Trojaner-Board - TR/ATRAPS.Gen2

Mh bei mir öffnet sich nur OTL.txt, da kam das hier raus:OTL Logfile:

Code:

OTL logfile created on: 03.08.2012 12:32:25 - Run 2

OTL by OldTimer - Version 3.2.55.0     Folder = D:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1023,48 Mb Total Physical Memory | 507,42 Mb Available Physical Memory | 49,58% Memory free

1,65 Gb Paging File | 1,18 Gb Available in Paging File | 71,64% Paging File free

Paging file location(s): D:\pagefile.sys 768 2048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 13,98 Gb Total Space | 3,48 Gb Free Space | 24,88% Space Free | Partition Type: NTFS

Drive D: | 97,81 Gb Total Space | 10,49 Gb Free Space | 10,72% Space Free | Partition Type: NTFS

Drive G: | 3,66 Gb Total Space | 0,25 Gb Free Space | 6,82% Space Free | Partition Type: FAT32

Drive I: | 7,39 Gb Total Space | 0,20 Gb Free Space | 2,65% Space Free | Partition Type: FAT32

 

Computer Name: NALA | User Name: nicole | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - D:\Programme\aMSN\bin\wish.exe (ActiveState Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - D:\Programme\Rainlendar2\Rainlendar2.exe ()

PRC - C:\WINDOWS\system32\WTClient.exe (Tablet Driver)

PRC - C:\WINDOWS\system32\drivers\WTSrv.exe (Tablet Driver)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\dnet\dnetc.exe (Distributed Computing Technologies, Inc.)

PRC - C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe ()

PRC - C:\Programme\22M WLAN\WLANMON.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - D:\Programme\aMSN\scripts\utils\asyncresolver\libasyncresolver.dll ()

MOD - D:\Programme\aMSN\scripts\utils\TkCximage\TkCximage.dll ()

MOD - D:\Programme\aMSN\scripts\utils\windows\winico0.6\Winico06.dll ()

MOD - D:\Programme\aMSN\scripts\utils\windows\snack2.2\libsnack.dll ()

MOD - C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe ()

MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

MOD - D:\Programme\aMSN\lib\tcl8.5\reg1.2\tclreg12.dll ()

MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()

MOD - D:\Programme\Rainlendar2\Rainlendar2.exe ()

MOD - C:\WINDOWS\system32\WinTab32.dll ()

MOD - D:\Programme\Rainlendar2\lfs.dll ()

MOD - D:\Programme\Rainlendar2\lua51.dll ()

MOD - D:\Programme\aMSN\lib\tls\tls16.dll ()

MOD - C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe ()

MOD - C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.dll ()

MOD - C:\Programme\22M WLAN\WLANMON.exe ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (s217obex) -- %systemroot%\system32\sprtsvc_ddoctorv2.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (WinTabService) -- C:\WINDOWS\system32\drivers\WTSrv.exe (Tablet Driver)

SRV - (dnetc) -- C:\Programme\dnet\dnetc.exe (Distributed Computing Technologies, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (w32n5223) -- C:\PROGRA~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS File not found

DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found

DRV - (tcbrb) -- System32\drivers\breb.sys File not found

DRV - (Tablet2k) -- C:\WINDOWS\System32\Drivers\Tablet2k.sys File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (gqjeft) -- System32\drivers\iipsmqjp.sys File not found

DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found

DRV - (DT154_A02) -- system32\DRIVERS\TS154USB.sys File not found

DRV - (Changer) --  File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (fwlanusb4) -- C:\WINDOWS\system32\drivers\fwlanusb4.sys (AVM GmbH)

DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)

DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (UCTblHid) -- C:\WINDOWS\system32\drivers\UCTblHid.sys (Tablet Driver)

DRV - (TClass2k) -- C:\WINDOWS\system32\drivers\TClass2k.sys (Tablet Driver)

DRV - (UDTTCAP) -- C:\WINDOWS\system32\drivers\UDTTCAP.sys (Twinhan Electronics Inc.)

DRV - (SlowDownCPU) -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS (Your Corporation)

DRV - (RushTopDevice) -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys (Your Corporation)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (VIAudio) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (TIACXLN) -- C:\WINDOWS\system32\drivers\TIACXLN.sys ( )

DRV - (UDTTLOAD) -- C:\WINDOWS\system32\drivers\UDTTload.sys (TwinHan Technology)

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"

FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0

FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.2.5.2

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {3160baf9-cf68-48ec-9076-faed7ce49467}:3.2.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:0.8

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="

FF - prefs.js..network.proxy.http: "173.212.195.88"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.28 00:12:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 21:02:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.19 21:16:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012.05.17 22:47:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2012.05.17 22:47:50 | 000,000,000 | ---D | M]

 

[2010.05.05 19:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Extensions

[2010.05.05 19:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.08.02 20:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions

[2012.07.09 14:49:08 | 000,000,000 | ---D | M] (dict.cc Community Toolbar) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}

[2012.07.15 18:10:06 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}

[2012.05.18 13:38:33 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.03.14 18:42:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.07.20 11:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\elemhidehelper@adblockplus.org

[2012.07.20 11:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\finder@meingutscheincode.de

[2012.05.18 13:38:32 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\ich@maltegoetz.de

[2012.03.14 16:59:24 | 000,001,878 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\aolsearch-1.xml

[2012.03.14 18:43:08 | 000,001,878 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\aolsearch-2.xml

[2007.12.23 22:42:28 | 000,001,878 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\aolsearch.xml

[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\conduit.xml

[2011.01.04 22:09:20 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\winamp-search.xml

[2012.03.14 17:45:17 | 000,002,112 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\wot-safe-search.xml

[2012.03.14 16:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.12.13 22:22:55 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

[2009.12.13 22:22:56 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com

[2012.03.14 17:36:31 | 000,047,822 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\NICOLE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\FWYZZN3G.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI

[2012.07.27 09:47:53 | 000,184,864 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\NICOLE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\FWYZZN3G.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI

[2012.06.14 21:02:36 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.14 16:40:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.14 21:02:31 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.14 21:02:31 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.06.14 21:02:31 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.14 21:02:31 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.14 21:02:31 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.14 21:02:31 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.03.07 18:40:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SlowDownCPU] C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)

O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()

O4 - HKCU..\Run: [Spotify] C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKCU..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\22M WLAN-Adapter-Utility.lnk = C:\Programme\22M WLAN\WLANMON.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260807923546 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1928064-4BC3-403B-B0C6-E890BC6D5597}: DhcpNameServer = 195.202.32.79 195.202.33.68

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7A850DA-9CD9-48A1-9B9F-2DA3F69965A1}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.10.13 19:36:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012.03.05 20:15:07 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2003.07.25 14:42:26 | 000,491,520 | ---- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ NTFS ]

O32 - AutoRun File - [2012.03.05 20:15:07 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.02 23:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.08.02 23:32:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.08.02 23:32:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.07.31 15:32:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun

[2012.07.31 15:32:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2012.07.30 23:40:06 | 000,000,000 | ---D | C] -- C:\Programme\aMSN0.98.4

[2012.07.30 15:16:43 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll

[2012.07.30 15:16:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll

[2012.07.30 15:16:42 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll

[2012.07.30 15:16:41 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll

[2012.07.30 15:16:41 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll

[2012.07.30 15:16:40 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll

[2012.07.30 15:16:39 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll

[2012.07.30 15:16:39 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll

[2012.07.30 15:16:38 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2012.07.30 15:16:38 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2012.07.30 15:16:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2012.07.30 15:16:37 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2012.07.30 15:14:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Startmenü\Programme\Daedalic Entertainment

[2012.07.30 15:08:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Eigene Dateien\Telltale Games

[2012.07.26 15:53:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FRITZ!WLAN

[2012.07.26 15:53:07 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick

[2012.07.26 15:53:02 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys

[2012.07.26 15:52:51 | 000,078,336 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwlan4ci.dll

[2012.07.26 15:52:50 | 000,926,080 | R--- | C] (AVM GmbH) -- C:\WINDOWS\System32\drivers\fwlanusb4.sys

[2012.07.20 21:56:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Eigene Dateien\Jack Keane

[2012.07.20 19:20:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Startmenü\Programme\10TACLE STUDIOS

[2012.07.20 11:06:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Dealio

[2012.07.19 21:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\aMSN

[2012.07.19 21:47:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\nicole\Recent

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.03 12:33:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.08.03 10:49:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1935655697-725345543-1004.job

[2012.08.03 10:48:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.08.03 02:33:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.08.03 02:33:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.08.03 02:27:17 | 000,000,558 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Tomaten im Alltag.rtf

[2012.08.03 02:24:16 | 000,001,424 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Licht aus um halb sieben.rtf

[2012.08.03 00:23:35 | 000,014,803 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\019.jpg

[2012.08.02 23:32:50 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.08.02 22:45:35 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.08.02 20:57:03 | 000,001,874 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\MERKIMERK.rtf

[2012.08.02 20:08:32 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1935655697-725345543-1004.job

[2012.08.02 14:10:36 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.08.01 22:36:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.08.01 18:08:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.07.31 13:39:20 | 000,000,302 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\ROCKETHUB.rtf

[2012.07.31 01:48:55 | 001,123,400 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Avengerwholock.jpg

[2012.07.30 15:14:04 | 000,000,982 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Tales of Monkey Island.lnk

[2012.07.26 15:54:02 | 000,517,210 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.07.26 15:54:02 | 000,494,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.07.26 15:54:02 | 000,101,434 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.07.26 15:54:02 | 000,084,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.07.22 17:45:45 | 000,000,069 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\default.pls

[2012.07.20 19:20:11 | 000,000,981 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Jack Keane spielen.lnk

[2012.07.20 18:05:41 | 000,162,816 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.07.12 10:58:43 | 000,136,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.07.12 01:35:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.07.09 15:56:17 | 000,016,535 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Eigene Dateien\44616-13EAC045B075296C87D622234F83F6E9.pdf

[2012.07.05 23:51:33 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

 
 ========== Files Created - No Company Name ==========

 

[2012.08.03 02:27:16 | 000,000,558 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Tomaten im Alltag.rtf

[2012.08.03 02:20:37 | 000,001,424 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Licht aus um halb sieben.rtf

[2012.08.03 00:23:48 | 000,014,803 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\019.jpg

[2012.08.03 00:19:42 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\80000000.@

[2012.08.03 00:19:42 | 000,001,712 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\00000001.@

[2012.08.02 23:32:50 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.31 13:36:32 | 000,000,302 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\ROCKETHUB.rtf

[2012.07.31 13:22:49 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\80000000.@

[2012.07.31 13:22:40 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\00000001.@

[2012.07.31 01:48:54 | 001,123,400 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Avengerwholock.jpg

[2012.07.30 15:14:04 | 000,000,982 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Tales of Monkey Island.lnk

[2012.07.26 15:53:11 | 000,013,189 | R--- | C] () -- C:\WINDOWS\instwcli.inf

[2012.07.26 15:52:50 | 000,049,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\fwlanusb4.bin

[2012.07.20 19:20:11 | 000,000,981 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Jack Keane spielen.lnk

[2012.07.09 15:56:17 | 000,016,535 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Eigene Dateien\44616-13EAC045B075296C87D622234F83F6E9.pdf

[2012.05.31 14:39:30 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2012.05.30 23:32:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2012.05.09 15:46:12 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2012.02.29 22:27:32 | 000,036,280 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\GamingC.mac

[2011.12.03 20:57:05 | 000,132,111 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp

[2011.12.03 20:57:05 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp

[2011.10.10 22:23:01 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2011.08.10 19:52:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[2011.08.05 22:14:43 | 000,000,091 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\verkleinerer.set

[2011.05.31 00:22:52 | 000,010,486 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\.recently-used.xbel

[2011.05.22 11:28:21 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2011.05.19 12:43:10 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2011.05.19 12:43:09 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010.12.26 21:05:40 | 000,001,556 | ---- | C] () -- C:\WINDOWS\7thlevel.ini

[2010.12.26 16:18:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010.12.24 14:12:47 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.12.24 14:12:47 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010.03.13 19:05:44 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2009.12.16 10:12:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt

[2009.12.13 23:42:24 | 000,000,069 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\default.pls

[2005.10.14 00:11:12 | 000,162,816 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2003.04.02 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\@

[2003.04.02 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\@
 

< End of report >

--- --- ---

Oke, also das erste von OTL ist das hier:OTL Logfile:

Code:

OTL logfile created on: 04.08.2012 14:17:33 - Run 3

OTL by OldTimer - Version 3.2.55.0     Folder = D:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1023,48 Mb Total Physical Memory | 838,44 Mb Available Physical Memory | 81,92% Memory free

1,65 Gb Paging File | 1,60 Gb Available in Paging File | 96,79% Paging File free

Paging file location(s): D:\pagefile.sys 768 2048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 13,98 Gb Total Space | 3,58 Gb Free Space | 25,62% Space Free | Partition Type: NTFS

Drive D: | 97,81 Gb Total Space | 10,50 Gb Free Space | 10,73% Space Free | Partition Type: NTFS

 

Computer Name: NALA | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (s217obex) -- %systemroot%\system32\sprtsvc_ddoctorv2.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (WinTabService) -- C:\WINDOWS\system32\drivers\WTSrv.exe (Tablet Driver)

SRV - (dnetc) -- C:\Programme\dnet\dnetc.exe (Distributed Computing Technologies, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (w32n5223) -- C:\PROGRA~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS File not found

DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found

DRV - (tcbrb) -- System32\drivers\breb.sys File not found

DRV - (Tablet2k) -- C:\WINDOWS\System32\Drivers\Tablet2k.sys File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (lbrtfdc) --  File not found

DRV - (i2omgmt) --  File not found

DRV - (gqjeft) -- System32\drivers\iipsmqjp.sys File not found

DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found

DRV - (DT154_A02) -- system32\DRIVERS\TS154USB.sys File not found

DRV - (Changer) --  File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (fwlanusb4) -- C:\WINDOWS\system32\drivers\fwlanusb4.sys (AVM GmbH)

DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)

DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (UCTblHid) -- C:\WINDOWS\system32\drivers\UCTblHid.sys (Tablet Driver)

DRV - (TClass2k) -- C:\WINDOWS\system32\drivers\TClass2k.sys (Tablet Driver)

DRV - (UDTTCAP) -- C:\WINDOWS\system32\drivers\UDTTCAP.sys (Twinhan Electronics Inc.)

DRV - (SlowDownCPU) -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS (Your Corporation)

DRV - (RushTopDevice) -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys (Your Corporation)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (VIAudio) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (TIACXLN) -- C:\WINDOWS\system32\drivers\TIACXLN.sys ( )

DRV - (UDTTLOAD) -- C:\WINDOWS\system32\drivers\UDTTload.sys (TwinHan Technology)

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.28 00:12:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 21:02:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.19 21:16:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012.05.17 22:47:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2012.05.17 22:47:50 | 000,000,000 | ---D | M]

 

[2012.03.14 16:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.12.13 22:22:55 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

[2009.12.13 22:22:56 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com

[2012.06.14 21:02:36 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.14 16:40:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.14 21:02:31 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.14 21:02:31 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.06.14 21:02:31 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.14 21:02:31 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.14 21:02:31 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.14 21:02:31 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.03.07 18:40:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SlowDownCPU] C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\22M WLAN-Adapter-Utility.lnk = C:\Programme\22M WLAN\WLANMON.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260807923546 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1928064-4BC3-403B-B0C6-E890BC6D5597}: DhcpNameServer = 195.202.32.79 195.202.33.68

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7A850DA-9CD9-48A1-9B9F-2DA3F69965A1}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.10.13 19:36:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012.03.05 20:15:07 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2003.07.25 14:42:26 | 000,491,520 | ---- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ NTFS ]

O32 - AutoRun File - [2012.03.05 20:15:07 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.04 14:17:13 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien

[2012.08.04 14:17:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Opera

[2012.08.04 14:17:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera

[2012.08.04 14:16:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache

[2012.08.04 14:16:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft

[2012.08.04 14:16:16 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft

[2012.08.04 14:16:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo

[2012.08.04 14:16:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten

[2012.08.04 14:16:16 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör

[2012.08.04 14:16:16 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü

[2012.08.04 14:16:16 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart

[2012.08.04 14:16:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies

[2012.08.04 14:16:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen

[2012.08.04 14:16:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2012.08.04 14:16:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung

[2012.08.04 14:16:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen

[2012.08.04 14:16:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung

[2012.08.04 14:16:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia

[2012.08.04 14:16:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten

[2012.08.04 14:16:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop

[2012.08.02 23:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.08.02 23:32:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.08.02 23:32:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.07.31 15:32:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun

[2012.07.31 15:32:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2012.07.30 23:40:06 | 000,000,000 | ---D | C] -- C:\Programme\aMSN0.98.4

[2012.07.30 15:16:43 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll

[2012.07.30 15:16:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll

[2012.07.30 15:16:42 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll

[2012.07.30 15:16:41 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll

[2012.07.30 15:16:41 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll

[2012.07.30 15:16:40 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll

[2012.07.30 15:16:39 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll

[2012.07.30 15:16:39 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll

[2012.07.30 15:16:38 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2012.07.30 15:16:38 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2012.07.30 15:16:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2012.07.30 15:16:37 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2012.07.26 15:53:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FRITZ!WLAN

[2012.07.26 15:53:07 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick

[2012.07.26 15:53:02 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys

[2012.07.26 15:52:51 | 000,078,336 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwlan4ci.dll

[2012.07.26 15:52:50 | 000,926,080 | R--- | C] (AVM GmbH) -- C:\WINDOWS\System32\drivers\fwlanusb4.sys

[2012.07.19 21:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\aMSN

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.04 14:15:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.08.04 09:33:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.08.04 09:17:18 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1935655697-725345543-1004.job

[2012.08.03 22:27:18 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1935655697-725345543-1004.job

[2012.08.03 02:33:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.08.03 02:33:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.08.02 23:32:50 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.08.02 22:45:35 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.08.02 14:10:36 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.08.01 22:36:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.08.01 18:08:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.07.26 15:54:02 | 000,517,210 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.07.26 15:54:02 | 000,494,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.07.26 15:54:02 | 000,101,434 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.07.26 15:54:02 | 000,084,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.07.12 10:58:43 | 000,136,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.07.12 01:35:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.07.05 23:51:33 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

 
 ========== Files Created - No Company Name ==========

 

[2012.08.04 14:16:16 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk

[2012.08.04 14:16:16 | 000,000,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk

[2012.08.03 00:19:42 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\80000000.@

[2012.08.03 00:19:42 | 000,001,712 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\00000001.@

[2012.08.02 23:32:50 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.31 13:22:49 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\80000000.@

[2012.07.31 13:22:40 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\00000001.@

[2012.07.26 15:53:11 | 000,013,189 | R--- | C] () -- C:\WINDOWS\instwcli.inf

[2012.07.26 15:52:50 | 000,049,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\fwlanusb4.bin

[2012.05.31 14:39:30 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2012.05.30 23:32:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2012.05.09 15:46:12 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2011.12.03 20:57:05 | 000,132,111 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp

[2011.12.03 20:57:05 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp

[2011.10.10 22:23:01 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2011.08.10 19:52:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[2011.05.22 11:28:21 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2011.05.19 12:43:10 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2011.05.19 12:43:09 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010.12.26 21:05:40 | 000,001,556 | ---- | C] () -- C:\WINDOWS\7thlevel.ini

[2010.12.26 16:18:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010.12.24 14:12:47 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.12.24 14:12:47 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2009.12.16 10:12:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt

[2003.04.02 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\@

[2003.04.02 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\@
 

< End of report >

--- --- ---

Das ist von Combofix:

Combofix Logfile:

Code:

ComboFix 12-08-05.02 - Administrator 05.08.2012  20:41:54.4.1 - x86 MINIMAL

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.711 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\nicole\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

c:\dokumente und einstellungen\nicole\WINDOWS

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-07-05 bis 2012-08-05  ))))))))))))))))))))))))))))))

.

.

2012-08-04 12:16 . 2012-08-05 18:21        --------        d-----w-        c:\dokumente und einstellungen\Administrator

2012-08-02 21:32 . 2012-08-02 21:32        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2012-08-02 21:32 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-07-31 13:49 . 2012-07-31 13:49        --------        d-----r-        c:\dokumente und einstellungen\NetworkService\Favoriten

2012-07-30 21:40 . 2012-07-30 21:40        --------        d-----w-        c:\programme\aMSN0.98.4

2012-07-30 13:16 . 2010-06-02 02:55        74072        ----a-w-        c:\windows\system32\XAPOFX1_5.dll

2012-07-30 13:16 . 2010-06-02 02:55        527192        ----a-w-        c:\windows\system32\XAudio2_7.dll

2012-07-30 13:16 . 2010-06-02 02:55        239960        ----a-w-        c:\windows\system32\xactengine3_7.dll

2012-07-30 13:16 . 2010-05-26 09:41        2106216        ----a-w-        c:\windows\system32\D3DCompiler_43.dll

2012-07-30 13:16 . 2010-05-26 09:41        1868128        ----a-w-        c:\windows\system32\d3dcsx_43.dll

2012-07-30 13:16 . 2010-05-26 09:41        248672        ----a-w-        c:\windows\system32\d3dx11_43.dll

2012-07-30 13:16 . 2010-05-26 09:41        470880        ----a-w-        c:\windows\system32\d3dx10_43.dll

2012-07-30 13:16 . 2010-05-26 09:41        1998168        ----a-w-        c:\windows\system32\D3DX9_43.dll

2012-07-30 13:16 . 2010-02-04 08:01        74072        ----a-w-        c:\windows\system32\XAPOFX1_4.dll

2012-07-30 13:16 . 2010-02-04 08:01        528216        ----a-w-        c:\windows\system32\XAudio2_6.dll

2012-07-30 13:16 . 2010-02-04 08:01        238936        ----a-w-        c:\windows\system32\xactengine3_6.dll

2012-07-30 13:16 . 2010-02-04 08:01        22360        ----a-w-        c:\windows\system32\X3DAudio1_7.dll

2012-07-26 13:53 . 2012-07-26 13:53        --------        d-----w-        c:\programme\avmwlanstick

2012-07-26 13:53 . 2010-10-22 01:00        4352        ----a-r-        c:\windows\system32\drivers\avmeject.sys

2012-07-26 13:52 . 2010-10-22 01:00        78336        ----a-r-        c:\windows\system32\fwlan4ci.dll

2012-07-26 13:52 . 2010-10-22 01:00        926080        ----a-r-        c:\windows\system32\drivers\fwlanusb4.sys

2012-07-26 13:52 . 2010-10-22 01:00        49792        ----a-r-        c:\windows\system32\drivers\fwlanusb4.bin

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 00:33 . 2012-04-05 08:02        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-08-03 00:33 . 2011-05-14 08:24        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-22 14:32 . 2012-05-08 13:50        405144        ----a-w-        c:\windows\system32\Newtonsoft.Json.Net20.dll

2012-06-13 13:55 . 2003-04-02 12:00        1866240        ----a-w-        c:\windows\system32\win32k.sys

2012-06-05 15:49 . 2009-12-14 17:41        1372672        ----a-w-        c:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2003-04-02 12:00        1172480        ----a-w-        c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2003-04-02 12:00        152576        ----a-w-        c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2009-12-14 16:27        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2009-12-14 16:27        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2005-10-13 18:01        329240        ----a-w-        c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2005-10-13 18:01        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2005-10-13 18:01        210968        ----a-w-        c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2009-12-14 16:27        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2005-10-13 18:13        45080        ----a-w-        c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2005-10-13 18:01        35864        ----a-w-        c:\windows\system32\wups.dll

2012-06-02 13:19 . 2005-10-13 17:33        53784        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2003-04-02 12:00        97304        ----a-w-        c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2009-12-14 16:27        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2005-10-13 18:01        577048        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2005-10-13 17:33        1933848        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-02 13:18 . 2010-11-09 22:16        275696        ----a-w-        c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2010-11-09 22:16        214256        ----a-w-        c:\windows\system32\muweb.dll

2012-06-02 13:18 . 2010-11-09 22:16        18160        ----a-w-        c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2003-04-02 12:00        604160        ----a-w-        c:\windows\system32\crypt32.dll

2012-05-25 13:33 . 2010-05-28 15:48        477240        ----a-w-        c:\windows\system32\drivers\sptd.sys

2012-05-16 15:07 . 2003-04-02 12:00        916992        ----a-w-        c:\windows\system32\wininet.dll

2012-05-11 14:40 . 2003-04-02 12:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2012-05-11 14:40 . 2003-04-02 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2005-10-13 18:01        385024        ----a-w-        c:\windows\system32\html.iec

2012-06-14 19:02 . 2011-04-20 10:04        85472        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SlowDownCPU"="c:\windows\INF\MSI\SlowDownCPU\SlowDownCPU.exe" [2005-06-09 212992]

"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"WTClient"="WTClient.exe" [2009-03-17 32768]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2012-04-18 421888]

"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

22M WLAN-Adapter-Utility.lnk - c:\programme\22M WLAN\WLANMON.exe [2005-10-14 262144]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50        155648        ----a-w-        c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-10-31 17:42        32768        ----a-w-        c:\programme\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"UleadBurningHelper"=2 (0x2)

"iPod Service"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

S0 gqjeft;gqjeft;c:\windows\system32\drivers\iipsmqjp.sys --> c:\windows\system32\drivers\iipsmqjp.sys [?]

S0 tcbrb;tcbrb;c:\windows\system32\drivers\breb.sys --> c:\windows\system32\drivers\breb.sys [?]

S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [02.08.2012 23:32 655944]

S2 UDTTCAP;USBDTT - USB v1.1 DVB-T adapter Driver;c:\windows\system32\drivers\UDTTCAP.sys [14.10.2005 11:53 23926]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 10:02 250056]

S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [26.07.2012 15:53 4352]

S3 DT154_A02;T-Sinus 154data Driver;c:\windows\system32\DRIVERS\TS154USB.sys --> c:\windows\system32\DRIVERS\TS154USB.sys [?]

S3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\drivers\fwlanusb4.sys [26.07.2012 15:52 926080]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02.08.2012 23:32 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [14.06.2012 21:02 113120]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [13.10.2005 21:20 25088]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [06.05.2012 20:01 25088]

S3 TIACXLN;22M WLAN Adapter;c:\windows\system32\drivers\TIACXLN.sys [14.10.2005 12:33 155648]

S3 UDTTLOAD;UDTTLOAD;c:\windows\system32\drivers\UDTTload.sys [14.10.2005 11:53 17754]

S3 w32n5223;w32n5223 Protocol Driver;\??\c:\progra~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS --> c:\progra~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

s217obex

.

Inhalt des "geplante Tasks" Ordners

.

2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:33]

.

2012-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2012-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1935655697-725345543-1004.job

- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

.

2012-08-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1935655697-725345543-1004.job

- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

.

2012-07-01 c:\windows\Tasks\SymInstallStub.job

- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Symantec\SymInstallStub.exe [2012-07-01 17:01]

.

.

------- Zusätzlicher Suchlauf -------

.

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-08-05 20:48

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Zeit der Fertigstellung: 2012-08-05  20:50:44

ComboFix-quarantined-files.txt  2012-08-05 18:50

.

Vor Suchlauf: 4.526.292.992 Bytes frei

Nach Suchlauf: 4.597.563.392 Bytes frei

.

- - End Of File - - F2F583E669E88A46C56B43EBF765D30E

--- --- ---

Und OTL danach:
OTL Logfile:

Code:

OTL logfile created on: 05.08.2012 20:58:00 - Run 4

OTL by OldTimer - Version 3.2.55.0     Folder = D:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1023,48 Mb Total Physical Memory | 547,44 Mb Available Physical Memory | 53,49% Memory free

1,65 Gb Paging File | 1,32 Gb Available in Paging File | 79,83% Paging File free

Paging file location(s): D:\pagefile.sys 768 2048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 13,98 Gb Total Space | 4,29 Gb Free Space | 30,68% Space Free | Partition Type: NTFS

Drive D: | 97,81 Gb Total Space | 10,49 Gb Free Space | 10,73% Space Free | Partition Type: NTFS

 

Computer Name: NALA | User Name: nicole | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.08.03 00:01:23 | 000,597,504 | ---- | M] (OldTimer Tools) -- D:\OTL.exe

PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.06.14 21:02:35 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2012.05.15 19:00:21 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

PRC - [2010.10.22 03:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe

PRC - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe

PRC - [2009.08.22 12:31:06 | 005,148,672 | ---- | M] () -- D:\Programme\Rainlendar2\Rainlendar2.exe

PRC - [2009.03.17 11:12:52 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe

PRC - [2009.03.04 12:04:22 | 000,069,632 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.09.10 04:25:38 | 000,539,136 | ---- | M] (Distributed Computing Technologies, Inc.) -- C:\Programme\dnet\dnetc.exe

PRC - [2005.06.09 07:28:38 | 000,212,992 | ---- | M] () -- C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe

PRC - [2003.08.01 19:52:56 | 000,262,144 | ---- | M] () -- C:\Programme\22M WLAN\WLANMON.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.14 21:02:34 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2012.05.15 19:00:21 | 000,932,528 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe

MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe

MOD - [2009.08.22 12:32:50 | 000,724,992 | ---- | M] () -- D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll

MOD - [2009.08.22 12:31:06 | 005,148,672 | ---- | M] () -- D:\Programme\Rainlendar2\Rainlendar2.exe

MOD - [2009.06.12 10:04:18 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\WinTab32.dll

MOD - [2008.11.07 22:00:46 | 000,009,216 | ---- | M] () -- D:\Programme\Rainlendar2\lfs.dll

MOD - [2008.11.07 21:59:08 | 000,131,072 | ---- | M] () -- D:\Programme\Rainlendar2\lua51.dll

MOD - [2005.06.09 07:28:38 | 000,212,992 | ---- | M] () -- C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe

MOD - [2005.06.08 09:18:48 | 000,147,456 | ---- | M] () -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.dll

MOD - [2003.08.01 19:52:56 | 000,262,144 | ---- | M] () -- C:\Programme\22M WLAN\WLANMON.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.08.03 02:33:22 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.06.14 21:02:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)

SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)

SRV - [2009.03.04 12:04:22 | 000,069,632 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\system32\drivers\WTSrv.exe -- (WinTabService)

SRV - [2006.09.10 04:25:38 | 000,539,136 | ---- | M] (Distributed Computing Technologies, Inc.) [Auto | Running] -- C:\Programme\dnet\dnetc.exe -- (dnetc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS -- (w32n5223)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\breb.sys -- (tcbrb)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\iipsmqjp.sys -- (gqjeft)

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TS154USB.sys -- (DT154_A02)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)

DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.05.25 15:33:51 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2011.12.16 17:53:01 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)

DRV - [2011.05.19 12:43:10 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2011.05.19 12:43:09 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010.10.22 03:00:00 | 000,926,080 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb4.sys -- (fwlanusb4)

DRV - [2010.10.22 03:00:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)

DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2008.09.08 14:10:22 | 000,014,848 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)

DRV - [2007.04.23 15:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)

DRV - [2005.06.20 10:31:12 | 000,023,926 | R--- | M] (Twinhan Electronics Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\UDTTCAP.sys -- (UDTTCAP)

DRV - [2005.06.08 09:13:00 | 000,025,088 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS -- (SlowDownCPU)

DRV - [2005.06.08 06:02:06 | 000,033,280 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys -- (RushTopDevice)

DRV - [2005.03.09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004.09.06 10:01:56 | 000,161,536 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)

DRV - [2004.08.04 00:38:58 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004.04.14 12:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2004.04.14 12:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2004.04.14 12:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2004.04.14 12:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2003.08.11 05:35:00 | 000,155,648 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TIACXLN.sys -- (TIACXLN)

DRV - [2003.04.27 17:22:28 | 000,017,754 | R--- | M] (TwinHan Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UDTTload.sys -- (UDTTLOAD)

DRV - [2002.09.16 17:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"

FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0

FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.2.5.2

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {3160baf9-cf68-48ec-9076-faed7ce49467}:3.2.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:0.8

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="

FF - prefs.js..network.proxy.http: "173.212.195.88"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.28 00:12:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 21:02:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.19 21:16:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012.05.17 22:47:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2012.05.17 22:47:50 | 000,000,000 | ---D | M]

 

[2010.05.05 19:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Extensions

[2010.05.05 19:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.08.02 20:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions

[2012.07.09 14:49:08 | 000,000,000 | ---D | M] (dict.cc Community Toolbar) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}

[2012.07.15 18:10:06 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}

[2012.05.18 13:38:33 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.03.14 18:42:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.07.20 11:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\elemhidehelper@adblockplus.org

[2012.07.20 11:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\finder@meingutscheincode.de

[2012.05.18 13:38:32 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\extensions\ich@maltegoetz.de

[2012.03.14 16:59:24 | 000,001,878 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\aolsearch-1.xml

[2012.03.14 18:43:08 | 000,001,878 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\aolsearch-2.xml

[2007.12.23 22:42:28 | 000,001,878 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\aolsearch.xml

[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\conduit.xml

[2011.01.04 22:09:20 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\winamp-search.xml

[2012.03.14 17:45:17 | 000,002,112 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\fwyzzn3g.default\searchplugins\wot-safe-search.xml

[2012.03.14 16:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.12.13 22:22:55 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

[2009.12.13 22:22:56 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com

[2012.03.14 17:36:31 | 000,047,822 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\NICOLE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\FWYZZN3G.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI

[2012.07.27 09:47:53 | 000,184,864 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\NICOLE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\FWYZZN3G.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI

[2012.06.14 21:02:36 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.14 16:40:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.14 21:02:31 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.14 21:02:31 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.06.14 21:02:31 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.14 21:02:31 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.14 21:02:31 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.14 21:02:31 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.08.05 20:48:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SlowDownCPU] C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)

O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()

O4 - HKCU..\Run: [Spotify] C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKCU..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\22M WLAN-Adapter-Utility.lnk = C:\Programme\22M WLAN\WLANMON.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260807923546 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1928064-4BC3-403B-B0C6-E890BC6D5597}: DhcpNameServer = 195.202.32.79 195.202.33.68

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7A850DA-9CD9-48A1-9B9F-2DA3F69965A1}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.10.13 19:36:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2012.03.05 20:15:07 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2003.07.25 14:42:26 | 000,491,520 | ---- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ NTFS ]

O32 - AutoRun File - [2012.03.05 20:15:07 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.05 20:50:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012.08.05 20:39:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.08.05 20:39:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.08.05 20:39:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.08.05 20:39:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.08.05 20:36:41 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.08.05 20:07:39 | 004,725,168 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\nicole\Desktop\ComboFix.exe

[2012.08.02 23:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.08.02 23:32:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.08.02 23:32:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.07.31 15:32:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun

[2012.07.31 15:32:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2012.07.30 23:40:06 | 000,000,000 | ---D | C] -- C:\Programme\aMSN0.98.4

[2012.07.30 15:16:43 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll

[2012.07.30 15:16:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll

[2012.07.30 15:16:42 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll

[2012.07.30 15:16:41 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll

[2012.07.30 15:16:41 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll

[2012.07.30 15:16:40 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll

[2012.07.30 15:16:39 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll

[2012.07.30 15:16:39 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll

[2012.07.30 15:16:38 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2012.07.30 15:16:38 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2012.07.30 15:16:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2012.07.30 15:16:37 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2012.07.30 15:14:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Startmenü\Programme\Daedalic Entertainment

[2012.07.30 15:08:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Eigene Dateien\Telltale Games

[2012.07.26 15:53:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FRITZ!WLAN

[2012.07.26 15:53:07 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick

[2012.07.26 15:53:02 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys

[2012.07.26 15:52:51 | 000,078,336 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwlan4ci.dll

[2012.07.26 15:52:50 | 000,926,080 | R--- | C] (AVM GmbH) -- C:\WINDOWS\System32\drivers\fwlanusb4.sys

[2012.07.20 21:56:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Eigene Dateien\Jack Keane

[2012.07.20 19:20:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Startmenü\Programme\10TACLE STUDIOS

[2012.07.20 11:06:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\nicole\Anwendungsdaten\Dealio

[2012.07.19 21:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\aMSN

[2012.07.19 21:47:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\nicole\Recent

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.05 20:55:22 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1935655697-725345543-1004.job

[2012.08.05 20:55:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.08.05 20:48:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.08.05 20:33:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.08.05 20:07:21 | 004,725,168 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\nicole\Desktop\ComboFix.exe

[2012.08.05 20:07:05 | 000,000,408 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Dokument2.rtf

[2012.08.05 20:06:45 | 000,000,988 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Dokument.rtf

[2012.08.05 20:06:06 | 000,026,235 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\OTL_Main_Tutorial.gif

[2012.08.05 20:00:08 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.08.03 22:27:18 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1935655697-725345543-1004.job

[2012.08.03 02:33:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.08.03 02:33:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.08.03 02:27:17 | 000,000,558 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Tomaten im Alltag.rtf

[2012.08.03 02:24:16 | 000,001,424 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Licht aus um halb sieben.rtf

[2012.08.02 23:32:50 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.08.02 22:45:35 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.08.02 20:57:03 | 000,001,874 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\MERKIMERK.rtf

[2012.08.01 22:36:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.08.01 18:08:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.07.31 13:39:20 | 000,000,302 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\ROCKETHUB.rtf

[2012.07.31 01:48:55 | 001,123,400 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Avengerwholock.jpg

[2012.07.30 15:14:04 | 000,000,982 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Tales of Monkey Island.lnk

[2012.07.26 15:54:02 | 000,517,210 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.07.26 15:54:02 | 000,494,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.07.26 15:54:02 | 000,101,434 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.07.26 15:54:02 | 000,084,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.07.22 17:45:45 | 000,000,069 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\default.pls

[2012.07.20 19:20:11 | 000,000,981 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Jack Keane spielen.lnk

[2012.07.20 18:05:41 | 000,162,816 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.07.12 10:58:43 | 000,136,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.07.12 01:35:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.07.09 15:56:17 | 000,016,535 | ---- | M] () -- C:\Dokumente und Einstellungen\nicole\Eigene Dateien\44616-13EAC045B075296C87D622234F83F6E9.pdf

 
 ========== Files Created - No Company Name ==========

 

[2012.08.05 20:39:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.08.05 20:39:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.08.05 20:39:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.08.05 20:39:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.08.05 20:39:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.08.05 20:07:05 | 000,000,408 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Dokument2.rtf

[2012.08.05 20:06:45 | 000,000,988 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Dokument.rtf

[2012.08.05 20:06:05 | 000,026,235 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\OTL_Main_Tutorial.gif

[2012.08.03 23:46:11 | 000,754,366 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\MOV05413.MP4

[2012.08.03 23:45:04 | 000,455,766 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\MOV04054.MP4

[2012.08.03 23:42:52 | 001,515,938 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\MOV04021.MP4

[2012.08.03 02:27:16 | 000,000,558 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Tomaten im Alltag.rtf

[2012.08.03 02:20:37 | 000,001,424 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Licht aus um halb sieben.rtf

[2012.08.03 00:19:42 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\80000000.@

[2012.08.03 00:19:42 | 000,001,712 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\{ed79e549-5eaf-5c2c-fc09-ceb8fc39c478}\U\00000001.@

[2012.08.02 23:32:50 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.31 13:36:32 | 000,000,302 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\ROCKETHUB.rtf

[2012.07.31 01:48:54 | 001,123,400 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Avengerwholock.jpg

[2012.07.30 15:14:04 | 000,000,982 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Tales of Monkey Island.lnk

[2012.07.26 15:53:11 | 000,013,189 | R--- | C] () -- C:\WINDOWS\instwcli.inf

[2012.07.26 15:52:50 | 000,049,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\fwlanusb4.bin

[2012.07.20 19:20:11 | 000,000,981 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Desktop\Jack Keane spielen.lnk

[2012.07.09 15:56:17 | 000,016,535 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Eigene Dateien\44616-13EAC045B075296C87D622234F83F6E9.pdf

[2012.05.31 14:39:30 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2012.05.30 23:32:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2012.05.09 15:46:12 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2012.02.29 22:27:32 | 000,036,280 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\GamingC.mac

[2011.12.03 20:57:05 | 000,132,111 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp

[2011.12.03 20:57:05 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp

[2011.10.10 22:23:01 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2011.08.10 19:52:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[2011.08.05 22:14:43 | 000,000,091 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\verkleinerer.set

[2011.05.31 00:22:52 | 000,010,486 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\.recently-used.xbel

[2011.05.22 11:28:21 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2011.05.19 12:43:10 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2011.05.19 12:43:09 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010.12.26 21:05:40 | 000,001,556 | ---- | C] () -- C:\WINDOWS\7thlevel.ini

[2010.12.26 16:18:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010.12.24 14:12:47 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2010.12.24 14:12:47 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2010.03.13 19:05:44 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2009.12.16 10:12:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt

[2009.12.13 23:42:24 | 000,000,069 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\default.pls

[2005.10.14 00:11:12 | 000,162,816 | ---- | C] () -- C:\Dokumente und Einstellungen\nicole\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 

< End of report >

--- --- ---