Trojaner-Board - Aktuelles Lautstärkenregler-Problem, aufgezeigter Lösugnsweg funktioniert nicht

So, hat jetzt alles ein wenig gedauert, mein PC kam mit dem Gmer nicht so ganz klar (jedes mal wenns fertig mit scannen war und ich speichern wollte hat sich das Programm aufgehängt), aber am Ende kamen dann doch alle Datein raus:

Log von MBAM

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4316

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.07.2010 07:47:51
mbam-log-2010-07-16 (07-47-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147312
Laufzeit: 3 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Gamer.txt
GMER Logfile:
GMER Logfile:
GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-07-15 23:54:25

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOKUME~1\Aleera\LOKALE~1\Temp\awldqpoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            BA7B009E                                  ZwCreateKey

SSDT            BA7B0094                                  ZwCreateThread

SSDT            BA7B00A3                                  ZwDeleteKey

SSDT            BA7B00AD                                  ZwDeleteValueKey

SSDT            BA7B00B2                                  ZwLoadKey

SSDT            BA7B0080                                  ZwOpenProcess

SSDT            BA7B0085                                  ZwOpenThread

SSDT            BA7B00BC                                  ZwReplaceKey

SSDT            BA7B00B7                                  ZwRestoreKey

SSDT            BA7B00A8                                  ZwSetValueKey
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys  section is writeable [0xB90F4380, 0x34C81F, 0xE8000020]

init            C:\WINDOWS\system32\drivers\magicpvt.sys  entry point in "init" section [0xBA56D700]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Fastfat \Fat                  fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----[/QUOTE]

--- --- ---

--- --- ---

--- --- ---

OTL.txt
OTL Logfile:

Code:

OTL logfile created on: 16.07.2010 11:40:40 - Run 1

OTL by OldTimer - Version 3.2.9.0     Folder = C:\Dokumente und Einstellungen\Aleera\Desktop\MFTools

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 88,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 30,14 Gb Total Space | 15,10 Gb Free Space | 50,10% Space Free | Partition Type: NTFS

Drive D: | 107,02 Gb Total Space | 26,49 Gb Free Space | 24,75% Space Free | Partition Type: NTFS

Drive E: | 328,60 Gb Total Space | 56,20 Gb Free Space | 17,10% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: DARKNESS4

Current User Name: Aleera

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.07.15 21:25:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Aleera\Desktop\MFTools\OTL.exe

PRC - [2010.04.19 15:53:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe

PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.09.28 20:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\ramaint.exe

PRC - [2009.09.28 20:34:16 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardian.exe

PRC - [2009.01.12 08:15:52 | 000,071,096 | ---- | M] () -- C:\WINDOWS\system32\NMSAccess32.exe

PRC - [2008.09.05 02:01:00 | 001,794,048 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe

PRC - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe

PRC - [2008.08.11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LogMeIn.exe

PRC - [2008.06.03 01:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe

PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.07.15 21:25:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Aleera\Desktop\MFTools\OTL.exe

MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010.04.19 15:53:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.09.28 20:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2009.01.12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\NMSAccess32.exe -- (NMSAccess)

SRV - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)

SRV - [2008.08.11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2007.08.23 15:05:18 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)

SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2010.01.20 17:53:06 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)

DRV - [2010.01.20 17:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2009.09.28 20:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.28 00:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.09.05 02:01:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)

DRV - [2008.09.05 02:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)

DRV - [2008.08.11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008.08.11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2008.06.10 12:33:10 | 000,150,568 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)

DRV - [2008.05.20 11:53:00 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008.04.14 14:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008.04.14 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2008.04.14 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2008.04.14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)

DRV - [2008.02.02 17:54:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)

DRV - [2007.12.17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2007.09.07 14:58:20 | 000,012,928 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)

DRV - [2007.09.07 14:58:20 | 000,012,928 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)

DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2006.09.28 05:47:48 | 000,283,776 | R--- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)

DRV - [2005.11.14 14:59:00 | 000,007,424 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)

DRV - [2005.11.14 03:26:34 | 000,009,728 | R--- | M] (Samsung Electronics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\magicpvt.sys -- (magicpvt)

DRV - [2004.08.13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2003.06.27 04:05:38 | 000,472,332 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bing.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Ecosia"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.ecosia.org/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.28 14:10:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.12 17:22:15 | 000,000,000 | ---D | M]

 

[2009.07.01 16:26:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\Mozilla\Extensions

[2010.07.15 16:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\Mozilla\Firefox\Profiles\x30gut7h.default\extensions

[2009.09.02 16:41:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\Mozilla\Firefox\Profiles\x30gut7h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.08 09:46:04 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\Mozilla\Firefox\Profiles\x30gut7h.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}

[2010.04.07 17:37:09 | 000,002,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\Mozilla\Firefox\Profiles\x30gut7h.default\searchplugins\ecosia.xml

[2010.07.16 11:34:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.03.12 19:11:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.12 19:11:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.12 19:11:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.12 19:11:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.12 19:11:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [IRReceive] C:\Programme\IRReceive\IRReceive.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()

O4 - HKCU..\Run: [AdobeBridge]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Aleera\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Aleera\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.07.01 15:45:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: WmdmPmSp -  File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010.07.15 21:31:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.07.15 21:31:28 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2010.07.15 21:28:49 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip

[2010.07.15 21:28:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\Malwarebytes

[2010.07.15 21:26:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.07.15 21:26:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.07.15 21:26:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.07.15 21:26:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.07.15 21:25:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aleera\Desktop\MFTools

[2010.07.15 20:04:01 | 000,499,712 | ---- | C] (eSage Lab) -- C:\WINDOWS\System32\remover.exe

[2010.07.13 12:13:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira

[2010.07.12 09:11:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia

[2010.06.10 08:13:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010.05.19 23:07:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aleera\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi

[2010.05.19 23:07:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi

[2010.05.19 23:07:31 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 90 Days ==========

 

[2010.07.16 11:33:55 | 000,215,383 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010.07.16 11:33:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.07.16 11:33:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.07.16 11:33:47 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\magicpvt.dat

[2010.07.16 11:33:39 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\driver.dat

[2010.07.15 21:33:25 | 004,456,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\NTUSER.DAT

[2010.07.15 21:31:28 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Desktop\NTREGOPT.lnk

[2010.07.15 21:31:28 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Desktop\ERUNT.lnk

[2010.07.15 21:26:30 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.15 21:25:22 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Desktop\Gmer.zip

[2010.07.15 08:37:16 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLbx.DAT

[2010.07.13 16:50:18 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Aleera\ntuser.ini

[2010.07.12 17:22:15 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk

[2010.07.12 09:10:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.07.06 12:06:21 | 000,381,440 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\job_interview.doc

[2010.07.06 11:15:58 | 000,077,824 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.07.01 17:47:00 | 000,067,821 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\green____by_karil.jpg

[2010.07.01 17:46:20 | 000,075,626 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\6012_by_karil.jpg

[2010.07.01 17:44:20 | 000,241,929 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Healer_by_ValentinaKallias.jpg

[2010.07.01 17:43:50 | 000,366,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\I_feel_you_on_my_fingertips_by_BlackButterflyLMK.jpg

[2010.06.23 07:57:57 | 001,024,324 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.23 07:57:57 | 000,458,806 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.06.23 07:57:57 | 000,440,820 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.23 07:57:57 | 000,084,516 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.06.23 07:57:57 | 000,071,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.11 17:03:06 | 000,259,169 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\green_river_by_karil.jpg

[2010.06.11 17:02:57 | 000,114,585 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\my_favourite_flower_by_karil.jpg

[2010.06.11 17:02:53 | 000,127,940 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\5546_by_karil.jpg

[2010.06.11 16:58:48 | 000,189,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Watching_it_fly_by_Zindy.jpg

[2010.06.11 16:58:32 | 000,130,474 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\What's_left_of_me_by_Zindy.jpg

[2010.06.11 16:58:17 | 000,059,049 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Free_Spirit_by_Zindy.jpg

[2010.06.11 16:57:40 | 000,075,050 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Sugizo_by_zemotion.jpg

[2010.06.10 13:16:01 | 002,014,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.06.10 08:13:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010.05.21 17:01:52 | 000,176,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\6650_by_karil.jpg

[2010.05.20 18:01:53 | 000,000,596 | ---- | M] () -- C:\WINDOWS\win.ini

[2010.05.20 18:01:53 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.05.20 18:01:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010.05.18 13:45:22 | 000,084,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\5514_by_karil.jpg

[2010.05.14 00:06:44 | 000,000,022 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Desktop\shutdown.bat

[2010.05.13 12:00:04 | 000,012,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Vampire Diary Zitate.doc

[2010.05.11 21:29:03 | 000,077,828 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\6559_by_karil.jpg

[2010.05.11 21:28:55 | 000,124,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Happy_Mothers_Day_II_by_karil.jpg

[2010.05.04 13:38:35 | 000,060,187 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\back_to_____by_karil.jpg

[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.04.22 16:20:05 | 000,238,292 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Melancholic_Star_Child_by_Zindy.jpg

[2010.04.19 20:00:35 | 000,240,176 | ---- | M] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\_LOST__by_ValentinaKallias.jpg

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.07.15 21:40:49 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Desktop\gmer.exe

[2010.07.15 21:31:28 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Desktop\NTREGOPT.lnk

[2010.07.15 21:31:28 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Desktop\ERUNT.lnk

[2010.07.15 21:26:30 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.07.15 21:25:20 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Desktop\Gmer.zip

[2010.07.06 11:38:42 | 000,381,440 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\job_interview.doc

[2010.07.01 17:47:00 | 000,067,821 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\green____by_karil.jpg

[2010.07.01 17:46:19 | 000,075,626 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\6012_by_karil.jpg

[2010.07.01 17:44:19 | 000,241,929 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Healer_by_ValentinaKallias.jpg

[2010.07.01 17:43:49 | 000,366,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\I_feel_you_on_my_fingertips_by_BlackButterflyLMK.jpg

[2010.06.11 17:03:06 | 000,259,169 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\green_river_by_karil.jpg

[2010.06.11 17:02:57 | 000,114,585 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\my_favourite_flower_by_karil.jpg

[2010.06.11 17:02:52 | 000,127,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\5546_by_karil.jpg

[2010.06.11 16:58:48 | 000,189,001 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Watching_it_fly_by_Zindy.jpg

[2010.06.11 16:58:32 | 000,130,474 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\What's_left_of_me_by_Zindy.jpg

[2010.06.11 16:58:17 | 000,059,049 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Free_Spirit_by_Zindy.jpg

[2010.06.11 16:57:40 | 000,075,050 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Sugizo_by_zemotion.jpg

[2010.05.21 17:01:52 | 000,176,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\6650_by_karil.jpg

[2010.05.18 13:45:21 | 000,084,331 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\5514_by_karil.jpg

[2010.05.11 21:29:03 | 000,077,828 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\6559_by_karil.jpg

[2010.05.11 21:28:55 | 000,124,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Happy_Mothers_Day_II_by_karil.jpg

[2010.05.04 13:38:34 | 000,060,187 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\back_to_____by_karil.jpg

[2010.04.22 16:20:05 | 000,238,292 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\Melancholic_Star_Child_by_Zindy.jpg

[2010.04.19 20:00:34 | 000,240,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Aleera\Eigene Dateien\_LOST__by_ValentinaKallias.jpg

[2010.02.18 13:19:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2010.02.17 21:25:51 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll

[2010.02.17 21:25:51 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys

[2010.02.17 21:25:51 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys

[2009.10.05 07:16:42 | 000,799,016 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll

[2009.09.09 19:55:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009.07.13 19:46:41 | 000,001,711 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009.07.01 17:15:17 | 000,014,938 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009.07.01 17:14:47 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2009.07.01 16:45:14 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009.07.01 16:45:14 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009.07.01 16:45:12 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009.07.01 16:45:12 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009.07.01 16:25:42 | 000,036,841 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009.07.01 16:24:59 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009.07.01 16:24:50 | 000,036,450 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009.07.01 16:24:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009.03.28 00:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009.03.28 00:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009.03.28 00:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009.03.28 00:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008.01.14 20:50:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ZSubTimer.dll

[2008.01.10 13:40:29 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\evntmsg.dll

[2007.02.27 18:12:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\USBaccess.dll

[2006.12.21 02:21:58 | 000,144,656 | ---- | C] () -- C:\WINDOWS\System32\FAMCOM.dll

[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2009.07.04 16:34:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\Canon

[2010.04.19 20:01:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\ICQ

[2010.03.11 18:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\Nikon

[2009.07.01 20:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aleera\Anwendungsdaten\OpenOffice.org

[2010.03.11 18:31:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp

[2009.07.08 13:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2009.07.01 20:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm

[2010.02.17 23:33:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LogMeIn

[2010.03.11 18:31:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.* >

[2010.02.17 23:33:47 | 000,001,024 | ---- | M] () -- C:\.rnd

[2009.07.01 15:45:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010.05.20 18:01:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2008.04.14 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin

[2009.07.01 15:45:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009.08.03 23:41:24 | 000,001,453 | ---- | M] () -- C:\CTMeasureTiming.ini

[2009.07.01 15:45:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009.07.01 17:14:37 | 000,000,090 | ---- | M] () -- C:\LogiSetup.log

[2009.07.01 15:45:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008.04.14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008.04.14 14:00:00 | 000,251,712 | RHS- | M] () -- C:\ntldr

[2010.07.16 11:33:45 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2009.07.01 16:40:29 | 000,000,518 | ---- | M] () -- C:\RHDSetup.log

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %systemroot%\Tasks\*.job /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2009.07.01 17:29:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009.07.01 17:29:24 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009.07.01 17:29:24 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 
 < %systemroot%\system32\drivers\*.sys /90 >

[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

 
 < %systemroot%\system32\user32.dll /md5 >

[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %systemroot%\system32\ws2_32.dll /md5 >

[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < %systemroot%\system32\ws2help.dll /md5 >

[2008.04.14 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 20:30:47

< End of report >

--- --- ---

Extras.txt
OTL Logfile:

Code:

OTL Extras logfile created on: 16.07.2010 11:40:40 - Run 1

OTL by OldTimer - Version 3.2.9.0     Folder = C:\Dokumente und Einstellungen\Aleera\Desktop\MFTools

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 88,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 30,14 Gb Total Space | 15,10 Gb Free Space | 50,10% Space Free | Partition Type: NTFS

Drive D: | 107,02 Gb Total Space | 26,49 Gb Free Space | 24,75% Space Free | Partition Type: NTFS

Drive E: | 328,60 Gb Total Space | 56,20 Gb Free Space | 17,10% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: DARKNESS4

Current User Name: Aleera

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"C:\Programme\ArcSoft\TotalMedia 3\TotalMedia.exe" = C:\Programme\ArcSoft\TotalMedia 3\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3 -- (ArcSoft, Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0EFC334E-0BFE-4387-8E67-A0DAA54D998D}" = AutoRotation Premium

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver

"{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series

"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express

"{97B78FAE-5E46-4E56-9B25-37862F5EC568}" = IRReceive

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A488D63E-B3DD-4423-892F-2F2EC8909518}" = Logitech QuickCam

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro

"7-Zip" = 7-Zip 4.65

"AC3Filter" = AC3Filter (remove only)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audiograbber" = Audiograbber 1.83 SE 

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AVMWLANCLI" = AVM FRITZ!WLAN

"Capture NX 2" = Capture NX 2

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DPP" = Canon Utilities Digital Photo Professional 3.4

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition

"EOS Utility" = Canon Utilities EOS Utility

"ERUNT_is1" = ERUNT 1.1j

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{97B78FAE-5E46-4E56-9B25-37862F5EC568}" = IRReceive

"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber

"LastFM_is1" = Last.fm 1.5.4.24567

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"mv61xxDriver" = marvell 61xx

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Original Data Security Tools" = Canon Utilities Original Data Security Tools

"PhotoStitch" = Canon Utilities PhotoStitch

"Picture Style Editor" = Canon Utilities Picture Style Editor

"QcDrv" = Logitech® Camera-Treiber

"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)

"VLC media player" = VLC media player 1.0.0

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"Z-DBackup" = Z-DBackup

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 13.07.2010 12:52:24 | Computer Name = DARKNESS4 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung PhotoFiltre.exe, Version 6.2.6.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 13.07.2010 12:55:57 | Computer Name = DARKNESS4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung photofiltre.exe, Version 6.2.6.0, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 13.07.2010 12:55:57 | Computer Name = DARKNESS4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung photofiltre.exe, Version 6.2.6.0, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 13.07.2010 12:55:57 | Computer Name = DARKNESS4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung photofiltre.exe, Version 6.2.6.0, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 13.07.2010 12:55:57 | Computer Name = DARKNESS4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung photofiltre.exe, Version 6.2.6.0, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 13.07.2010 12:55:57 | Computer Name = DARKNESS4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung photofiltre.exe, Version 6.2.6.0, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 13.07.2010 12:55:57 | Computer Name = DARKNESS4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung photofiltre.exe, Version 6.2.6.0, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 13.07.2010 12:55:57 | Computer Name = DARKNESS4 | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung photofiltre.exe, Version 6.2.6.0, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 15.07.2010 15:52:49 | Computer Name = DARKNESS4 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung gmer.exe, Version 1.0.15.15281, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 15.07.2010 15:56:23 | Computer Name = DARKNESS4 | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung AcroRd32.exe, Version 9.3.3.177, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 03.07.2010 11:17:29 | Computer Name = DARKNESS4 | Source = FWLANUSB | ID = 5002

Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Adapters wurde ermittelt.

 

Error - 06.07.2010 05:11:00 | Computer Name = DARKNESS4 | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die  Netzwerkkarte mit der Netzwerkadresse 001F3F017AC0 zugeteilt werden. Der

 folgende Fehler  ist aufgetreten:   %%121.  Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 06.07.2010 06:00:50 | Computer Name = DARKNESS4 | Source = Wechselmediendienst | ID = 262255

Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der

 Bibliothek Kingston DataTraveler 2.0 USB Device nicht laden.

 

Error - 06.07.2010 06:00:51 | Computer Name = DARKNESS4 | Source = Wechselmediendienst | ID = 262255

Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der

 Bibliothek Kingston DataTraveler 2.0 USB Device nicht laden.

 

Error - 06.07.2010 06:16:26 | Computer Name = DARKNESS4 | Source = Wechselmediendienst | ID = 262255

Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der

 Bibliothek Kingston DataTraveler 2.0 USB Device nicht laden.

 

Error - 06.07.2010 06:16:27 | Computer Name = DARKNESS4 | Source = Wechselmediendienst | ID = 262255

Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der

 Bibliothek Kingston DataTraveler 2.0 USB Device nicht laden.

 

Error - 15.07.2010 17:58:28 | Computer Name = DARKNESS4 | Source = DCOM | ID = 10010

Description = Der Server "{781B925F-0BF8-4C7B-A2A8-A8B11B488A07}" konnte innerhalb

 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

 

Error - 15.07.2010 17:58:34 | Computer Name = DARKNESS4 | Source = DCOM | ID = 10010

Description = Der Server "{0002DF01-0000-0000-C000-000000000046}" konnte innerhalb

 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

 

Error - 16.07.2010 01:34:43 | Computer Name = DARKNESS4 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   avgio

 

Error - 16.07.2010 02:05:07 | Computer Name = DARKNESS4 | Source = System Error | ID = 1003

Description = Fehlercode 10000050, 1. Parameter e39b2000, 2. Parameter 00000000,

 3. Parameter b465fc3e, 4. Parameter 00000001.

 

 

< End of report >

--- --- ---

Hoffe mal das sagt dir etwas :)

ComboFix.txt

Combofix Logfile:

Code:

ComboFix 10-07-15.03 - Aleera 16.07.2010  13:48:50.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3327.2793 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Aleera\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

(((((((((((((((((((((((   Dateien erstellt von 2010-06-16 bis 2010-07-16  ))))))))))))))))))))))))))))))

.
 

2010-07-15 19:31 . 2010-07-15 19:31        --------        d-----w-        c:\programme\ERUNT

2010-07-15 19:28 . 2010-07-15 19:28        --------        d-----w-        c:\programme\7-Zip

2010-07-15 19:28 . 2010-07-15 19:28        --------        d-----w-        c:\dokumente und einstellungen\Aleera\Anwendungsdaten\Malwarebytes

2010-07-15 19:26 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-15 19:26 . 2010-07-15 19:26        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-07-15 19:26 . 2010-07-15 19:26        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-07-15 19:26 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-07-15 18:04 . 2009-10-03 17:06        499712        ----a-w-        c:\windows\system32\remover.exe

2010-07-13 10:13 . 2010-07-13 10:13        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Avira

2010-07-12 07:11 . 2010-07-12 07:11        --------        d-sh--w-        c:\dokumente und einstellungen\LocalService\PrivacIE
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-16 11:24 . 2009-07-01 15:12        16        ----a-w-        c:\windows\system32\magicpvt.dat

2010-07-16 11:24 . 2009-07-01 15:12        32        ----a-w-        c:\windows\system32\driver.dat

2010-07-16 05:42 . 2009-07-01 18:28        1        ----a-w-        c:\dokumente und einstellungen\Aleera\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-07-16 05:34 . 2010-02-17 21:33        --------        d-----w-        c:\programme\LogMeIn

2010-07-15 06:37 . 2010-03-11 16:29        20        ---h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PKP_DLbx.DAT

2010-06-23 05:57 . 2008-04-14 12:00        84516        ----a-w-        c:\windows\system32\perfc007.dat

2010-06-23 05:57 . 2008-04-14 12:00        458806        ----a-w-        c:\windows\system32\perfh007.dat

2010-06-14 14:31 . 2009-07-01 13:43        744448        ----a-w-        c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-06 16:33 . 2009-07-01 18:04        --------        d-----w-        c:\programme\Microsoft Silverlight

2010-05-19 21:07 . 2010-05-19 21:07        --------        d-----w-        c:\programme\LogMeIn Hamachi

2010-05-06 10:31 . 2008-04-14 12:00        916480        ----a-w-        c:\windows\system32\wininet.dll

2010-05-02 08:05 . 2008-04-14 12:00        1851392        ----a-w-        c:\windows\system32\win32k.sys

2010-04-20 05:29 . 2008-04-14 12:00        285696        ----a-w-        c:\windows\system32\atmfd.dll

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\programme\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\programme\mozilla firefox\plugins\ssldivx.dll

2008-04-14 12:00 . 2009-07-14 17:22        73728        --sha-w-        c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe

2006-05-03 10:06 . 2010-02-18 11:18        163328        --sh--r-        c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2010-02-18 11:18        31232        --sh--r-        c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2010-02-18 11:18        216064        --sh--r-        c:\windows\system32\nbDX.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-02 5964800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

"nwiz"="nwiz.exe" [2009-03-27 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]

"IRReceive"="c:\programme\IRReceive\IRReceive.exe" [2007-06-26 675913]

"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2008-09-05 1794048]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-09-28 18:34        87352        ----a-w-        c:\windows\system32\LMIinit.dll
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GammaTray.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\GammaTray.lnk

backup=c:\windows\pss\GammaTray.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NCProTray.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\NCProTray.lnk

backup=c:\windows\pss\NCProTray.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]

2006-06-12 12:32        700416        ------w-        c:\programme\Creative\Sync Manager Unicode\CTSyncU.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2003-12-16 20:37        188416        ----a-w-        c:\programme\Logitech\Video\ISStart.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2003-12-16 20:39        77824        ----a-w-        c:\programme\Logitech\Video\LogiTray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2008-08-11 11:41        63048        ----a-w-        c:\programme\LogMeIn\x86\LogMeInSystray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2010-03-30 09:16        1820040        ----a-w-        c:\programme\LogMeIn Hamachi\hamachi-2-ui.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation]

2007-08-24 09:40        1097728        ----a-w-        c:\programme\MagicRotation\MagicPvt.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-07-01 18:34        148888        ----a-w-        c:\programme\Java\jre6\bin\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-04-10 17:29        37888        ----a-w-        c:\programme\Winamp\winampa.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MagicTuneEngine"=2 (0x2)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\ICQ6.5\\ICQ.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=
 

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [10.06.2008 12:33 150568]

R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [01.07.2009 17:12 9728]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [01.07.2009 16:07 135336]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [30.03.2010 11:16 1107336]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programme\LogMeIn\x86\rainfo.sys [11.08.2008 13:41 12856]

R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [12.07.2009 13:12 7424]

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [01.07.2009 15:56 265088]

S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [01.07.2009 16:04 4352]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [17.02.2010 21:25 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [17.02.2010 21:25 8456]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

FF - ProfilePath - c:\dokumente und einstellungen\Aleera\Anwendungsdaten\Mozilla\Firefox\Profiles\x30gut7h.default\

FF - prefs.js: browser.search.selectedEngine - Ecosia

FF - prefs.js: browser.startup.homepage - hxxp://www.ecosia.org/

FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKCU-Run-AdobeBridge - (no file)
 
 
 

**************************************************************************

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,7e,4d,40,35,ea,da,41,87,33,9f,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,7e,4d,40,35,ea,da,41,87,33,9f,\

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(764)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll
 

- - - - - - - > 'explorer.exe'(884)

c:\windows\system32\webcheck.dll

.

Zeit der Fertigstellung: 2010-07-16  13:52:01

ComboFix-quarantined-files.txt  2010-07-16 11:51
 

Vor Suchlauf: 7 Verzeichnis(se), 16.104.939.520 Bytes frei

Nach Suchlauf: 9 Verzeichnis(se), 17.788.157.952 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
 

- - End Of File - - A91F7B825ECF6BD2E181220FC2B0BA72

--- --- ---