Trojaner-Board - Explorer.exe als virus?

Ok, hier die log von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4451

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20.08.2010 13:39:34
mbam-log-2010-08-20 (13-39-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 257551
Laufzeit: 2 Stunde(n), 30 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\dsrarmi.dll (Trojan.Hiloti) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hwevevozuji (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\dsrarmi.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HE34LIR\rehg[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KXYJG1YN\rehf[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SPU3C5IV\rehh[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Meins\Lokale Einstellungen\Temp\Bcd.exe (Trojan.FakeAlert) -> Delete on reboot.

So hier die otl txt names "extras.txt":OTL Logfile:

Code:

OTL Extras logfile created on: 20.08.2010 13:42:26 - Run 1

OTL by OldTimer - Version 3.2.10.0     Folder = C:\Dokumente und Einstellungen\Meins\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 4,08 Gb Free Space | 2,74% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PHILIPP

Current User Name: Meins

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe ()

Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L ()

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L ()

Drive [find] -- %SystemRoot%\Explorer.exe ()

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Programme\QIP Infium\infium.exe" = C:\Programme\QIP Infium\infium.exe:*:Enabled:QIP Infium -- (QIP)

"C:\Programme\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe" = C:\Programme\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)

"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)

"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)

"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)

"C:\Programme\Microsoft Games\Age of Empires II\empires2.exe" = C:\Programme\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)

"C:\Programme\GameSpy Arcade\Services\_common\RWVoice.exe" = C:\Programme\GameSpy Arcade\Services\_common\RWVoice.exe:*:Enabled:RogerWilco Lite for GameSpy Arcade -- (GameSpy Industries)

"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\SteamApps\common\torchlight\Torchlight.exe" = C:\Programme\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)

"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Dokumente und Einstellungen\Meins\Eigene Dateien\OpBackup\rsync.exe" = C:\Dokumente und Einstellungen\Meins\Eigene Dateien\OpBackup\rsync.exe:*:Enabled:rsync -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

".sol Editor" = .sol Editor 1.1.0.1

"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2

"{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = Oxin's Style! 3D Sexvilla 2.058.002

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{17A87ED9-129A-4516-A3BF-5E513D23C3BB}" = Aureon 5.1 Fun ControlPanel

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2009

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008

"{593AFFA4-D08E-4272-BABB-420949D32A10}" = QUICKfind

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility

"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7

"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins

"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21

"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common

"{97CF0D2F-62F9-41B0-BDBA-18A0039F5394}" = TMPGEnc 4.0 XPress Testversion

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C4AAFE2-B68F-4E49-ABEF-A603364C8290}" = Audio Key Utility 2

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch

"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C6B51FD8-942C-45FE-9704-19B687372691}" = Auto Clicker - Image Recognizer

"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E47D2974-AA5E-FlvAVI-B984-3CA48DFA2849}_is1" = FLAV FLV to AVI Converter  2.58.16

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.65

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"Age of Empires 2.0" = Microsoft Age of Empires II

"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion

"Album Cover Art Downloader" = Album Cover Art Downloader 1.6.6

"All ATI Software" = ATI - Software Uninstall Utility

"AnyDVD" = AnyDVD

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"AutoGK" = Auto Gordian Knot 2.55

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AviSynth" = AviSynth 2.5

"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4

"CCleaner" = CCleaner

"Cheat Engine 5.5_is1" = Cheat Engine 5.5

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DreamStation DXi2" = DreamStation DXi2

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0

"DX-Ball 2 v1.25" = DX-Ball 2 v1.25

"EAX Unified" = EAX Unified

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60

"Finale NotePad 2007" = Finale NotePad 2007

"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"GameSpy Arcade" = GameSpy Arcade

"Google Updater" = Google Updater

"GPL Ghostscript 8.63" = GPL Ghostscript 8.63

"GSview 4.9" = GSview 4.9

"Guitar Pro 5_is1" = Guitar Pro 5.2

"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote

"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler

"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR

"Hauppauge WinTV Source Selector" = Hauppauge WinTV Source Selector

"Hauppauge WinTV2000" = Hauppauge WinTV2000

"Hide IP NG_is1" = Hide IP NG 1.50

"HijackThis" = HijackThis 2.0.2

"ImgBurn" = ImgBurn

"IrfanView" = IrfanView (remove only)

"JDownloader" = JDownloader

"Mafia Game" = Mafia Game

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)

"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.1

"Musicnotes Player" = Musicnotes Player

"OALD7" = Oxford Advanced Learner's Dictionary - 7th edition

"OpenAL" = OpenAL

"PDF Blender" = PDF Blender

"Pixillion" = Pixillion Image Converter

"RealPlayer 6.0" = RealPlayer

"Satsuki Decoder Pack" = Satsuki Decoder Pack

"ShrinkTo5Basic" = ShrinkTo5Basic

"ShutDownAlone" = ShutDownAlone 2.2 

"Sierra Uninstall" = Sierra On-Line Games (Remove only)

"SONAR LE" = SONAR LE

"SpeedFan" = SpeedFan (remove only)

"Steam App 41500" = Torchlight

"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944

"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)

"Switch" = Switch Sound File Converter

"SyncroSoft Emu" = SyncroSoft Emu (Remove only)

"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 0.9.8a

"VobSub" = VobSub v2.23 (Remove Only)

"VTPlus32 for WinTV (English)" = VTPlus32 for WinTV (English)

"Wecker 2.2" = Wecker 2.2 2.2

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1

"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS

"Facebook Plug-In" = Facebook Plug-In

"FlashMute" = FlashMute

"QIP Infium" = QIP Infium 2.0.9034

"RapidLoader" = RapidLoader

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 19.08.2010 19:21:16 | Computer Name = *****| Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung opera.exe, Version 10.61.3484.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 19.08.2010 11:58:01 | Computer Name = **** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Manager Helper" wurde mit folgendem Fehler beendet:   %%126

 

Error - 19.08.2010 11:58:01 | Computer Name = ***** | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   sptd

 

Error - 19.08.2010 12:55:24 | Computer Name = **** | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Starten Sie den Dienst neu..

 

Error - 19.08.2010 12:55:31 | Computer Name = ****  Source = Service Control Manager | ID = 7034

Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 

Mal passiert.

 

Error - 19.08.2010 13:02:17 | Computer Name = **** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Manager Helper" wurde mit folgendem Fehler beendet:   %%126

 

Error - 19.08.2010 13:02:17 | Computer Name = **** | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   sptd

 

Error - 19.08.2010 19:06:31 | Computer Name = **** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Manager Helper" wurde mit folgendem Fehler beendet:   %%126

 

Error - 19.08.2010 19:06:31 | Computer Name = **** | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   sptd

 

Error - 20.08.2010 05:00:39 | Computer Name = **** | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Manager Helper" wurde mit folgendem Fehler beendet:   %%126

 

Error - 20.08.2010 05:00:39 | Computer Name = **** | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   sptd

 

 

< End of report >

--- --- ---

und "otl.txt" :OTL Logfile:

Code:

OTL logfile created on: 20.08.2010 13:42:26 - Run 1

OTL by OldTimer - Version 3.2.10.0     Folder = C:\Dokumente und Einstellungen\Meins\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 4,08 Gb Free Space | 2,74% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PHILIPP

Current User Name: Meins

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Meins\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Dokumente und Einstellungen\Meins\Lokale Einstellungen\Temp\Bcd.exe ()

PRC - C:\WINDOWS\Bdywya.exe ()

PRC - C:\Programme\Opera\opera.exe (Opera Software)

PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\QIP Infium\infium.exe (QIP)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\WINDOWS\explorer.exe ()

PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Meins\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)

SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe (SiSoftware)

SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WpdUsb) -- C:\WINDOWS\System32\DRIVERS\wpdusb.sys File not found

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys File not found

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys (SiSoftware)

DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)

DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)

DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)

DRV - (hcw88rc5) -- C:\WINDOWS\system32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)

DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O)

DRV - (cmpci) TerraTec Aureon 5.1 (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (cmigameport) -- C:\WINDOWS\system32\drivers\cmigameport.sys ()

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1

FF - prefs.js..extensions.enabledItems: {9764bb84-7272-11dd-8eb6-20d155d89550}:2.0.0

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.09 10:57:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.21 16:24:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.05.03 13:05:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.05.03 13:05:56 | 000,000,000 | ---D | M]

 

[2009.06.10 12:12:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\Mozilla\Extensions

[2010.06.27 18:50:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\Mozilla\Firefox\Profiles\3g45bkcq.default\extensions

[2009.09.08 20:40:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\Mozilla\Firefox\Profiles\3g45bkcq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009.11.06 23:34:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\Mozilla\Firefox\Profiles\3g45bkcq.default\extensions\moveplayer@movenetworks.com

[2010.06.27 18:50:52 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\Mozilla\Firefox\Profiles\3g45bkcq.default\searchplugins\icqplugin-1.xml

[2008.03.31 12:52:00 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\Mozilla\Firefox\Profiles\3g45bkcq.default\searchplugins\icqplugin.gif

[2008.03.31 12:52:00 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\Mozilla\Firefox\Profiles\3g45bkcq.default\searchplugins\icqplugin.src

[2010.05.08 19:20:01 | 000,000,955 | ---- | M] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\Mozilla\Firefox\Profiles\3g45bkcq.default\searchplugins\icqplugin.xml

[2010.06.27 18:50:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.02.17 13:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.05.21 16:24:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2009.08.09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\PDFNetC.dll

[2009.08.09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

[2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2009.10.18 01:00:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.08.19 18:59:45 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll ()

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [Hwevevozuji] C:\WINDOWS\dsrarmi.DLL (MaresWEB)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.178 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Meins\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Meins\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O27 - HKLM IFEO\userinit.exe: Debugger - execfhlp.exe ()

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2009.01.07 17:29:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{6884bca0-25c5-11df-b65f-00110994f3d7}\Shell - "" = AutoRun

O33 - MountPoints2\{6884bca0-25c5-11df-b65f-00110994f3d7}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{dcaa0eac-e0de-11de-b5d1-00110994f3d7}\Shell - "" = AutoRun

O33 - MountPoints2\{dcaa0eac-e0de-11de-b5d1-00110994f3d7}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.08.20 13:41:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Meins\Desktop\OTL.exe

[2010.08.20 11:28:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Meins\Recent

[2010.08.18 15:51:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Galactic-FromTheCornerToTheBlock2008

[2010.08.18 14:33:29 | 000,040,960 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\Meins\Desktop\Look2Me-Destroyer.exe

[2010.08.16 09:47:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Meins\Lokale Einstellungen\Anwendungsdaten\Windows Server

[2009.03.20 16:18:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\pcouffin.sys

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.08.20 13:41:40 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vlhccr.sys

[2010.08.20 13:41:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Meins\Desktop\OTL.exe

[2010.08.20 12:56:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.08.20 11:28:23 | 000,000,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Meins\Desktop\CCleaner.lnk

[2010.08.20 11:00:22 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010.08.20 11:00:05 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.08.20 10:59:55 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1c9fd8c7426dcc4.job

[2010.08.20 10:59:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.08.20 10:59:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.08.20 03:31:00 | 017,825,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Meins\ntuser.dat

[2010.08.20 03:31:00 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Meins\ntuser.ini

[2010.08.19 20:21:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.08.19 18:59:45 | 000,000,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.08.19 18:55:05 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010.08.18 18:43:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010.08.18 17:43:33 | 000,000,208 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010.08.18 14:33:30 | 000,040,960 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\Meins\Desktop\Look2Me-Destroyer.exe

[2010.08.17 11:22:50 | 000,188,928 | ---- | M] () -- C:\WINDOWS\Bdywya.exe

[2010.08.17 10:49:35 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.08.15 20:45:38 | 000,000,607 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.08.20 13:41:40 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vlhccr.sys

[2010.08.19 18:55:05 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010.08.17 11:23:29 | 000,188,928 | ---- | C] () -- C:\WINDOWS\Bdywya.exe

[2010.06.07 14:29:36 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\7671F1CD20.dll

[2010.04.29 08:11:51 | 000,000,208 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010.04.15 15:38:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll

[2010.04.15 13:49:12 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2010.04.09 08:19:26 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2010.04.09 08:19:25 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010.03.31 17:08:52 | 000,000,625 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2010.02.22 00:41:50 | 000,000,180 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini

[2009.08.07 12:58:50 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2009.06.23 16:41:31 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2009.06.09 12:25:12 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\audowdb.dll

[2009.04.20 09:04:25 | 008,507,392 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda

[2009.03.20 16:18:51 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\pcouffin.log

[2009.03.20 16:18:46 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\inst.exe

[2009.03.20 16:18:46 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\pcouffin.cat

[2009.03.20 16:18:46 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\pcouffin.inf

[2009.03.20 16:03:47 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2009.03.08 18:43:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini

[2009.02.28 13:21:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009.02.21 13:15:28 | 000,000,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\AutoGK.ini

[2009.02.19 21:31:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009.02.19 20:05:56 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Meins\Anwendungsdaten\$_hpcst$.hpc

[2009.01.28 01:40:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI

[2009.01.28 01:31:44 | 000,000,125 | ---- | C] () -- C:\WINDOWS\fd3.INI

[2009.01.26 19:08:38 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini

[2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.01.07 23:25:58 | 000,099,840 | ---- | C] () -- C:\Dokumente und Einstellungen\Meins\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.07 21:26:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.01.07 18:16:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\vtplus32.ini

[2009.01.07 18:16:07 | 000,029,637 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2009.01.07 18:16:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll

[2009.01.07 18:15:22 | 000,001,836 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI

[2009.01.07 18:14:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll

[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007.03.26 10:45:18 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll

[2007.02.20 14:59:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2007.02.20 14:59:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2006.10.02 14:44:00 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2006.08.05 13:06:38 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2004.09.10 15:36:12 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll

[2004.08.04 14:00:00 | 001,855,488 | ---- | C] () -- C:\WINDOWS\System32\sndivvip.dll

[2004.08.04 14:00:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\ripuhfat.dll

[2004.08.04 14:00:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\riposctl.dll

[2004.08.04 14:00:00 | 000,201,267 | ---- | C] () -- C:\WINDOWS\System32\jobipvba32.dll

[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2002.02.07 17:54:34 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmigameport.sys

[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 154 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:98781370

@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0C1EFF69

@Alternate Data Stream - 132 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:408F95E5

< End of report >

--- --- ---

Hoffe, dass ich alles richtig gemacht habe und nichts vergessen hab!

Combofix Logfile:

Code:

ComboFix 10-08-22.05 - Meins 23.08.2010  16:14:28.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3071.2543 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Meins\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 * Neuer Wiederherstellungspunkt wurde erstellt

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\Meins\Anwendungsdaten\inst.exe

c:\dokumente und einstellungen\Meins\Lokale Einstellungen\Anwendungsdaten\Windows Server

c:\dokumente und einstellungen\Meins\Lokale Einstellungen\Anwendungsdaten\Windows Server\admin.txt

c:\dokumente und einstellungen\Meins\Lokale Einstellungen\Anwendungsdaten\Windows Server\flags.ini

c:\dokumente und einstellungen\Meins\Lokale Einstellungen\Anwendungsdaten\Windows Server\server.dat

c:\dokumente und einstellungen\Meins\Lokale Einstellungen\Anwendungsdaten\Windows Server\uses32.dat

C:\Install.exe

c:\windows\system32\BReWErS.dll

c:\windows\system32\winlogon.bak

G:\autorun.inf
 

Infizierte Kopie von c:\windows\system32\winlogon.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\ServicePackFiles\i386\winlogon.exe wurde wiederhergestellt 
 

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt 
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_SSHNAS
 
 

(((((((((((((((((((((((   Dateien erstellt von 2010-07-23 bis 2010-08-23  ))))))))))))))))))))))))))))))

.
 

2010-08-23 13:20 . 2010-08-23 13:21        --------        d-----w-        c:\programme\QuickTime

2010-08-23 13:13 . 2010-08-23 13:13        --------        d-----w-        c:\programme\iPod

2010-08-23 13:13 . 2010-08-23 13:15        --------        d-----w-        c:\programme\iTunes

2010-08-23 13:03 . 2010-08-23 13:03        --------        d-----w-        c:\programme\Bonjour

2010-08-23 11:00 . 2010-08-23 11:00        --------        d-----w-        C:\_OTL
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-23 14:40 . 2009-03-20 14:00        0        --sha-w-        c:\windows\S2E893285.tmp

2010-08-23 13:51 . 2009-01-07 16:23        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-08-23 13:13 . 2010-05-03 11:03        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple

2010-08-23 13:01 . 2010-08-23 13:01        73000        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-08-23 10:55 . 2009-03-01 22:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater

2010-08-20 09:29 . 2009-04-16 22:21        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-08-20 09:29 . 2009-03-08 16:47        --------        d-----w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Media Player Classic

2010-08-20 09:28 . 2009-02-16 16:01        --------        d-----w-        c:\programme\CCleaner

2010-08-20 09:06 . 2010-05-03 09:15        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-08-17 13:46 . 2009-03-20 14:20        --------        d-----w-        c:\programme\DVDFab 5

2010-08-16 09:53 . 2009-05-25 06:45        1        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-08-16 09:43 . 2009-07-22 21:22        --------        d-----w-        c:\programme\Ubisoft

2010-08-16 09:43 . 2009-01-07 16:15        --------        d--h--w-        c:\programme\InstallShield Installation Information

2010-08-15 18:45 . 2009-06-09 15:21        --------        d-----w-        c:\programme\Opera

2010-08-15 15:06 . 2010-08-15 15:06        27198960        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\rp\RealPlayerSPGold_de.exe

2010-08-15 15:06 . 2010-08-15 15:06        220272        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe

2010-08-15 15:06 . 2010-08-15 15:06        149000        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\chr_helper\LaunchHelper.exe

2010-08-15 15:06 . 2010-08-15 15:06        13407072        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\chr\ChromeInstaller.exe

2010-08-15 15:05 . 2010-08-15 15:05        79368        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\RUP\vista.exe

2010-08-15 15:05 . 2010-08-15 15:05        73344        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll

2010-08-15 15:05 . 2010-08-15 15:05        64000        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll

2010-08-15 15:05 . 2010-08-15 15:05        52288        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\gtapi.dll

2010-08-15 15:05 . 2010-08-15 15:05        122880        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\compat.dll

2010-08-13 12:34 . 2010-08-13 12:34        503808        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-704e8b50-n\msvcp71.dll

2010-08-13 12:34 . 2010-08-13 12:34        499712        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-704e8b50-n\jmc.dll

2010-08-13 12:34 . 2010-08-13 12:34        348160        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-704e8b50-n\msvcr71.dll

2010-08-13 12:34 . 2010-08-13 12:34        61440        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6548b8f4-n\decora-sse.dll

2010-08-13 12:34 . 2010-08-13 12:34        12800        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6548b8f4-n\decora-d3d.dll

2010-08-13 12:30 . 2010-08-13 12:30        456200        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Real\Update\setup3.12\setup.exe

2010-06-29 16:19 . 2009-01-08 22:38        --------        d-----w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\dvdcss

2010-06-28 08:56 . 2009-11-11 19:55        --------        d-----w-        c:\programme\JDownloader

2010-06-14 10:41 . 2010-06-14 10:41        50354        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Facebook\uninstall.exe

2010-06-09 10:45 . 2010-06-09 10:45        5591040        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll

2010-06-05 23:31 . 2010-06-05 23:31        664        ----a-w-        c:\windows\system32\d3d9caps.dat

2010-05-30 05:18 . 2010-05-30 05:18        503808        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3512c66b-n\msvcp71.dll

2010-05-30 05:18 . 2010-05-30 05:18        499712        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3512c66b-n\jmc.dll

2010-05-30 05:18 . 2010-05-30 05:18        348160        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3512c66b-n\msvcr71.dll

2010-05-30 05:18 . 2010-05-30 05:18        61440        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2348a1f6-n\decora-sse.dll

2010-05-30 05:18 . 2010-05-30 05:18        12800        ----a-w-        c:\dokumente und einstellungen\Meins\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2348a1f6-n\decora-d3d.dll

2009-08-09 00:11 . 2009-08-09 00:11        10437264        ----a-w-        c:\programme\mozilla firefox\plugins\PDFNetC.dll

2009-08-09 00:30 . 2009-08-09 00:30        107760        ----a-w-        c:\programme\mozilla firefox\plugins\ScorchPDFWrapper.dll

2006-05-03 10:06 . 2009-02-19 19:30        163328        --sh--r-        c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2009-02-19 19:30        31232        --sh--r-        c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2009-02-19 19:30        216064        --sh--r-        c:\windows\system32\nbDX.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-08-10 421888]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk

backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Meins^Startmenü^Programme^Autostart^OpenOffice.org 3.1.lnk]

path=c:\dokumente und einstellungen\Meins\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

2010-05-03 09:06        524632        ----a-w-        c:\programme\Lavasoft\Ad-Aware\AAWTray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 15:10        35696        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 06:58        611712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-09-30 16:28        203928        ----a-w-        c:\programme\Alcohol Soft\Alcohol 120\AxCmd.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2008-03-07 04:26        1694656        ----a-w-        c:\programme\SlySoft\AnyDVD\AnyDVDtray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashMute]

2006-03-11 19:49        221184        ----a-w-        c:\programme\FlashMute\flashmute.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 12:50        1289000        ----a-w-        c:\programme\Microsoft ActiveSync\wcescomm.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]

2005-10-22 22:00        385024        ----a-w-        c:\programme\Syncrosoft\POS\H2O\cledx.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 12:00        208952        ----a-w-        c:\windows\ime\IMJP8_1\imjpmig.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-12-13 18:10        1688872        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 13:53        141608        ----a-w-        c:\programme\iTunes\iTunesHelper.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-12-03 13:21        2213160        ----a-w-        c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57        153136        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 12:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 12:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 03:15        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-08-29 16:11        61440        ----a-w-        c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-02-28 17:40        1217872        ----a-w-        c:\programme\Steam\Steam.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-06-16 18:50        198160        ----a-w-        c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe"
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Programme\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=

"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=

"c:\\Programme\\QIP Infium\\infium.exe"=

"c:\\Programme\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Programme\\GameSpy Arcade\\Aphex.exe"=

"c:\\Programme\\Microsoft Games\\Age of Empires II\\empires2.exe"=
 

[HKLM\~\Services\\_common\\RWVoice.exe"=]

"c:\\Programme\\Opera\\opera.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programme\\Steam\\Steam.exe"=

"c:\\Programme\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=

"c:\\Dokumente und Einstellungen\\Meins\\Eigene Dateien\\OpBackup\\rsync.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)
 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17.02.2009 00:14 64160]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [21.11.2009 19:03 108289]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [08.04.2009 01:22 33792]

R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [07.01.2009 18:14 141889]

R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [07.01.2009 18:14 493632]

R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [07.01.2009 18:14 23104]

S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

S2 gupdate1c99ac037724eaa;Google Update Service (gupdate1c99ac037724eaa);c:\programme\Google\Update\GoogleUpdate.exe [02.03.2009 00:51 133104]

S2 ztmpvdqx;Manager Helper;c:\windows\system32\svchost.exe -k netsvcs [04.08.2004 14:00 14336]

S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [07.01.2009 18:14 11841]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1029456]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [20.04.2009 09:04 98488]
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

ztmpvdqx

.

Inhalt des "geplante Tasks" Ordners
 

2010-08-20 c:\windows\Tasks\1-Klick-Wartung.job

- c:\programme\TuneUp Utilities 2008\OneClick.exe [2007-12-14 12:17]
 

2010-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
 

2010-08-23 c:\windows\Tasks\Google Software Updater.job

- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 00:56]
 

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-01 22:51]
 

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1c9fd8c7426dcc4.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-01 22:51]
 

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-03-01 22:51]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

uInternet Settings,ProxyServer = socks=

uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local

uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\dokumente und einstellungen\Meins\Anwendungsdaten\Mozilla\Firefox\Profiles\3g45bkcq.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - plugin: c:\dokumente und einstellungen\Meins\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\dokumente und einstellungen\Meins\Anwendungsdaten\Mozilla\Firefox\Profiles\3g45bkcq.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\programme\Musicnotes\npmusicn.dll
 

---- FIREFOX Richtlinien ----

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

MSConfigStartUp-DAEMON Tools Lite - c:\programme\DAEMON Tools Lite\daemon.exe

MSConfigStartUp-ICQ - c:\programme\ICQ6.5\ICQ.exe

ActiveSetup-{42D26C61-410E-5A2E-BD9F-1B2EBE100CE2} - C:\WINDOWS:win32.exe

AddRemove-HijackThis - d:\downloads\3569054\HijackThis.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-08-23 16:41

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-1343024091-854245398-725345543-1004\Software\SecuROM\License information*]

"datasecu"=hex:44,aa,11,28,ca,57,60,fa,2e,b6,be,33,e1,55,c9,74,34,74,55,84,3c,

   7d,4b,6e,b3,89,d2,30,19,4c,ff,0a,da,eb,27,fb,8b,e9,d8,e7,39,83,b4,d3,df,bc,\

"rkeysecu"=hex:47,0d,d1,31,38,1b,3d,6b,51,be,cd,8b,c6,24,8a,c1

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(532)

c:\windows\system32\Ati2evxx.dll

c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
 

- - - - - - - > 'explorer.exe'(2672)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programme\Bonjour\mDNSResponder.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programme\Nero\Nero8\Nero BackItUp\NBService.exe

c:\programme\CDBurnerXP\NMSAccessU.exe

c:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\windows\system32\wscntfy.exe

c:\programme\iPod\bin\iPodService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-08-23  16:47:51 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-08-23 14:47
 

Vor Suchlauf: 3.788.845.056 Bytes frei

Nach Suchlauf: 3.666.358.272 Bytes frei
 

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
 

- - End Of File - - B39A478D5AF1E3210549A55E976BF416

--- --- ---

Also, bis jetzt habe ich noch keine einzige Virenmeldung bekommen, nach dem Reboot!
KLingt sehr vielversprechend!
Schon mal danke dafür!