Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internet Explorer öffnet Seiten mit Werbungen. (https://www.trojaner-board.de/85811-internet-explorer-oeffnet-seiten-werbungen.html)

_audioslave 06.05.2010 20:39
Internet Explorer öffnet Seiten mit Werbungen.
 
Hallo, bei mir besteht das gleiche Problem.
Malwarebytes gibt mir verschiedene Vieren an.
u.a. den Trojan.FakeAlter

Malwarebytes

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4073

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

06.05.2010 21:27:55
mbam-log-2010-05-06 (21-27-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 207452
Laufzeit: 1 Stunde(n), 4 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\drivers\cdcno.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Code:
OTL logfile created on: 06.05.2010 21:34:54 - Run 1
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\Lisa\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 33,66 Gb Total Space | 12,34 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 59,37 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive E: | 322,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LISA-PC
Current User Name: Lisa
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lisa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Lisa\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SpyHunter 4 Service) -- C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.11 12:34:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 15:56:54 | 000,000,000 | ---D | M]
 
[2010.04.11 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions
[2010.05.06 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\io64xbcq.default\extensions
[2010.04.14 13:45:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\io64xbcq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.11 18:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.06 21:27:27 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 18:39:10 | 000,000,061 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{48b68e3e-4546-11df-a535-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48b68e3e-4546-11df-a535-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe -- [2008.10.17 14:03:46 | 001,552,336 | R--- | M] (HanseNet Telekommunikation GmbH)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.06 21:33:44 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2010.05.06 21:27:15 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.05.06 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010.05.06 21:26:33 | 000,000,000 | ---D | C] -- C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010.05.06 21:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.05.06 21:23:56 | 000,490,392 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Lisa\Desktop\SpyHunter-Installer.exe
[2010.05.06 20:14:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2010.05.06 20:13:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.06 20:13:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.06 20:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.06 20:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.06 20:12:56 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Lisa\Desktop\mbam-setup.exe
[2010.05.06 19:35:07 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.05.03 21:07:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Roaming\lowsec
[2010.05.01 14:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.04.29 22:00:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.29 20:43:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\ICQ
[2010.04.22 21:16:06 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.04.22 21:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.04.15 14:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.04.15 14:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.04.15 14:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.04.15 14:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.04.15 14:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.04.15 14:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.04.15 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Adobe
[2010.04.14 13:51:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
[2010.04.14 10:28:35 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 10:28:35 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 10:28:33 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 10:28:32 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.14 10:28:31 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.12 20:45:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.04.12 08:57:21 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Avira
[2010.04.11 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\WinRAR
[2010.04.11 22:02:53 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.04.11 22:02:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.04.11 21:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010.04.11 18:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010.04.11 18:11:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.04.11 18:11:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.11 18:11:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.11 18:11:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.11 18:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.04.11 17:15:26 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\vlc
[2010.04.11 17:14:37 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.04.11 17:14:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.04.11 17:14:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.04.11 17:14:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010.04.11 17:14:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010.04.11 17:14:27 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010.04.11 17:14:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010.04.11 17:14:27 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010.04.11 17:14:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010.04.11 17:14:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010.04.11 17:14:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010.04.11 17:14:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010.04.11 17:14:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.04.11 17:14:16 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010.04.11 17:14:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010.04.11 17:14:16 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010.04.11 17:14:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010.04.11 17:14:07 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010.04.11 17:14:06 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.04.11 17:14:04 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.04.11 17:13:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.04.11 17:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010.04.11 17:13:40 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010.04.11 17:13:37 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.04.11 17:13:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.04.11 17:13:30 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.04.11 17:13:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.04.11 17:13:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.04.11 17:13:27 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.04.11 17:13:19 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.04.11 17:13:17 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.04.11 17:13:16 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.04.11 17:13:16 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.04.11 17:13:16 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.04.11 17:13:12 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010.04.11 17:13:06 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.04.11 17:13:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010.04.11 17:13:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010.04.11 17:13:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010.04.11 17:13:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010.04.11 17:13:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010.04.11 17:12:57 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010.04.11 17:12:52 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010.04.11 17:09:01 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.11 13:04:21 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.04.11 13:04:21 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.04.11 13:04:13 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.04.11 13:04:13 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.04.11 13:04:13 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.04.11 13:04:06 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.04.11 13:04:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.04.11 12:53:21 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.04.11 12:53:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\ICQ
[2010.04.11 12:53:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\AOL
[2010.04.11 12:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.04.11 12:41:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\DivX
[2010.04.11 12:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.04.11 12:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010.04.11 12:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.04.11 12:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.11 12:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.04.11 12:35:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Apple Computer
[2010.04.11 12:35:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Apple Computer
[2010.04.11 12:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.04.11 12:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.11 12:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.04.11 12:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.11 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Apple
[2010.04.11 12:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.04.11 12:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.04.11 12:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.04.11 12:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.04.11 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Macromedia
[2010.04.11 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Adobe
[2010.04.11 12:28:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.04.11 12:21:42 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.11 12:21:42 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.11 12:21:42 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.11 12:21:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.11 12:21:42 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.11 12:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.11 12:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.04.11 12:20:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.04.11 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Mozilla
[2010.04.11 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Mozilla
[2010.04.11 12:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.04.11 11:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.04.11 11:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.04.11 11:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.04.11 11:35:55 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010.04.11 11:23:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Microsoft Games
[2010.04.11 10:57:10 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Searches
[2010.04.11 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Identities
[2010.04.11 10:57:00 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Contacts
[2010.04.11 10:56:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\VirtualStore
[2010.04.11 10:56:55 | 000,000,000 | --SD | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Videos
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Saved Games
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Pictures
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Music
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Links
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Favorites
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Downloads
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Documents
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Desktop
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Vorlagen
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\Verlauf
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\Temporary Internet Files
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Startmenü
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\SendTo
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Recent
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Netzwerkumgebung
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Lokale Einstellungen
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Documents\Eigene Videos
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Documents\Eigene Musik
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Eigene Dateien
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Documents\Eigene Bilder
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Druckumgebung
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Cookies
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\Anwendungsdaten
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Anwendungsdaten
[2010.04.11 10:56:55 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData
[2010.04.11 10:56:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Temp
[2010.04.11 10:56:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Microsoft
[2010.04.11 10:56:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Media Center Programs
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.04.11 10:54:04 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010.04.11 10:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.04.11 10:45:58 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010.04.11 10:43:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.04.11 10:34:05 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.04.09 19:41:06 | 000,000,000 | ---D | C] -- C:\drivers
[2010.04.09 18:42:59 | 000,000,000 | R--D | C] -- C:\Programme
[2010.04.09 18:41:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen
[2010.04.09 18:41:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.06 21:36:06 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\cdcno.sys
[2010.05.06 21:34:36 | 001,048,576 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT
[2010.05.06 21:33:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2010.05.06 21:27:16 | 000,002,075 | ---- | M] () -- C:\Users\Lisa\Desktop\SpyHunter.lnk
[2010.05.06 21:23:57 | 000,490,392 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Lisa\Desktop\SpyHunter-Installer.exe
[2010.05.06 20:57:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.06 20:57:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.06 20:13:09 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Lisa\Desktop\mbam-setup.exe
[2010.05.06 16:57:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.06 16:34:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.06 16:34:56 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010.05.06 16:34:56 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.05.06 13:19:17 | 729,894,912 | ---- | M] () -- C:\Users\Lisa\Desktop\smaak-hp5_cd1.avi
[2010.05.03 22:31:53 | 033,316,864 | ---- | M] () -- C:\Users\Lisa\Desktop\TAAHM S07E01.avi
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.22 21:16:09 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.19 12:47:55 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.04.12 11:48:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.04.11 22:47:08 | 000,053,992 | ---- | M] () -- C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.11 22:45:58 | 000,251,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.11 21:19:44 | 152,882,016 | ---- | M] () -- C:\Users\Lisa\OOo_3.2.0_Win32Intel_install_de.exe
[2010.04.11 18:11:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.04.11 18:11:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.11 18:11:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.11 18:11:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.11 11:42:17 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010.04.11 11:42:16 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2010.04.11 11:04:36 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010.04.11 11:04:26 | 000,171,136 | RHS- | M] () -- C:\grldr
[2010.04.11 10:56:55 | 000,000,020 | -HS- | M] () -- C:\Users\Lisa\ntuser.ini
[2010.04.11 10:49:27 | 000,348,064 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.04.11 10:48:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.04.11 10:34:07 | 000,000,355 | -H-- | M] () -- C:\Boot.BAK
[2010.04.09 17:51:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.04.09 17:51:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.06 21:27:16 | 000,002,075 | ---- | C] () -- C:\Users\Lisa\Desktop\SpyHunter.lnk
[2010.05.06 08:36:52 | 729,894,912 | ---- | C] () -- C:\Users\Lisa\Desktop\smaak-hp5_cd1.avi
[2010.05.03 21:53:22 | 033,316,864 | ---- | C] () -- C:\Users\Lisa\Desktop\TAAHM S07E01.avi
[2010.05.03 21:09:16 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\cdcno.sys
[2010.04.22 21:16:09 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.15 14:16:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.04.12 11:48:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.04.11 21:18:21 | 152,882,016 | ---- | C] () -- C:\Users\Lisa\OOo_3.2.0_Win32Intel_install_de.exe
[2010.04.11 17:14:16 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010.04.11 11:04:26 | 000,171,136 | RHS- | C] () -- C:\grldr
[2010.04.11 10:56:55 | 001,048,576 | -HS- | C] () -- C:\Users\Lisa\NTUSER.DAT
[2010.04.11 10:56:55 | 000,524,288 | -HS- | C] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010.04.11 10:56:55 | 000,524,288 | -HS- | C] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010.04.11 10:56:55 | 000,262,144 | -H-- | C] () -- C:\Users\Lisa\ntuser.dat.LOG1
[2010.04.11 10:56:55 | 000,065,536 | -HS- | C] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.04.11 10:56:55 | 000,000,020 | -HS- | C] () -- C:\Users\Lisa\ntuser.ini
[2010.04.11 10:56:55 | 000,000,000 | -H-- | C] () -- C:\Users\Lisa\ntuser.dat.LOG2
[2010.04.11 10:48:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.04.11 10:48:14 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.04.11 10:34:07 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010.04.11 10:34:07 | 000,000,355 | -H-- | C] () -- C:\Boot.BAK
[2010.04.11 10:34:05 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2010.04.09 19:41:10 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved
[2010.04.09 17:51:57 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.04.09 17:51:57 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2009.04.11 15:19:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.01.21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
Code:
OTL Extras logfile created on: 06.05.2010 21:34:54 - Run 1
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\Lisa\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 33,66 Gb Total Space | 12,34 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 59,37 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive E: | 322,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LISA-PC
Current User Name: Lisa
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C06837-70A7-4D4F-B392-419BD937C73E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{02C5D7BC-B6C7-4B1C-81CB-1940A6D962B0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{05888C3B-FC81-453F-AB75-B671FCA074F3}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{0D9E3D6E-48C3-4E9E-A222-4F8EC9D540F5}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{24F69AFE-AE06-4C26-9CB5-7886B5E3894A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{44AC64E8-71BE-4667-86AD-AF1EE171053F}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{49E3B692-0DDE-4AF1-B1EA-FEFDC9BA9130}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4F9F5534-FF9B-4365-8790-310CF75796F7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{688ABFE3-9878-4F99-95CB-5B8A9A6F4B65}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{8480B31E-F4FE-48FF-886A-4334D47D8A6D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{92314743-ADC8-4A7D-AEA8-DEB9CAF63C99}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{9896D4D5-480C-4CEE-9AEC-A3CC5724CDA6}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{A1CAD22C-A800-4743-9012-E1F4F15538D1}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{A5ECDBB7-EC2D-434D-B72A-377558F86071}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{C275C96F-EA42-486B-BCC8-48FECC3C8CCB}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C78A166F-4CAB-4077-BA5E-C7CCFF9CCB1A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1297959B-B342-48AD-BB52-C5A84E87DB92}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{85960C8E-DC41-4636-9A70-B3A1201C12CB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E620A7DC-6B6C-418D-92D3-B8E8084B6D12}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{F12C63CF-5F17-4304-ADD4-95FD0A8964A6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{351C86BD-7490-4AAD-8D76-BD32E9EAAA7A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{AEBD39BD-9AE1-47B2-B2C9-4ED30451C090}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{BF8CECDF-138D-44CF-8513-AFD50088C5CE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D21B906A-9269-4F42-B931-A9B56D764E51}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"033AF7005E28212C588F4A6A7C70FC337035B868" = Windows Driver Package - Intel net  (02/25/2007 11.1.0.86)
"68C0F080293D2F762A22106C594B4792339BE161" = Windows Driver Package - Intel (NETw4v32) net  (02/25/2007 11.1.0.86)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"D378CF7D7829BEE3D6C6016D3E4A00DF2B5B858B" = Windows Driver Package - Intel (NETw2v32) net  (02/14/2007 9.1.1.13)
"DivX Setup.divx.com" = DivX-Setup
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"SopCast" = SopCast 3.2.9
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2010 12:19:17 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 06.05.2010 12:19:17 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 06.05.2010 12:19:17 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 06.05.2010 12:19:17 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 06.05.2010 13:34:50 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:34:56 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:34:56 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:35:01 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:35:02 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:35:07 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
[ System Events ]
Error - 01.05.2010 04:59:02 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.05.2010 15:09:17 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.05.2010 15:18:39 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.05.2010 15:24:57 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 03.05.2010 16:00:45 | Computer Name = Lisa-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
 
Error - 03.05.2010 16:31:54 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.05.2010 17:11:17 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.05.2010 09:15:13 | Computer Name = Lisa-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
 
Error - 04.05.2010 14:52:35 | Computer Name = Lisa-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.05.2010 um 20:43:28 unerwartet heruntergefahren.
 
Error - 06.05.2010 08:52:01 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

_audioslave 06.05.2010 21:40
hab das ganze auch durchgeführt.. in der hoffnung nix falsch gemacht zu haben :D

(edith: hab grad nochmal spyhunter4 durchlaufen lassen.
diese cdcno.sys datei ist immernoch vorhanden Oo)

voila

Code:
ComboFix 10-05-05.0D - Lisa 06.05.2010  22:11:28.2.2 - x86
Microsoft® Windows Vista™ Ultimate  6.0.6002.2.1252.49.1031.18.3061.1968 [GMT 2:00]
ausgeführt von:: c:\users\Lisa\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-04-06 bis 2010-05-06  ))))))))))))))))))))))))))))))
.

2010-05-06 20:15 . 2010-05-06 20:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-05-06 20:02 . 2010-05-06 20:02        --------        d-----w-        c:\program files\CCleaner
2010-05-06 19:27 . 2010-05-06 19:27        110080        ----a-r-        c:\users\Lisa\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe
2010-05-06 19:27 . 2010-05-06 19:27        110080        ----a-r-        c:\users\Lisa\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe
2010-05-06 19:27 . 2010-05-06 19:27        --------        d-----w-        C:\sh4ldr
2010-05-06 19:27 . 2010-05-06 19:27        --------        d-----w-        c:\program files\Enigma Software Group
2010-05-06 19:26 . 2010-05-06 19:27        --------        d-----w-        c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-06 19:26 . 2010-05-06 19:26        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2010-05-06 18:14 . 2010-05-06 18:14        --------        d-----w-        c:\users\Lisa\AppData\Roaming\Malwarebytes
2010-05-06 18:13 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 18:13 . 2010-05-06 18:13        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-05-06 18:13 . 2010-05-06 18:13        --------        d-----w-        c:\programdata\Malwarebytes
2010-05-06 18:13 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-06 17:35 . 2010-05-06 17:35        --------        d-----w-        C:\avrescue
2010-05-03 19:07 . 2010-05-06 13:34        --------        d-sh--w-        c:\users\Lisa\AppData\Roaming\lowsec
2010-04-30 08:27 . 2009-08-24 11:36        377344        ----a-w-        c:\windows\system32\winhttp.dll
2010-04-29 20:00 . 2010-02-12 10:32        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-04-28 20:08 . 2009-06-15 14:53        270848        ----a-w-        c:\windows\system32\schannel.dll
2010-04-28 20:08 . 2009-06-15 14:52        499712        ----a-w-        c:\windows\system32\kerberos.dll
2010-04-22 19:16 . 2009-05-18 11:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-22 19:16 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2010-04-22 19:15 . 2010-04-22 19:15        --------        d-----w-        c:\program files\iPod
2010-04-15 12:17 . 2010-04-15 12:17        --------        d-----w-        c:\program files\Common Files\Adobe
2010-04-15 12:16 . 2010-04-15 12:16        --------        d-----w-        c:\programdata\McAfee Security Scan
2010-04-15 12:16 . 2010-04-15 12:16        --------        d-----w-        c:\programdata\McAfee
2010-04-15 12:16 . 2010-04-19 10:47        --------        d-----w-        c:\program files\McAfee Security Scan
2010-04-15 12:16 . 2010-04-15 12:19        --------        d-----w-        c:\users\Lisa\AppData\Local\Adobe
2010-04-14 11:51 . 2010-05-06 06:30        1        ----a-w-        c:\users\Lisa\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-14 11:51 . 2010-04-14 11:51        --------        d-----w-        c:\users\Lisa\AppData\Roaming\OpenOffice.org
2010-04-14 08:28 . 2010-02-23 11:10        212992        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:28 . 2010-02-23 11:10        79360        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:28 . 2010-02-23 11:10        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:28 . 2010-02-18 14:07        3600776        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:28 . 2010-02-18 14:07        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-04-14 08:28 . 2010-03-04 17:33        430080        ----a-w-        c:\windows\system32\vbscript.dll
2010-04-14 08:28 . 2010-02-18 14:07        904576        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-04-14 08:28 . 2010-02-18 13:30        200704        ----a-w-        c:\windows\system32\iphlpsvc.dll
2010-04-14 08:28 . 2010-02-18 11:28        25088        ----a-w-        c:\windows\system32\drivers\tunnel.sys
2010-04-14 08:27 . 2009-12-23 11:33        172032        ----a-w-        c:\windows\system32\wintrust.dll
2010-04-14 08:27 . 2010-01-13 17:34        98304        ----a-w-        c:\windows\system32\cabview.dll
2010-04-12 06:57 . 2010-04-12 06:57        --------        d-----w-        c:\users\Lisa\AppData\Roaming\Avira
2010-04-11 20:02 . 2010-02-20 23:06        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2010-04-11 20:02 . 2010-02-20 23:05        30720        ----a-w-        c:\windows\system32\httpapi.dll
2010-04-11 20:02 . 2010-02-20 20:53        411648        ----a-w-        c:\windows\system32\drivers\http.sys
2010-04-11 19:22 . 2010-04-11 19:22        --------        d-----w-        c:\program files\OpenOffice.org 3
2010-04-11 19:18 . 2010-04-11 19:19        152882016        ----a-w-        c:\users\Lisa\OOo_3.2.0_Win32Intel_install_de.exe
2010-04-11 16:11 . 2010-05-06 15:29        --------        d-----w-        c:\program files\JDownloader
2010-04-11 16:11 . 2010-04-11 16:11        411368        ----a-w-        c:\windows\system32\deploytk.dll
2010-04-11 16:11 . 2010-04-11 16:11        --------        d-----w-        c:\program files\Java
2010-04-11 15:15 . 2010-05-06 17:52        --------        d-----w-        c:\users\Lisa\AppData\Roaming\vlc
2010-04-11 15:13 . 2009-06-04 12:07        2066432        ----a-w-        c:\windows\system32\mstscax.dll
2010-04-11 15:12 . 2009-10-07 11:36        243712        ----a-w-        c:\windows\system32\rastls.dll
2010-04-11 15:12 . 2009-09-14 09:29        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-04-11 15:12 . 2009-05-08 12:53        604672        ----a-w-        c:\windows\system32\WMSPDMOD.DLL
2010-04-11 15:09 . 2010-02-24 08:16        181632        ------w-        c:\windows\system32\MpSigStub.exe
2010-04-11 11:04 . 2009-08-07 02:24        44768        ----a-w-        c:\windows\system32\wups2.dll
2010-04-11 11:04 . 2009-08-07 02:24        53472        ----a-w-        c:\windows\system32\wuauclt.exe
2010-04-11 11:04 . 2009-08-07 02:23        1929952        ----a-w-        c:\windows\system32\wuaueng.dll
2010-04-11 11:04 . 2009-08-07 01:45        2421760        ----a-w-        c:\windows\system32\wucltux.dll
2010-04-11 11:04 . 2009-08-07 02:24        35552        ----a-w-        c:\windows\system32\wups.dll
2010-04-11 11:04 . 2009-08-07 02:23        575704        ----a-w-        c:\windows\system32\wuapi.dll
2010-04-11 11:04 . 2009-08-07 01:44        87552        ----a-w-        c:\windows\system32\wudriver.dll
2010-04-11 11:04 . 2009-08-06 17:23        171608        ----a-w-        c:\windows\system32\wuwebv.dll
2010-04-11 11:04 . 2009-08-06 16:44        33792        ----a-w-        c:\windows\system32\wuapp.exe
2010-04-11 10:53 . 2010-04-11 10:53        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-04-11 10:53 . 2010-05-06 19:24        --------        d-----w-        c:\users\Lisa\AppData\Roaming\ICQ
2010-04-11 10:53 . 2010-04-11 10:53        --------        d-----w-        c:\users\Lisa\AppData\Local\AOL
2010-04-11 10:53 . 2010-04-11 15:04        --------        d-----w-        c:\program files\ICQ7.1
2010-04-11 10:41 . 2010-04-11 10:41        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-11 10:41 . 2010-04-11 10:39        754984        ----a-w-        c:\programdata\DivX\Setup\Resource.dll
2010-04-11 10:41 . 2010-04-11 10:41        56978        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-11 10:41 . 2010-04-11 10:41        56766        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-11 10:41 . 2010-04-11 10:39        1180952        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-11 10:41 . 2010-04-11 10:41        57679        ----a-w-        c:\programdata\DivX\Player\Uninstaller.exe
2010-04-11 10:41 . 2010-04-11 10:41        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe
2010-04-11 10:41 . 2010-04-12 08:42        --------        d-----w-        c:\users\Lisa\AppData\Roaming\DivX
2010-04-11 10:39 . 2010-04-11 10:39        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-11 10:39 . 2010-04-11 10:41        --------        d-----w-        c:\programdata\DivX
2010-04-11 10:38 . 2010-04-11 10:38        --------        d-----w-        c:\program files\VideoLAN
2010-04-11 10:35 . 2010-04-12 09:54        --------        d-----w-        c:\users\Lisa\AppData\Roaming\Apple Computer
2010-04-11 10:35 . 2010-04-11 10:35        --------        d-----w-        c:\users\Lisa\AppData\Local\Apple Computer
2010-04-11 10:35 . 2010-04-22 19:16        --------        d-----w-        c:\program files\iTunes
2010-04-11 10:35 . 2010-04-11 10:35        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-11 10:34 . 2010-04-11 10:34        --------        d-----w-        c:\program files\QuickTime
2010-04-11 10:34 . 2010-04-11 10:35        --------        d-----w-        c:\programdata\Apple Computer
2010-04-11 10:34 . 2010-04-11 10:34        --------        d-----w-        c:\users\Lisa\AppData\Local\Apple
2010-04-11 10:34 . 2010-04-11 10:34        --------        d-----w-        c:\program files\Apple Software Update
2010-04-11 10:33 . 2010-04-11 10:33        --------        d-----w-        c:\program files\Bonjour
2010-04-11 10:33 . 2010-04-22 19:15        --------        d-----w-        c:\program files\Common Files\Apple
2010-04-11 10:33 . 2010-04-12 09:47        --------        d-----w-        c:\programdata\Apple
2010-04-11 10:28 . 2010-04-11 10:28        --------        d-----w-        c:\windows\system32\Macromed
2010-04-11 10:21 . 2010-03-01 07:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-04-11 10:21 . 2010-02-16 11:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-04-11 10:21 . 2009-05-11 09:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2010-04-11 10:21 . 2009-05-11 09:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2010-04-11 10:21 . 2010-04-11 10:21        --------        d-----w-        c:\programdata\Avira
2010-04-11 10:21 . 2010-04-11 10:21        --------        d-----w-        c:\program files\Avira
2010-04-11 10:20 . 2010-05-06 19:27        --------        d-sh--w-        c:\windows\Installer
2010-04-11 10:10 . 2010-04-11 10:10        --------        d-----w-        c:\users\Lisa\AppData\Local\Mozilla
2010-04-11 09:45 . 2010-04-11 09:45        --------        d-----w-        c:\program files\DIFX
2010-04-11 09:45 . 2010-04-22 19:16        --------        dc----w-        c:\windows\system32\DRVSTORE
2010-04-11 09:42 . 2010-04-11 08:49        --------        d-----w-        c:\windows\Panther
2010-04-11 09:35 . 2010-04-11 09:35        --------        d-----w-        C:\Windows.old
2010-04-11 09:23 . 2010-05-04 14:16        --------        d-----w-        c:\users\Lisa\AppData\Local\Microsoft Games
2010-04-11 08:57 . 2010-04-11 20:47        53992        ----a-w-        c:\users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\users\Default\Vorlagen
2010-04-11 08:48 . 2010-05-06 14:34        12        ----a-w-        c:\windows\bthservsdp.dat
2010-04-11 08:34 . 2010-04-11 09:42        --------        d-----w-        C:\Boot
2010-04-09 17:41 . 2010-04-09 17:41        --------        d-----w-        C:\drivers
2010-04-09 16:42 . 2010-04-09 16:03        --------        d-----r-        C:\Programme
2010-04-09 16:41 . 2010-04-09 16:03        --------        d-----w-        C:\Dokumente und Einstellungen

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 20:01 . 2010-05-06 18:04        4838        ----a-w-        c:\windows\system32\PerfStringBackup.TMP
2010-04-12 09:48 . 2010-04-12 09:48        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-04-11 15:13 . 2010-04-11 15:13        --------        d-----w-        c:\program files\SopCast
2010-04-11 10:41 . 2010-04-11 10:40        --------        d-----w-        c:\program files\DivX
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Vorlagen
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Startmenü
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Favoriten
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Dokumente
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Anwendungsdaten
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\program files\Gemeinsame Dateien
2010-04-11 08:48 . 2010-04-11 08:48        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-25 23:48 . 2010-03-25 23:48        73000        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-09 16:25 . 2010-04-11 15:13        78336        ----a-w-        c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-04-11 15:13        834048        ----a-w-        c:\windows\system32\wininet.dll
2010-03-08 17:59 . 2010-03-08 17:59        94208        ----a-w-        c:\windows\system32\dpl100.dll
2010-02-19 19:27 . 2010-02-19 19:27        720384        ----a-w-        c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27        856064        ----a-w-        c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27        856064        ----a-w-        c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27        847872        ----a-w-        c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27        843776        ----a-w-        c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27        839680        ----a-w-        c:\windows\system32\divx_xx11.dll
2010-02-12 09:46 . 2010-02-12 09:46        91424        ----a-w-        c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46        107808        ----a-w-        c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):18,aa,f7,f7,a9,ba,c9,01

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - cdcno
*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {B7E2450D-49C3-49F6-9408-7FEFFA648A61} = 213.191.74.11 213.191.92.82
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\io64xbcq.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",  1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",      2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",      1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",  25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",    5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdcno]

.
Zeit der Fertigstellung: 2010-05-06  22:18:25
ComboFix-quarantined-files.txt  2010-05-06 20:18

Vor Suchlauf: 11 Verzeichnis(se), 13.329.575.936 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 13.177.352.192 Bytes frei

- - End Of File - - B1089390971C781866F32601C89050B4

_audioslave 06.05.2010 22:34
osam

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:32:42 on 06.05.2010

OS: Windows Vista Ultimate Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Lisa\AppData\Local\Temp\catchme.sys  (File not found)
"cdcno" (cdcno) - ? - C:\Windows\system32\drivers\cdcno.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ymmd" (ymmd) - ? - C:\Windows\System32\drivers\lwgnwd.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{0a4286ea-e355-44fb-8086-af3df7645bd9} "Windows Media Player" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"SpyHunter 4 Service" (SpyHunter 4 Service) - "Enigma Software Group USA, LLC." - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

_audioslave 06.05.2010 23:02
gmer

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-07 00:01:01
Windows 6.0.6002 Service Pack 2
Running: chcqvobj.exe; Driver: C:\Users\Lisa\AppData\Local\Temp\kxldapow.sys


---- Kernel code sections - GMER 1.0.15 ----

?              System32\Drivers\cdcno.sys                                                                      Ein an das System angeschlossenes Gerät funktioniert nicht. !

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                          85F57DB0

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service          (*** hidden *** )                                                                              [BOOT] cdcno                                                          <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b28047e                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdcno@Type                                                1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdcno@Start                                              0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdcno@ErrorControl                                        0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdcno@Group                                              Boot Bus Extender
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b28047e (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\cdcno@Type                                                    1
Reg            HKLM\SYSTEM\ControlSet003\Services\cdcno@Start                                                  0
Reg            HKLM\SYSTEM\ControlSet003\Services\cdcno@ErrorControl                                            0
Reg            HKLM\SYSTEM\ControlSet003\Services\cdcno@Group                                                  Boot Bus Extender

---- EOF - GMER 1.0.15 ----

_audioslave 07.05.2010 22:12
kann mir jemand helfen? :D

bzw fehlen doch irgendwelche infos?

_audioslave 11.05.2010 23:32
ich hols nochmal hoch.... :heilig:


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131