Trojaner-Board - Sparkasse Allgäu - Trojaner, bin leider auch betroffen

Hallo Markusg,

vielen Dank für deine Antwort.
Ich habe den OTL Quickscan durchgeführt aber nur eine Datei OTL.txt erhalten.
Inhalt siehe unten.
Ist das der Ort wo ich den Inhalt hinkopieren sollte?

Viele Grüße
PetraOTL Logfile:

Code:

OTL logfile created on: 16.12.2011 12:51:54 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

1014,11 Mb Total Physical Memory | 526,43 Mb Available Physical Memory | 51,91% Memory free

2,39 Gb Paging File | 1,98 Gb Available in Paging File | 83,02% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 92,91 Gb Total Space | 27,78 Gb Free Space | 29,90% Space Free | Partition Type: NTFS

 

Computer Name: TOSHIBA-USER | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\update.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()

PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\All Users\Application Data\Web.de Firefox\adminsvcff.exe (hablamax)

PRC - C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)

PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()

PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Program Files\Avira\AntiVir Desktop\scewxmlw.dll ()

MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll ()

MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()

MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()

MOD - C:\WINDOWS\system32\sbe.dll ()

MOD - C:\WINDOWS\system32\quartz.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()

MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()

MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)

SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)

SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()

SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()

SRV - (AdminSVCff) -- C:\Documents and Settings\All Users\Application Data\Web.de Firefox\adminsvcff.exe (hablamax)

SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)

DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)

DRV - (hotcore3) -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys (Paragon Software Group)

DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)

DRV - (ivusb) -- C:\WINDOWS\system32\drivers\ivusb.sys (Initio Corporation)

DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (SMCB000) -- C:\WINDOWS\system32\drivers\HIDSMSC.SYS (SMSC)

DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)

DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)

DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)

DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)

DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)

DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)

DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)

DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)

DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()

DRV - (BoiHwsetup) -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys (Quanta Computer Corp)

DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)

DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)

DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5

FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8

FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1

FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Garmin\Garmin GPS Plugin\npGarmin.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 21:09:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.12 10:35:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.25 20:35:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.12 10:35:04 | 000,000,000 | ---D | M]

 

[2010.11.29 17:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2010.11.29 17:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2008.08.19 15:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\songbird@songbirdnest.com

[2011.12.14 22:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\knvidwvg.default\extensions

[2011.08.19 17:19:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\knvidwvg.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2010.07.14 19:06:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\knvidwvg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.12.08 22:30:19 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\knvidwvg.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}

[2011.01.11 19:24:35 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\knvidwvg.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

[2010.12.19 21:21:41 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\knvidwvg.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2010.10.01 12:45:19 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\knvidwvg.default\extensions\en-US@dictionaries.addons.mozilla.org

[2011.12.14 22:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\knvidwvg.default\extensions\staged

[2011.12.10 13:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KNVIDWVG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KNVIDWVG.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI

[2011.12.10 13:50:19 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2010.10.28 18:39:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011.11.10 21:09:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2006.01.18 18:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

[2011.10.12 20:31:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.12 20:31:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.10.12 20:31:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.12 20:31:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.12 20:31:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.12 20:31:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)

O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)

O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.03.02 22:28:47 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{70e545a3-0a1f-11de-9f38-0013021c0459}\Shell - "" = AutoRun

O33 - MountPoints2\{70e545a3-0a1f-11de-9f38-0013021c0459}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{70e545a3-0a1f-11de-9f38-0013021c0459}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.16 07:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\mail2011

[2011.12.15 21:56:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011.12.15 21:52:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2011.12.11 21:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\StreetGlide

[2011.12.10 13:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Search Settings

[2011.12.10 13:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2011.12.10 13:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2011.12.10 13:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities

[2011.12.10 13:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Orok

[2011.12.10 13:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Baoh

[2011.12.03 18:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Stefan50

[2011.11.21 21:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

[2007.01.08 14:31:32 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll

[2007.01.08 14:31:32 | 000,159,744 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\Setup.exe

[2007.01.08 14:31:31 | 000,126,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\epic_eula.dll

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.16 12:50:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.12.16 12:49:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.12.16 12:49:10 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.16 07:44:05 | 000,230,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.12.15 22:42:09 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.12.15 21:56:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011.12.14 21:41:44 | 000,083,906 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Stefan50.jpg

[2011.12.14 21:35:50 | 000,623,459 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\XMas2011.jpg

[2011.12.12 22:02:32 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to POWERPNT.lnk

[2011.12.12 22:02:29 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to EXCEL.lnk

[2011.12.12 22:02:25 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk

[2011.12.03 14:17:29 | 000,080,066 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Beipack.pdf

[2011.11.29 19:24:25 | 000,024,697 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2-Fortbildung_Ski_alpin_Stubai 2012.pdf

[2011.11.29 19:24:17 | 000,085,790 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Anmeldung  Fortbildung 2_ 2012.pdf

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.15 22:38:24 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2011.12.14 21:41:39 | 000,083,906 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Stefan50.jpg

[2011.12.14 21:35:49 | 000,623,459 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\XMas2011.jpg

[2011.12.12 22:02:32 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to POWERPNT.lnk

[2011.12.12 22:02:29 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to EXCEL.lnk

[2011.12.12 22:02:25 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk

[2011.12.03 14:17:27 | 000,080,066 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Beipack.pdf

[2011.11.29 19:24:25 | 000,024,697 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2-Fortbildung_Ski_alpin_Stubai 2012.pdf

[2011.11.29 19:24:16 | 000,085,790 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Anmeldung  Fortbildung 2_ 2012.pdf

[2011.11.21 21:35:52 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk

[2011.07.23 10:52:16 | 000,365,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011.07.22 09:59:11 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\srctrl.dll

[2011.07.07 20:55:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.03.29 16:30:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011.02.16 18:53:30 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ4809N.DAT

[2010.11.22 21:52:50 | 000,614,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1742102996-484615067-505008630-1005-0.dat

[2010.11.22 21:52:49 | 000,216,782 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2010.06.29 19:45:41 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\WebpageIcons.db

[2009.12.31 14:06:07 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI

[2009.10.27 22:46:01 | 000,189,771 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mdbu.bin

[2009.02.07 19:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009.01.13 20:24:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009.01.05 21:53:18 | 000,028,484 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2007.07.10 17:56:59 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini

[2007.06.22 13:26:03 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007.02.26 14:11:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2007.01.08 14:31:31 | 002,723,276 | ---- | C] () -- C:\Program Files\Photoshop New Features.pdf

[2007.01.08 14:31:31 | 000,748,937 | ---- | C] () -- C:\Program Files\Creative Suite Brochure.pdf

[2007.01.08 14:31:31 | 000,157,035 | ---- | C] () -- C:\Program Files\LegalNotices.pdf

[2007.01.08 14:31:31 | 000,142,049 | ---- | C] () -- C:\Program Files\Photoshop At A Glance.pdf

[2007.01.08 14:31:31 | 000,013,842 | ---- | C] () -- C:\Program Files\Activation Read Me.html

[2007.01.08 14:31:31 | 000,012,793 | ---- | C] () -- C:\Program Files\How To Install.html

[2007.01.08 14:31:31 | 000,000,049 | ---- | C] () -- C:\Program Files\AUTORUN.INF

[2006.11.22 17:35:25 | 000,004,848 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006.11.03 03:45:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI

[2006.10.31 03:14:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006.10.19 20:09:42 | 000,108,330 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat

[2006.10.02 23:00:24 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI

[2006.10.02 22:54:42 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS

[2006.10.02 22:42:53 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini

[2006.10.02 22:39:28 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys

[2006.10.02 22:39:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys

[2006.09.30 03:21:57 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2006.09.30 03:17:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe

[2006.09.30 03:16:37 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

[2006.09.29 20:18:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2006.09.29 19:57:18 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html

[2006.09.29 15:44:08 | 000,008,631 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2006.09.03 17:42:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

[2006.07.21 13:50:52 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2006.03.03 20:11:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006.03.03 01:01:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2006.03.03 00:54:29 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006.03.03 00:51:49 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2006.03.03 00:51:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2006.03.03 00:51:49 | 000,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2006.03.03 00:51:49 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2006.03.03 00:48:13 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006.03.03 00:44:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2006.03.03 00:44:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2006.03.03 00:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2006.03.03 00:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2006.03.03 00:44:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2006.03.03 00:44:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2006.03.03 00:05:27 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini

[2006.03.03 00:05:27 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini

[2006.03.03 00:03:00 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE

[2006.03.02 23:42:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2006.03.02 22:35:12 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006.03.02 22:31:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006.03.02 22:25:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006.03.02 19:45:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006.03.02 19:39:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.03.02 19:39:02 | 000,486,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006.03.02 19:39:02 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006.03.02 19:39:02 | 000,082,604 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006.03.02 19:39:02 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006.03.02 19:38:58 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006.03.02 19:38:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006.03.02 19:38:51 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006.03.02 19:38:37 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006.03.02 19:38:36 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006.03.02 19:38:07 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006.03.02 19:37:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006.03.02 14:19:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006.03.02 14:18:39 | 000,230,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2006.01.26 19:03:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll

[2005.12.08 20:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll

[2005.09.02 23:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005.08.25 00:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys

[2005.08.05 23:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2005.06.11 19:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll

[2004.07.21 02:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004.01.15 23:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[1999.01.27 21:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1998.06.14 03:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[1997.06.13 15:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2011.08.04 14:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\backup

[2011.02.13 19:12:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011.02.12 17:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ(2)

[2011.02.16 19:00:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2011.02.16 18:57:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2011.02.16 18:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt

[2011.07.23 17:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz

[2011.08.04 14:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher

[2011.08.19 22:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN

[2011.08.04 14:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher

[2011.11.03 20:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster

[2007.11.06 19:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\T-DSL Manager

[2011.11.21 18:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tmp

[2011.07.24 12:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2006.12.04 13:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Web.de Firefox

[2011.07.23 17:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital

[2011.07.24 12:07:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2010.04.06 18:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009.06.01 10:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010.09.03 06:03:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8E212437-9209-46CA-A594-44A34F0B76C8}

[2010.11.07 12:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AquaSoft

[2011.12.14 22:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Baoh

[2007.07.17 14:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Barbecue

[2007.07.31 16:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BonkEnc

[2011.03.03 20:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon

[2010.05.04 17:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CD-LabelPrint

[2007.07.18 13:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DiashowManager

[2011.02.02 18:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics

[2006.09.30 03:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FotoWire

[2011.08.19 22:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN

[2010.12.31 18:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HERMA

[2010.09.26 17:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IN-MEDIAKG

[2006.03.03 19:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo

[2007.06.25 16:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2008.05.23 15:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\map&guide

[2010.09.26 17:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mresreg

[2010.11.12 17:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera

[2011.12.10 13:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orok

[2011.03.29 17:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdfforge

[2006.09.29 22:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Protector Suite

[2011.12.10 13:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Search Settings

[2006.12.04 13:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish

[2007.07.31 16:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softplicity

[2007.11.06 19:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\T-DSL Manager

[2007.01.18 15:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TextPad

[2010.11.29 17:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird

[2006.03.03 01:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba

[2011.07.24 12:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\Program Files\AUTORUN.INF:SummaryInformation
 

< End of report >

--- --- ---

Sorry, da hab ich mich wohl etwas dämlich angestellt.

Hier der Scan:Combofix Logfile:

Code:

ComboFix 11-12-16.01 - Owner 16.12.2011  14:22:25.1.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.1014.654 [GMT 1:00]

ausgef¸hrt von:: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition Premium *Enabled/Updated* {00000000-0000-0000-0000-000000000000}

AV: Avira AntiVir PersonalEdition Premium *Enabled/Updated* {804E5358-FFA4-00DA-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Premium *Enabled/Updated* {804E5358-FFA4-00EB-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Premium *Enabled/Updated* {804E5358-FFA4-00FC-0D24-347CA8A3377C}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\DFR7C.tmp

c:\documents and settings\Owner\Application Data\Orok

c:\documents and settings\Owner\Application Data\Orok\izpaag.exe

c:\program files\autorun.inf

c:\program files\Setup.exe

c:\windows\bwUnin-6.1.4.68-8876480L.exe

c:\windows\kb913800.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-16 bis 2011-12-16  ))))))))))))))))))))))))))))))

.

.

2011-12-10 12:50 . 2011-12-10 12:50        --------        d-----w-        c:\documents and settings\Owner\Application Data\Search Settings

2011-12-10 12:50 . 2011-12-10 12:50        --------        d-----w-        c:\program files\Application Updater

2011-12-10 12:50 . 2011-12-10 12:50        --------        d-----w-        c:\program files\pdfforge Toolbar

2011-12-10 12:43 . 2011-12-10 12:43        --------        d-----w-        c:\documents and settings\Owner\Local Settings\Application Data\Identities

2011-12-10 12:42 . 2011-12-14 21:01        --------        d-----w-        c:\documents and settings\Owner\Application Data\Baoh

2011-11-21 20:35 . 2011-11-21 20:35        --------        d-----w-        c:\program files\Safari

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 13:25 . 2006-03-02 18:39        1859584        ----a-w-        c:\windows\system32\win32k.sys

2011-11-04 19:20 . 2006-03-02 18:39        916992        ----a-w-        c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2006-03-02 18:38        43520        ------w-        c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2006-03-02 18:38        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2006-03-02 18:38        385024        ------w-        c:\windows\system32\html.iec

2011-11-01 16:07 . 2006-03-02 18:38        1288704        ----a-w-        c:\windows\system32\ole32.dll

2011-10-28 12:56 . 2011-06-04 18:22        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-28 05:31 . 2006-03-02 18:37        33280        ----a-w-        c:\windows\system32\csrsrv.dll

2011-10-25 13:33 . 2006-03-02 18:38        2192768        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-03 22:59        2069376        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-10-14 16:38 . 2006-03-02 18:38        456192        ----a-w-        c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2006-03-02 21:26        692736        ----a-w-        c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2006-03-02 18:37        599040        ----a-w-        c:\windows\system32\crypt32.dll

2011-09-26 09:41 . 2008-07-29 18:59        611328        ----a-w-        c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2006-03-02 18:38        220160        ----a-w-        c:\windows\system32\oleacc.dll

2011-09-26 09:41 . 2006-03-02 18:38        20480        ----a-w-        c:\windows\system32\oleaccrc.dll

2004-08-11 06:09 . 2007-01-08 13:31        126976        ------w-        c:\program files\epic_eula.dll

2003-04-21 10:39 . 2007-01-08 13:31        245408        ------w-        c:\program files\unicows.dll

2011-11-10 20:09 . 2011-05-09 13:48        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]

"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-02-20 1589248]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-11-15 896352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-12-22 04:42        40448        ------w-        c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages        REG_MULTI_SZ           scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-04 01:50        1603152        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-05-15 01:01        644696        ----a-w-        c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]

2010-04-02 09:18        1185112        ----a-w-        c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-10-09 16:06        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-06-08 21:44        196608        ------w-        c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-06-08 22:24        458752        ------w-        c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 22:14        217088        ------w-        c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 17:50        155648        ------w-        c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2005-04-27 00:13        122880        ------w-        c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-29 02:44        68856        ------w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-12-17 00:32        761945        ------w-        c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"BrowserChoice"="c:\windows\system32\browserchoice.exe" /run

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Pinger"=c:\toshiba\ivp\ism\pinger.exe /run

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" /startup

"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"NDSTray.exe"=NDSTray.exe

"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Documents and Settings\\All Users\\Application Data\\Web.de Firefox\\web_de_Update.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Zattoo\\Zattoo2.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [04.08.2011 14:35 57112]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [15.11.2011 14:22 746392]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [22.12.2005 05:55 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [22.12.2005 05:55 33024]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [22.12.2005 05:25 3456]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [16.09.2011 15:48 1526080]

R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [09.03.2011 10:18 1060864]

R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [09.03.2011 10:16 484352]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [06.06.2011 15:03 10064]

S2 AdminSVCff;WEB.DE Firefox Update;c:\documents and settings\All Users\Application Data\Web.de Firefox\adminsvcff.exe [25.10.2006 16:43 180224]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [28.07.2010 23:25 25112]

S3 TSMPacket;T-DSL Manager Service;c:\windows\system32\DRIVERS\tsmpkt.sys --> c:\windows\system32\DRIVERS\tsmpkt.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [23.07.2011 09:48 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]

S4 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [15.01.2007 21:11 73728]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2011-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

.

------- Zus‰tzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\knvidwvg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -

.

MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-12-16 14:27

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteintr‰ge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1742102996-484615067-505008630-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1040)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\program files\Protector Suite QL\crypto.dll

.

- - - - - - - > 'lsass.exe'(1160)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

.

Zeit der Fertigstellung: 2011-12-16  14:30:31

ComboFix-quarantined-files.txt  2011-12-16 13:30

.

Vor Suchlauf: 29.896.105.984 bytes free

Nach Suchlauf: 29.914.525.696 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - C1EBA20688341092AE0C8DDE732B217A

--- --- ---