | 39,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 56,95 Gb Free Space | 76,42% Space Free | Partition Type: NTFS
 
Computer Name: MOFA032 | User Name: Jukuhu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.27 21:27:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\OTL.exe
PRC - [2011.03.31 02:44:58 | 001,324,008 | -H-- | M] (Iminent) -- C:\Programme\Iminent\IMBooster\IMBooster.exe
PRC - [2011.01.26 17:52:14 | 001,863,168 | -H-- | M] (Iminent) -- C:\Programme\Iminent\SearchTheWeb\Iminent.Notifier.exe
PRC - [2010.12.06 10:57:38 | 000,020,480 | -H-- | M] (MyFunCards) -- C:\Programme\MyFunCardsbarIE\bar\1.bin\c8brmon.exe
PRC - [2010.09.20 23:07:44 | 000,932,288 | RH-- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010.08.20 01:22:32 | 000,086,016 | -H-- | M] (alch) -- C:\Programme\ClamWin\bin\ClamTray.exe
PRC - [2008.08.25 09:00:52 | 001,340,712 | -H-- | M] (Lexware GmbH & Co. KG) -- C:\Programme\Gemeinsame Dateien\Lexware\LxWebAccess\LxWebAccess.exe
PRC - [2008.03.21 00:54:10 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.03 15:53:02 | 000,053,248 | -H-- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2006.07.27 15:06:46 | 000,122,880 | -H-- | M] () -- C:\Programme\Hotkey 1.0.4\FuncKey.exe
PRC - [2006.07.11 03:33:16 | 000,176,128 | -H-- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\S3Trayp.exe
PRC - [2003.06.20 01:25:00 | 000,322,120 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.27 21:27:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\OTL.exe
MOD - [2010.12.06 10:57:38 | 000,024,576 | -H-- | M] (MyFunCards) -- C:\Programme\MyFunCardsbarIE\bar\1.bin\c8brstub.dll
MOD - [2010.11.18 05:11:52 | 000,041,984 | -H-- | M] (Iminent) -- C:\Programme\Iminent\IMBooster\Iminent.WinCore.dll
MOD - [2008.03.21 00:51:48 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5508_x-ww_35d3ce4a\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.06 10:57:38 | 000,028,766 | -H-- | M] (MyFunCards) [Auto | Stopped] -- C:\Programme\MyFunCardsbarIE\bar\1.bin\c8barsvc.exe -- (MyFunCardsbarIEService)
SRV - [2003.07.28 14:28:22 | 000,089,136 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 01:25:00 | 000,322,120 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.01.19 20:31:56 | 000,277,544 | -H-- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2006.09.12 11:43:38 | 000,659,456 | -H-- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006.08.24 17:05:32 | 000,594,432 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006.03.23 02:27:10 | 000,488,992 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006.03.09 17:56:58 | 000,995,712 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.03.09 17:56:16 | 000,206,976 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.03.09 17:56:10 | 000,726,400 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.09.09 18:56:14 | 000,006,144 | -H-- | M] (hxxp://www.internals.com) [Kernel | System | Running] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
DRV - [2005.04.23 10:54:50 | 000,112,751 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004.08.03 23:29:52 | 000,166,912 | -H-- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-971675883-3410408121-3866004352-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-971675883-3410408121-3866004352-1008\..\URLSearchHook: {55b8f6ed-2800-4f27-974a-80ef13a91083} - C:\Programme\MyFunCardsbarIE\bar\1.bin\c8SrcAs.dll (MyFunCards)
IE - HKU\S-1-5-21-971675883-3410408121-3866004352-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.07 15:54:34 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Programme\MyWebSearch\bar\2.bin
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.09 14:28:53 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.04.13 14:24:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.13 14:24:20 | 000,000,000 | -H-D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com
[2011.03.18 19:56:37 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.10 02:21:02 | 000,002,157 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SearchTheWeb.xml
[2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Toolbar BHO) - {664a876f-a887-4016-abb7-423f1129d6ca} - C:\Programme\MyFunCardsbarIE\bar\1.bin\c8bar.dll (MyFunCards)
O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Programme\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Search Assistant BHO) - {a53d3e99-2d75-4752-a2b4-b2c727d7df8c} - C:\Programme\MyFunCardsbarIE\bar\1.bin\c8SrcAs.dll (MyFunCards)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (MyFunCards) - {4b3b7746-935c-48e9-95cd-a855419cdef0} - C:\Programme\MyFunCardsbarIE\bar\1.bin\c8bar.dll (MyFunCards)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-971675883-3410408121-3866004352-1008\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-971675883-3410408121-3866004352-1008\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ClamWin] C:\Programme\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [FuncKey] C:\Programme\Hotkey 1.0.4\FuncKey.exe ()
O4 - HKLM..\Run: [IMBooster] C:\Programme\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [Iminent.Notifier] C:\Programme\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MyFunCardsbarIE Browser Plugin Loader] C:\Programme\MyFunCardsbarIE\bar\1.bin\c8brmon.exe (MyFunCards)
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\RunServices: [OfficeXLSRVINTL] File not found
O4 - HKLM..\RunServices: [WficaCliente] File not found
O4 - HKLM..\RunServices: [WindowsWEXTRACT] File not found
O4 - Startup: C:\Dokumente und Einstellungen\Jukuhu\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-971675883-3410408121-3866004352-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241447694562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\fsc_back.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\fsc_back.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.30 21:58:39 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 21:54:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.04.27 21:54:07 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.27 21:54:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.04.27 21:27:12 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\Erunt-setup.exe
[2011.04.27 21:27:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\OTL.exe
[2011.04.27 21:27:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\TFC.exe
[2011.04.27 21:13:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\Malwarebytes
[2011.04.27 21:13:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.27 21:13:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.27 21:13:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.27 21:13:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.27 21:12:56 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\mbam-setup.exe
[2011.04.27 21:04:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\HiJackThis204.exe
[2011.04.27 21:03:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\Macromedia
[2011.04.27 20:54:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Recent
[2011.04.27 19:14:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\Adobe
[2011.04.27 19:14:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\vShare
[2011.04.27 19:14:19 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Jukuhu\PrivacIE
[2011.04.27 19:14:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\Toolbar4
[2011.04.27 19:14:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\HPAppData
[2011.04.27 18:28:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\Sun
[2011.04.27 18:25:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\SUPERAntiSpyware.com
[2011.04.27 18:22:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Lokale Einstellungen\Anwendungsdaten\Lexware
[2011.04.27 18:22:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\Lexware
[2011.04.27 18:22:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\.clamwin
[2011.04.27 18:22:11 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Jukuhu\IETldCache
[2011.04.27 18:22:01 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\Microsoft
[2011.04.27 18:22:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Startmenü\Programme\Zubehör
[2011.04.27 18:22:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Startmenü
[2011.04.27 18:22:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\SendTo
[2011.04.27 18:22:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Favoriten
[2011.04.27 18:22:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\Eigene Musik
[2011.04.27 18:22:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien
[2011.04.27 18:22:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\Eigene Bilder
[2011.04.27 18:22:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Startmenü\Programme\Autostart
[2011.04.27 18:22:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten
[2011.04.27 18:22:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Jukuhu\Cookies
[2011.04.27 18:22:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Vorlagen
[2011.04.27 18:22:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Netzwerkumgebung
[2011.04.27 18:22:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.04.27 18:22:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Lokale Einstellungen
[2011.04.27 18:22:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Anwendungsdaten\Identities
[2011.04.27 18:22:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Druckumgebung
[2011.04.27 18:22:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Desktop
[2011.04.27 18:22:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Jukuhu\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2011.04.27 18:19:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2011.04.27 18:19:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.27 18:10:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2011.04.27 18:10:44 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.04.26 22:54:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft
[2011.04.26 22:54:05 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2011.04.26 22:03:00 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011.04.26 21:26:36 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Seagate
[2011.04.26 21:26:25 | 000,000,000 | ---D | C] -- C:\Programme\Seagate
[2011.04.26 21:07:38 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2011.04.13 14:36:31 | 000,000,000 | -H-D | C] -- C:\output
[2011.04.13 14:25:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PhotoScape
[2011.04.13 14:25:46 | 000,000,000 | -H-D | C] -- C:\Programme\PhotoScape
[2011.04.13 14:23:50 | 000,000,000 | -H-D | C] -- C:\Program Files
[2011.04.13 14:23:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Iminent
[2011.04.13 14:23:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IMinent
[2011.04.13 14:23:44 | 000,000,000 | -H-D | C] -- C:\Programme\Iminent
[2011.04.13 14:23:08 | 000,000,000 | -H-D | C] -- C:\Programme\IMinent Toolbar
[2011.04.09 14:28:49 | 000,000,000 | -H-D | C] -- C:\Programme\Mozilla Firefox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 21:55:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{21ACF729-75DE-497F-AA47-414C01BB99CE}.job
[2011.04.27 21:55:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{76D4FA5B-5080-4CF9-9C10-FAF92AF3A453}.job
[2011.04.27 21:54:21 | 000,000,753 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2011.04.27 21:54:08 | 000,000,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\NTREGOPT.lnk
[2011.04.27 21:54:08 | 000,000,578 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\ERUNT.lnk
[2011.04.27 21:54:00 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 21:53:14 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.27 21:53:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.27 21:53:05 | 467,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 21:27:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\TFC.exe
[2011.04.27 21:27:25 | 000,301,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\g2m3e4r.exe
[2011.04.27 21:27:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\OTL.exe
[2011.04.27 21:27:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\Erunt-setup.exe
[2011.04.27 21:26:59 | 000,377,260 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\Load.exe
[2011.04.27 21:13:26 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.27 21:13:06 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\mbam-setup.exe
[2011.04.27 21:11:45 | 001,006,778 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\rkill.com
[2011.04.27 21:04:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\HiJackThis204.exe
[2011.04.27 20:56:30 | 000,000,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_205626.reg
[2011.04.27 20:54:53 | 000,005,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_205450.reg
[2011.04.27 20:04:23 | 000,000,474 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_200416.reg
[2011.04.27 20:04:00 | 000,001,742 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_200356.reg
[2011.04.27 18:24:54 | 000,000,246 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_182451.reg
[2011.04.27 18:24:37 | 000,000,994 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_182434.reg
[2011.04.27 18:24:20 | 000,033,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_182415.reg
[2011.04.27 18:19:18 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.04.27 18:10:49 | 000,001,648 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.04.26 22:54:10 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2011.04.26 22:32:16 | 000,002,313 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SeaTools for Windows.lnk
[2011.04.26 15:42:05 | 000,000,392 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19128116
[2011.04.26 15:40:52 | 000,000,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19128116r
[2011.04.26 15:40:52 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19128116
[2011.04.25 19:32:14 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.09 14:30:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\nsreg.dat
[2011.04.09 14:29:03 | 000,000,702 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.04.06 08:30:08 | 000,425,692 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.06 08:30:08 | 000,409,566 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.06 08:30:08 | 000,078,320 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.06 08:30:08 | 000,064,706 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 21:54:21 | 000,000,753 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2011.04.27 21:54:08 | 000,000,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\NTREGOPT.lnk
[2011.04.27 21:54:08 | 000,000,578 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\ERUNT.lnk
[2011.04.27 21:27:12 | 000,301,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\g2m3e4r.exe
[2011.04.27 21:25:39 | 000,377,260 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\Load.exe
[2011.04.27 21:13:26 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.27 21:11:42 | 001,006,778 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Desktop\rkill.com
[2011.04.27 20:56:29 | 000,000,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_205626.reg
[2011.04.27 20:54:52 | 000,005,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_205450.reg
[2011.04.27 20:04:18 | 000,000,474 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_200416.reg
[2011.04.27 20:03:58 | 000,001,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_200356.reg
[2011.04.27 18:24:53 | 000,000,246 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_182451.reg
[2011.04.27 18:24:36 | 000,000,994 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_182434.reg
[2011.04.27 18:24:18 | 000,033,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Eigene Dateien\cc_20110427_182415.reg
[2011.04.27 18:22:17 | 000,000,778 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Startmenü\Programme\Windows Media Player.lnk
[2011.04.27 18:22:02 | 000,001,599 | -H-- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Startmenü\Programme\Remoteunterstützung.lnk
[2011.04.27 18:22:02 | 000,000,789 | ---- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Startmenü\Programme\Internet Explorer.lnk
[2011.04.27 18:22:02 | 000,000,724 | -H-- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Startmenü\Programme\Outlook Express.lnk
[2011.04.27 18:22:02 | 000,000,146 | -H-- | C] () -- C:\Dokumente und Einstellungen\Jukuhu\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.04.27 18:19:17 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.04.27 18:10:49 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.04.26 22:54:10 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2011.04.26 21:26:38 | 000,002,313 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SeaTools for Windows.lnk
[2011.04.26 20:56:49 | 467,841,024 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.26 15:40:52 | 000,000,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19128116r
[2011.04.26 15:40:51 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19128116
[2011.04.26 15:40:00 | 000,000,392 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19128116
[2011.04.09 14:30:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2011.04.09 14:29:03 | 000,000,708 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2011.04.09 14:29:03 | 000,000,702 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.01.02 17:34:48 | 000,000,129 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
[2010.12.02 19:51:25 | 019,985,265 | -H-- | C] () -- C:\Programme\vlc-1.1.5-win32.exe
[2010.10.10 18:00:10 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.07 15:48:03 | 000,181,656 | -H-- | C] () -- C:\WINDOWS\hpoins44.dat
[2010.10.07 15:48:03 | 000,000,586 | -H-- | C] () -- C:\WINDOWS\hpomdl44.dat
[2010.10.07 14:54:42 | 000,181,801 | -H-- | C] () -- C:\WINDOWS\hpoins44.dat.temp
[2010.10.07 14:54:42 | 000,000,586 | -H-- | C] () -- C:\WINDOWS\hpomdl44.dat.temp
[2009.05.04 16:59:11 | 000,016,629 | -H-- | C] () -- C:\WINDOWS\LxFrame.ini
[2009.04.08 07:17:48 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll
[2009.02.02 20:11:40 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2009.02.02 20:10:14 | 000,303,104 | -H-- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2009.02.02 20:08:36 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2009.02.02 20:08:22 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2007.09.22 11:50:39 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2007.09.22 11:43:57 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\CD_Start.INI
[2007.08.25 09:21:16 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007.08.25 09:20:24 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007.08.25 09:20:22 | 002,702,848 | -H-- | C] () -- C:\WINDOWS\System32\s3gcil_inv.dll
[2006.01.30 22:20:28 | 000,000,849 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.30 22:02:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.01.30 21:55:20 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.01.30 21:49:20 | 000,004,359 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.01.30 21:48:22 | 000,275,760 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.01.30 21:41:40 | 000,001,052 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.01.30 21:41:23 | 000,425,692 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.01.30 21:41:23 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.01.30 21:41:23 | 000,078,320 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.01.30 21:41:23 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.01.30 21:41:04 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.01.30 21:41:01 | 000,409,566 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.01.30 21:41:01 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.01.30 21:41:01 | 000,064,706 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.01.30 21:41:01 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.01.30 21:40:59 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.01.30 21:40:59 | 000,004,711 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.01.30 21:40:56 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.01.30 21:40:48 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.01.30 21:40:48 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.01.30 21:40:39 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.01.30 21:40:29 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.02.20 15:53:42 | 000,005,702 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.12.12 13:41:36 | 000,041,472 | -H-- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2001.12.12 13:41:36 | 000,025,088 | -H-- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
 
< End of report >

--- --- ---

MBAM:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6459

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.04.2011 21:50:44
mbam-log-2011-04-27 (21-50-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 258789
Laufzeit: 35 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 27
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 62

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\karl der käfer\startmenü\programme\antivirus antispyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\anwendungsdaten\antivirus antispyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\dokumente und einstellungen\karl der käfer\lokale einstellungen\Temp\m.246.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP165\A0026892.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028492.exe (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028493.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028494.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028543.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028561.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028537.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028538.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028539.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028540.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028542.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028544.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028545.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028546.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028547.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028548.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028549.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028550.SCR (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028551.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028552.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028553.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028554.EXE (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028555.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028556.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028557.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028558.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028559.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028560.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028562.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028563.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028564.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028565.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028566.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028567.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028568.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028569.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028570.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028572.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028573.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028574.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028575.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028576.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028577.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028578.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1a80b0dd-d8fe-425e-adb0-a6c330120b05}\RP183\A0028586.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\dokumente und einstellungen\karl der käfer\startmenü\programme\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\startmenü\programme\antivirus antispyware 2011\help antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\startmenü\programme\antivirus antispyware 2011\activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\startmenü\programme\antivirus antispyware 2011\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\startmenü\programme\antivirus antispyware 2011\how to activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\Desktop\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\anwendungsdaten\microsoft\internet explorer\quick launch\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\lokale einstellungen\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\lokale einstellungen\Temp\w32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\lokale einstellungen\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\lokale einstellungen\Temp\dffuck.exe (Malware.Trace) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\anwendungsdaten\antivirus antispyware 2011\icoactivate.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\anwendungsdaten\antivirus antispyware 2011\IcoHelp.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\karl der käfer\anwendungsdaten\antivirus antispyware 2011\icouninstall.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Wie soll ich nun weiter vorgehen?

Vielen Dank schonmal für die Hilfe.

Gruß Trucki

WindowsRecovery hat mich auch erreicht.

Log-Analyse und Auswertung: WindowsRecovery hat mich auch erreicht.

WindowsRecovery hat mich auch erreicht.

Ähnliche Themen: WindowsRecovery hat mich auch erreicht.