Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ComboFix-Logfile nach "System Check"-Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 02.03.2012, 22:02   #1
StrgZ
 
ComboFix-Logfile nach "System Check"-Malware - Standard

ComboFix-Logfile nach "System Check"-Malware



Hallo zusammen,

habe mir heute leider malware eingefangen, "System Check" (hier Beschreibung, weiß nicht wie seriös sie ist: trojan-killer.net/de/tag/system-check-virus-removal/).

Habe dann ComboFix durchlaufen lassen (unter Berücksichtigung dieser Anleitung: bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird#restore).

Die Malware startete nicht mehr nach dem Neustart (durch ComboFix initiiert) aber meine dateien und ordner sind immer noch trnaspartent/hidden..

auf der anleitungsseite wurde euer forum genannt, wenn man sein logifle von profis checken lassen will und so hoffe ich, dass ihr mir helfen könnt.
also vielen vielen dank im voraus für's lesen und wenn ich noch mit infos aushelfen kann schreibt mir bitte! lg

___LOGFILE______________________________________________________
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-02.01 - User 02.03.2012  20:38:10.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3004.2169 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ovu4jwEAyicwSF
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ovu4jwEAyicwSF.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\QgsXPpOqaEn.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\User\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\User\Desktop\System Check.lnk
c:\dokumente und einstellungen\User\Eigene Dateien\Downloads\CT2776682_BrotherSoft_Extreme.exe
C:\Recycle.Bin
c:\recycle.bin\7DD73FF6B4D1161
c:\recycle.bin\B6232F3AFAA.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobebaln.exe
c:\windows\system32\SET113.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET121.tmp
c:\windows\system32\SET169.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-02 bis 2012-03-02  ))))))))))))))))))))))))))))))
.
.
2012-03-02 19:11 . 2012-03-02 19:11	--------	d-sh--w-	c:\dokumente und einstellungen\Administrator\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 18:33 . 2011-12-11 12:38	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-30 18:50 . 2012-01-30 18:50	101720	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-12-15 18:49 . 2011-07-07 16:56	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2008-03-09 06:25 . 2010-01-09 15:18	236	----a-w-	c:\programme\Gemeinsame Dateien\dx.reg
2012-02-20 20:09 . 2011-05-13 19:04	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\programme\BittorrentBar_DE\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2011-05-09 09:49	176936	----a-w-	c:\programme\BittorrentBar_DE\prxtbBit2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-07 18:34	194848	----a-w-	c:\programme\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\programme\BittorrentBar_DE\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}"= "c:\programme\BittorrentBar_DE\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45	122512	----a-w-	c:\programme\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-13 17881600]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-06-13 148888]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"HKSERV.EXE"="c:\programme\Sony\HotKey Utility\HKserv.exe" [2004-06-29 122880]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2002-11-01 126976]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2002-11-01 561152]
"VirtualCloneDrive"="c:\programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-22 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-22 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-22 138752]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\User\Startmenü\Programme\Autostart\
61871.lnk - c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\mvNat.exe [N/A]
IMVU.lnk - c:\dokumente und einstellungen\User\Anwendungsdaten\IMVUClient\IMVUQualityAgent.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\BitTorrent\\BitTorrent.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25.08.2009 23:14 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04.09.2011 10:27 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06.07.2009 21:49 320856]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11.12.2011 13:38 36000]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.01.2009 19:31 277544]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.12.2011 13:38 86224]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [10.12.2008 00:10 24636]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06.07.2009 21:49 20568]
R2 hshld;Hotspot Shield Service;c:\programme\Hotspot Shield\bin\openvpnas.exe [06.10.2011 01:21 288088]
R2 HssWd;Hotspot Shield Monitoring Service;c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [03.11.2011 12:06 2152152]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13.06.2009 14:40 244368]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [12.10.2010 15:48 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 04:46 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.06.2009 16:16 1684736]
S3 cpudrv;cpudrv;c:\programme\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [12.10.2010 15:48 136176]
S3 PCIUtil;PCI Utility;\??\c:\dokume~1\User\LOKALE~1\Temp\PCIUtil.sys --> c:\dokume~1\User\LOKALE~1\Temp\PCIUtil.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 15:02 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 11:06]
.
2012-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-12 14:47]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-12 14:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\dokumente und einstellungen\User\Startmenü\Programme\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - prefs.js: network.proxy.http - 66.167.100.59
FF - prefs.js: network.proxy.http_port - 6649
FF - prefs.js: network.proxy.type - 2
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, 1af8b055-0a68-45f1-bf06-6d2c57f6c843
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,SanitySwitch,PageRage,PageRageGlobal,
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-4Y3Y0C3A9F7W0VWDRRECZ - c:\recycle.bin\B6232F3AFAA.exe
HKLM-Run-QgsXPpOqaEn.exe - c:\dokumente und einstellungen\All Users\Anwendungsdaten\QgsXPpOqaEn.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\dokume~1\ALLUSE~1\ANWEND~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-02 21:05
Windows 5.1.2600 Service Pack 3 NTFS
.
ScUser versteckte Prozesse... 
.
ScUser versteckte Autostarteinträge... 
.
ScUser versteckte Dateien... 
.
.
C:\## aswSnx private storage
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(1836)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Alwil Software\Avast5\AvastSvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Hotspot Shield\HssWPR\hsssrv.exe
c:\programme\Hotspot Shield\bin\hsswd.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\xampp\mysql\bin\mysqld.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\RTHDCPL.EXE
c:\programme\Sony\HotKey Utility\HKWnd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-02  21:16:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-02 20:16
.
Vor Suchlauf: 14 Verzeichnis(se), 18.928.635.904 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.587.882.496 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 047040F33B5EB169F11F2B8C2B83B75D
         
--- --- ---

Alt 03.03.2012, 01:17   #2
StrgZ
 
ComboFix-Logfile nach "System Check"-Malware - Standard

ComboFix-Logfile nach "System Check"-Malware



und hier noch ein malwarebyteslogfile:

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.02.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702

02.03.2012 22:07:24
mbam-log-2012-03-02 (22-07-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 413167
Laufzeit: 2 Stunde(n), 50 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\CLSID\{B8B03DA0-E072-38C5-7B98-F1B96FBE316A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44\4f051a2c-78c24c38 (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ovu4jwEAyicwSF.exe.vir (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\QgsXPpOqaEn.exe.vir (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134567.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134568.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\61871.lnk (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\d3dx10d.dll (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________


Alt 03.03.2012, 11:14   #3
StrgZ
 
ComboFix-Logfile nach "System Check"-Malware - Standard

ComboFix-Logfile nach "System Check"-Malware



... und hier noch das ESET-Logfile:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScUserrApp.exe=1.0.0.1
# OnlineScUserr.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8e6fd640f85ccc40a276cc3563ef7ee9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-03 03:26:19
# local_time=2012-03-03 04:26:19 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 62772462 62772462 0 0
# compatibility_mode=770 16774141 100 100 6932487 107441297 0 0
# compatibility_mode=1792 16777191 100 0 7127919 7127919 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777213 100 64 48246501 115147919 0 0
# scUserd=230663
# found=11
# cleaned=11
# scan_time=10154
C:\Dokumente und Einstellungen\User\Adobe.Flash.CS4.v10.0.PRO\AdobeFlashCS4.exe NSIS/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Dokumente und Einstellungen\User\Adobe.Flash.CS4.v10.0.PRO\AdobeFlashCS4.exe.BAK NSIS/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP367\A0120576.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP367\A0120579.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134570.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134574.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP398\A0134776.exe NSIS/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{09C7FC35-D253-4B2B-83A2-A1274500E0CE}\RP399\A0134784.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
__________________

Alt 03.03.2012, 12:52   #4
StrgZ
 
ComboFix-Logfile nach "System Check"-Malware - Standard

ComboFix-Logfile nach "System Check"-Malware



so, habe nach einer anleitung aus diesem forum noch folgendes gemacht:
1.) rkill.exe ausführen 2.) unhide.exe ausführen 3.) tdsskiller.exe ausführen

ordner sind auch wieder sichtbar.

Da "System Check" immer noch unter "Start" > "Programme" aufgelistet wird, bin ich mir nicht sicher, ob mein rechner nun sicher ist oder ich mein system neu aufspielen sollte.

hier noch mein OTL-Logfile + Extra:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.03.2012 12:32:53 - Run 2
OTL by OldTimer - Version 3.2.35.0     Folder = C:\Dokumente und Einstellungen\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 73,18% Memory free
4,78 Gb Paging File | 4,11 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 293,43 Gb Total Space | 36,69 Gb Free Space | 12,50% Space Free | Partition Type: NTFS
 
Computer Name: USER | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\HotKey Utility\HKServ.exe (Sony Corporation)
PRC - C:\Programme\Sony\HotKey Utility\HKWnd.exe (Sony Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Alwil Software\Avast5\defs\12030300\algo.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Programme\Lavasoft\Ad-Aware\Viprebridge.dll ()
MOD - C:\Programme\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
MOD - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libidn-11.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libssl32.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libeay32.dll ()
MOD - c:\xampp\mysql\bin\mysqld.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - c:\xampp\apache\bin\libmysql.dll ()
MOD - c:\xampp\apache\bin\libpq.dll ()
MOD - c:\xampp\apache\bin\libmcrypt.dll ()
MOD - c:\xampp\apache\bin\zlib1.dll ()
MOD - C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll ()
MOD - c:\xampp\apache\bin\pxlib.dll ()
MOD - c:\xampp\apache\bin\pslib.dll ()
MOD - C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MySQL) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (VBoxNetFlt) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIUtil) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (hwdatacard) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) --  File not found
DRV - (BTWUSB) --  File not found
DRV - (btkrnl) --  File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\hssdrv.sys (AnchorFree Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys ()
DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {5C1F887D-DA89-4359-A552-DC8BF60E6A83}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKCU\..\SearchScopes\{27B23211-003D-4A03-945A-FD59DA575B98}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKCU\..\SearchScopes\{5C1F887D-DA89-4359-A552-DC8BF60E6A83}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.yahoo.com/search?fr=chr-ober&type=oberongc&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
FF - prefs.js..network.proxy.http: "66.167.100.59"
FF - prefs.js..network.proxy.http_port: 6649
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.01 22:17:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.13 20:04:30 | 000,000,000 | ---D | M]
 
[2010.01.18 00:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions
[2010.01.18 00:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.03.01 22:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions
[2010.05.02 11:14:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.28 03:27:04 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.01.07 21:04:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.07.20 21:55:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\moveplayer@movenetworks.com
[2011.11.18 10:52:56 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\plugin@yontoo.com
[2011.11.18 10:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions
[2010.03.07 13:48:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.18 10:52:57 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions\plugin@yontoo.com
[2011.11.21 19:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.03 22:22:05 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.02.20 21:09:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2009.10.26 15:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.02.15 10:46:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 10:46:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.15 10:46:42 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 10:46:42 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.21 19:12:32 | 000,001,847 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\privatesearch.xml
[2012.02.15 10:46:42 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 10:46:42 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2009.04.07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Yahooober8105921.gif
[2010.01.09 12:38:59 | 000,000,201 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Yahooober8105921.src
 
O1 HOSTS File: ([2012.03.02 21:04:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Programme\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKServ.exe (Sony Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\IMVU.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\USER\Startmenü\Programme\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61BA53FB-FC07-41E0-9470-179780CD45D0}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.25 08:59:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.03 11:29:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.03.03 11:27:13 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\USER\Desktop\unhide.exe
[2012.03.03 01:44:01 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2012.03.03 01:33:52 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\USER\Desktop\esetsmartinstaller_enu.exe
[2012.03.02 22:06:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Malwarebytes
[2012.03.02 22:05:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.02 22:05:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.02 22:05:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.02 22:05:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.02 21:42:00 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.02 21:26:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.03.02 20:33:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.03.02 20:29:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.03.02 20:29:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.03.02 20:29:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.03.02 20:29:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.03.02 20:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.03.02 20:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.02 20:16:30 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\USER\Recent
[2012.03.02 19:55:37 | 004,424,615 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe
[2012.03.02 19:31:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Startmenü\Programme\System Check
[2012.02.26 16:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\overlib
[2012.02.26 16:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\ndxz
[2012.02.26 16:39:59 | 000,224,798 | ---- | C] (FileZilla Project) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\FileZilla_3.5.3_win32-setup.exe
[2012.02.26 16:26:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\wp themes 2011
[2012.02.02 21:39:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\Neuer Ordner (4)
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.03 12:24:27 | 221,886,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012.03.03 12:03:13 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.03.03 12:03:08 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.03.03 12:03:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.03 12:02:06 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.03 12:01:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.03 11:28:39 | 002,601,140 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012.03.03 11:27:11 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\USER\Desktop\unhide.exe
[2012.03.03 11:26:46 | 001,008,141 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\iExplore.exe
[2012.03.03 10:52:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.03 01:43:58 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2012.03.03 01:33:56 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\USER\Desktop\esetsmartinstaller_enu.exe
[2012.03.02 22:05:53 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.02 21:42:12 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.02 21:04:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.03.02 20:33:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.03.02 19:55:46 | 004,424,615 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe
[2012.03.01 19:47:36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.03.01 19:47:36 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.02.29 22:25:59 | 000,086,528 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.27 21:36:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.02.26 16:40:04 | 000,224,798 | ---- | M] (FileZilla Project) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\FileZilla_3.5.3_win32-setup.exe
[2012.02.15 19:33:57 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.02.05 21:37:36 | 000,313,800 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.02.05 21:33:42 | 005,279,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.05 14:38:43 | 000,043,180 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\FUTURXKC.TTF
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.03 11:26:44 | 001,008,141 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\iExplore.exe
[2012.03.02 22:05:53 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.02 20:45:44 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.03.02 20:45:44 | 000,001,635 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Astroplus (classic Design).lnk
[2012.03.02 20:45:44 | 000,000,630 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Chiron.lnk
[2012.03.02 20:33:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.03.02 20:33:23 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.03.02 20:29:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.03.02 20:29:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.03.02 20:29:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.03.02 20:29:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.03.02 20:29:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.05 14:38:42 | 000,043,180 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\FUTURXKC.TTF
[2012.02.03 17:52:25 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.02.03 17:52:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.12.11 22:10:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\astplus.ini
[2011.12.11 22:07:37 | 000,000,086 | ---- | C] () -- C:\WINDOWS\astagctl.ini
[2011.12.11 22:06:13 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2011.11.18 13:03:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.11.18 10:55:00 | 000,001,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2011.10.08 22:45:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011.08.20 11:04:10 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.01.18 23:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010.11.16 19:19:34 | 002,201,984 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.10.15 18:54:00 | 000,000,515 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Poladroid prefs.plist

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.03.2012 12:32:53 - Run 2
OTL by OldTimer - Version 3.2.35.0     Folder = C:\Dokumente und Einstellungen\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 73,18% Memory free
4,78 Gb Paging File | 4,11 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 293,43 Gb Total Space | 36,69 Gb Free Space | 12,50% Space Free | Partition Type: NTFS
 
Computer Name: USER | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.61
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D35FC6F-BEE0-41B7-8627-0B12FD1586A3}_is1" = Bigasoft iPhone Ringtone Maker 1.8.0.4024
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B36C3DFD-BAB0-4513-BD27-FA4906A738FD}" = HotKey Utility
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB311F54-39D6-4A03-8E18-053D1B2833D7}" = HotKey Utility
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"33B31D6D-7EFB-45A3-AC50-4DAF98042443_is1" = The Book Of Unwritten Tales: Die Vieh Chroniken Version 1.2
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Astrocontact Astroplus Demo_is1" = Astrocontact Astroplus
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"CamStudio" = CamStudio
"Chiron 6 und Cortesi Texte_is1" = Chiron 6 und Cortesi Texte 6.8.185
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DebugBar" = DebugBar v5.4.1 for Internet Explorer (remove only)
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 12.4.0.7094k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.2.4.1
"FLAC" = FLAC 1.2.1b (remove only)
"Flash Designer" = Flash Designer 1.5
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FTP Commander" = FTP Commander
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 2.09
"HTML Colors" = HTML Colors
"ie8" = Windows Internet Explorer 8
"IETester" = IETester v0.4.10 (remove only)
"JAP" = JAP
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ST5UNST #1" = Horoskop
"ST5UNST #2" = Horoskop (C:\Programme\Horoskop\)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Tales of Monkey Island" = Tales of Monkey Island
"Totalcmd" = Total Commander (Remove or Repair)
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.1
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NodeBox" = NodeBox
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 01.03.2012 17:59:18 | Computer Name = USER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes
 Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06.
 
Error - 01.03.2012 17:59:26 | Computer Name = USER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes
 Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06.
 
Error - 01.03.2012 17:59:45 | Computer Name = USER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes
 Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06.
 
Error - 01.03.2012 18:00:07 | Computer Name = USER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes
 Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06.
 
Error - 01.03.2012 18:04:08 | Computer Name = USER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Sims3LauncherW.exe, Version 0.2.0.154, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 02.03.2012 15:17:32 | Computer Name = USER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ovu4jwEAyicwSF.exe, Version 6.0.2028.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.03.2012 06:50:21 | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
 
Error - 03.03.2012 06:50:21 | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 03.03.2012 06:59:09 | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 03.03.2012 06:59:23 | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
[ System Events ]
Error - 02.03.2012 22:13:09 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:14 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:19 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:23 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:28 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:33 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 03.03.2012 06:30:24 | Computer Name = USER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Aavmker4  aswSnx  aswSP  aswTdi  avipbb  avkmgr  DMICall  ElbyCDIO  Fips  intelppm  KLIF  ssmdrv
 
Error - 03.03.2012 06:38:04 | Computer Name = USER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 03.03.2012 06:38:08 | Computer Name = USER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 03.03.2012 07:00:39 | Computer Name = USER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >
         
--- --- ---

Alt 03.03.2012, 12:54   #5
StrgZ
 
ComboFix-Logfile nach "System Check"-Malware - Standard

ComboFix-Logfile nach "System Check"-Malware



so, habe nach einer anleitung aus diesem forum noch folgendes gemacht:
1.) rkill.exe ausführen 2.) unhide.exe ausführen 3.) tdsskiller.exe ausführen

ordner sind auch wieder sichtbar.

Da "System Check" immer noch unter "Start" > "Programme" aufgelistet wird, bin ich mir nicht sicher, ob mein rechner nun sicher ist oder ich mein system neu aufspielen sollte.

hier noch mein OTL-Logfile + Extra:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.03.2012 12:32:53 - Run 2
OTL by OldTimer - Version 3.2.35.0     Folder = C:\Dokumente und Einstellungen\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 73,18% Memory free
4,78 Gb Paging File | 4,11 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 293,43 Gb Total Space | 36,69 Gb Free Space | 12,50% Space Free | Partition Type: NTFS
 
Computer Name: USER | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\HotKey Utility\HKServ.exe (Sony Corporation)
PRC - C:\Programme\Sony\HotKey Utility\HKWnd.exe (Sony Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Alwil Software\Avast5\defs\12030300\algo.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Programme\Lavasoft\Ad-Aware\Viprebridge.dll ()
MOD - C:\Programme\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
MOD - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libidn-11.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libssl32.dll ()
MOD - C:\Programme\Hotspot Shield\bin\libeay32.dll ()
MOD - c:\xampp\mysql\bin\mysqld.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - c:\xampp\apache\bin\libmysql.dll ()
MOD - c:\xampp\apache\bin\libpq.dll ()
MOD - c:\xampp\apache\bin\libmcrypt.dll ()
MOD - c:\xampp\apache\bin\zlib1.dll ()
MOD - C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll ()
MOD - c:\xampp\apache\bin\pxlib.dll ()
MOD - c:\xampp\apache\bin\pslib.dll ()
MOD - C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MySQL) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (VBoxNetFlt) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIUtil) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (hwdatacard) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) --  File not found
DRV - (BTWUSB) --  File not found
DRV - (btkrnl) --  File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\hssdrv.sys (AnchorFree Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys ()
DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {5C1F887D-DA89-4359-A552-DC8BF60E6A83}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKCU\..\SearchScopes\{27B23211-003D-4A03-945A-FD59DA575B98}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKCU\..\SearchScopes\{5C1F887D-DA89-4359-A552-DC8BF60E6A83}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.yahoo.com/search?fr=chr-ober&type=oberongc&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
FF - prefs.js..network.proxy.http: "66.167.100.59"
FF - prefs.js..network.proxy.http_port: 6649
FF - prefs.js..network.proxy.type: 2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.01 22:17:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.13 20:04:30 | 000,000,000 | ---D | M]
 
[2010.01.18 00:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions
[2010.01.18 00:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.03.01 22:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions
[2010.05.02 11:14:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.28 03:27:04 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.01.07 21:04:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.07.20 21:55:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\moveplayer@movenetworks.com
[2011.11.18 10:52:56 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0em2n01w.default\extensions\plugin@yontoo.com
[2011.11.18 10:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions
[2010.03.07 13:48:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.18 10:52:57 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Mozilla\Firefox\Profiles\0k8kstcb.Blank\extensions\plugin@yontoo.com
[2011.11.21 19:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.03 22:22:05 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\0EM2N01W.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.02.20 21:09:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2009.10.26 15:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.02.15 10:46:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 10:46:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.15 10:46:42 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 10:46:42 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.21 19:12:32 | 000,001,847 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\privatesearch.xml
[2012.02.15 10:46:42 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 10:46:42 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2009.04.07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Yahooober8105921.gif
[2010.01.09 12:38:59 | 000,000,201 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Yahooober8105921.src
 
O1 HOSTS File: ([2012.03.02 21:04:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Programme\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Programme\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\prxtbBit2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKServ.exe (Sony Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Dokumente und Einstellungen\USER\Startmenü\Programme\Autostart\IMVU.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\USER\Startmenü\Programme\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61BA53FB-FC07-41E0-9470-179780CD45D0}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.25 08:59:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.03 11:29:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.03.03 11:27:13 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\USER\Desktop\unhide.exe
[2012.03.03 01:44:01 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2012.03.03 01:33:52 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\USER\Desktop\esetsmartinstaller_enu.exe
[2012.03.02 22:06:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Malwarebytes
[2012.03.02 22:05:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.02 22:05:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.02 22:05:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.02 22:05:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.02 21:42:00 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.02 21:26:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.03.02 20:33:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.03.02 20:29:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.03.02 20:29:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.03.02 20:29:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.03.02 20:29:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.03.02 20:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.03.02 20:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.02 20:16:30 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\USER\Recent
[2012.03.02 19:55:37 | 004,424,615 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe
[2012.03.02 19:31:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Startmenü\Programme\System Check
[2012.02.26 16:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\overlib
[2012.02.26 16:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\ndxz
[2012.02.26 16:39:59 | 000,224,798 | ---- | C] (FileZilla Project) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\FileZilla_3.5.3_win32-setup.exe
[2012.02.26 16:26:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\wp themes 2011
[2012.02.02 21:39:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\USER\Desktop\Neuer Ordner (4)
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.03 12:24:27 | 221,886,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012.03.03 12:03:13 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.03.03 12:03:08 | 000,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.03.03 12:03:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.03 12:02:06 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.03 12:01:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.03 11:28:39 | 002,601,140 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012.03.03 11:27:11 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\USER\Desktop\unhide.exe
[2012.03.03 11:26:46 | 001,008,141 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\iExplore.exe
[2012.03.03 10:52:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.03 01:43:58 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\USER\Desktop\OTL.exe
[2012.03.03 01:33:56 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\USER\Desktop\esetsmartinstaller_enu.exe
[2012.03.02 22:05:53 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.02 21:42:12 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\USER\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.02 21:04:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.03.02 20:33:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.03.02 19:55:46 | 004,424,615 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\USER\Desktop\ComboFix.exe
[2012.03.01 19:47:36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.03.01 19:47:36 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.02.29 22:25:59 | 000,086,528 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.27 21:36:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.02.26 16:40:04 | 000,224,798 | ---- | M] (FileZilla Project) -- C:\Dokumente und Einstellungen\USER\Eigene Dateien\FileZilla_3.5.3_win32-setup.exe
[2012.02.15 19:33:57 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.02.05 21:37:36 | 000,313,800 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.02.05 21:33:42 | 005,279,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.05 14:38:43 | 000,043,180 | ---- | M] () -- C:\Dokumente und Einstellungen\USER\Desktop\FUTURXKC.TTF
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.03 11:26:44 | 001,008,141 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\iExplore.exe
[2012.03.02 22:05:53 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.02 20:45:44 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.03.02 20:45:44 | 000,001,635 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Astroplus (classic Design).lnk
[2012.03.02 20:45:44 | 000,000,630 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Chiron.lnk
[2012.03.02 20:33:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.03.02 20:33:23 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.03.02 20:29:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.03.02 20:29:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.03.02 20:29:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.03.02 20:29:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.03.02 20:29:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.05 14:38:42 | 000,043,180 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Desktop\FUTURXKC.TTF
[2012.02.03 17:52:25 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.02.03 17:52:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.12.11 22:10:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\astplus.ini
[2011.12.11 22:07:37 | 000,000,086 | ---- | C] () -- C:\WINDOWS\astagctl.ini
[2011.12.11 22:06:13 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2011.11.18 13:03:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.11.18 10:55:00 | 000,001,492 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2011.10.08 22:45:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011.08.20 11:04:10 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.01.18 23:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010.11.16 19:19:34 | 002,201,984 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.10.15 18:54:00 | 000,000,515 | ---- | C] () -- C:\Dokumente und Einstellungen\USER\Anwendungsdaten\Poladroid prefs.plist

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.03.2012 12:32:53 - Run 2
OTL by OldTimer - Version 3.2.35.0     Folder = C:\Dokumente und Einstellungen\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 73,18% Memory free
4,78 Gb Paging File | 4,11 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 293,43 Gb Total Space | 36,69 Gb Free Space | 12,50% Space Free | Partition Type: NTFS
 
Computer Name: USER | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.61
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D35FC6F-BEE0-41B7-8627-0B12FD1586A3}_is1" = Bigasoft iPhone Ringtone Maker 1.8.0.4024
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B36C3DFD-BAB0-4513-BD27-FA4906A738FD}" = HotKey Utility
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB311F54-39D6-4A03-8E18-053D1B2833D7}" = HotKey Utility
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"33B31D6D-7EFB-45A3-AC50-4DAF98042443_is1" = The Book Of Unwritten Tales: Die Vieh Chroniken Version 1.2
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Astrocontact Astroplus Demo_is1" = Astrocontact Astroplus
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"CamStudio" = CamStudio
"Chiron 6 und Cortesi Texte_is1" = Chiron 6 und Cortesi Texte 6.8.185
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DebugBar" = DebugBar v5.4.1 for Internet Explorer (remove only)
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 12.4.0.7094k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.2.4.1
"FLAC" = FLAC 1.2.1b (remove only)
"Flash Designer" = Flash Designer 1.5
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FTP Commander" = FTP Commander
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 2.09
"HTML Colors" = HTML Colors
"ie8" = Windows Internet Explorer 8
"IETester" = IETester v0.4.10 (remove only)
"JAP" = JAP
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ST5UNST #1" = Horoskop
"ST5UNST #2" = Horoskop (C:\Programme\Horoskop\)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Tales of Monkey Island" = Tales of Monkey Island
"Totalcmd" = Total Commander (Remove or Repair)
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.1
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NodeBox" = NodeBox
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:13 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:14 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
Error - 08.12.2010 19:29:15 | Computer Name = USER | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 01.03.2012 17:59:18 | Computer Name = USER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes
 Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06.
 
Error - 01.03.2012 17:59:26 | Computer Name = USER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes
 Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06.
 
Error - 01.03.2012 17:59:45 | Computer Name = USER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes
 Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06.
 
Error - 01.03.2012 18:00:07 | Computer Name = USER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3w.exe, Version 0.1.0.1266, fehlgeschlagenes
 Modul ts3w.exe, Version 0.1.0.1266, Fehleradresse 0x0018ae06.
 
Error - 01.03.2012 18:04:08 | Computer Name = USER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Sims3LauncherW.exe, Version 0.2.0.154, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 02.03.2012 15:17:32 | Computer Name = USER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Ovu4jwEAyicwSF.exe, Version 6.0.2028.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.03.2012 06:50:21 | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
 
Error - 03.03.2012 06:50:21 | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 03.03.2012 06:59:09 | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 03.03.2012 06:59:23 | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
[ System Events ]
Error - 02.03.2012 22:13:09 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:14 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:19 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:23 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:28 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 02.03.2012 22:13:33 | Computer Name = USER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
 
Error - 03.03.2012 06:30:24 | Computer Name = USER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Aavmker4  aswSnx  aswSP  aswTdi  avipbb  avkmgr  DMICall  ElbyCDIO  Fips  intelppm  KLIF  ssmdrv
 
Error - 03.03.2012 06:38:04 | Computer Name = USER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 03.03.2012 06:38:08 | Computer Name = USER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 03.03.2012 07:00:39 | Computer Name = USER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >
         
--- --- ---


Alt 03.03.2012, 21:07   #6
StrgZ
 
ComboFix-Logfile nach "System Check"-Malware - Standard

ComboFix-Logfile nach "System Check"-Malware



Also mir wurde bereits woanders geholfen. Werde meinen Rechner platt machen.

"Also eine vollständige Säuberung ist technisch gesehen nicht möglich, weil sie (sowohl die 3 AV-Scanner als auch die bösartige Malware) sehr tief strukturell im System verankert sind! "

Antwort

Themen zu ComboFix-Logfile nach "System Check"-Malware
ad-aware, antivirus, avgnt, avira, bonjour, buzzdock, cdburnerxp, combofix, desktop, firefox, google, helper, hotspot, hotspot shield, hängen, internet, internet explorer, logfile, logfile combofix system check malware, malware, mozilla, scan, security, server, software, svchost, system, tarma, tcp, trojan, virtualbox, windows, windows xp, yontoo



Ähnliche Themen: ComboFix-Logfile nach "System Check"-Malware


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Windows 8, "Speed Check" Malware-Befall
    Log-Analyse und Auswertung - 28.10.2014 (7)
  3. Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (32)
  4. Trojaner "System Check" deinstalliert - System sauber?
    Log-Analyse und Auswertung - 11.04.2012 (23)
  5. "System Check" - Virus, wie werde ich ihn wieder los
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (23)
  6. "System Check" auch hier
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (13)
  7. "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?
    Log-Analyse und Auswertung - 27.03.2012 (34)
  8. "System Check" eingefangen und lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (15)
  9. System Check - "Windows - Delayed Write Failed", schwarzer Bildschirm, Datenverlust?
    Log-Analyse und Auswertung - 26.03.2012 (12)
  10. Problem mit "System Check" Critical error
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (9)
  11. Trojaner "System Check" - letzte Schritte?
    Log-Analyse und Auswertung - 12.03.2012 (23)
  12. Infiziert mit "System Check" - System wieder in Ordnung?
    Log-Analyse und Auswertung - 01.03.2012 (24)
  13. Virus "System-Check" hat mich erwischt
    Log-Analyse und Auswertung - 06.02.2012 (11)
  14. Nicht sicher, ob PC nach "System Fix" Entfernung wieder "sauber"
    Log-Analyse und Auswertung - 07.01.2012 (18)
  15. hohe load durch prozess "system" und "explorer.exe" verbindet alleine nach russland
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (10)
  16. Logfile - nach Versuch von "twgg.org" meinen Computer zu "reinigen"
    Log-Analyse und Auswertung - 28.05.2010 (5)
  17. logfile check - insbesondere "myway/mybar"
    Log-Analyse und Auswertung - 05.03.2008 (0)

Zum Thema ComboFix-Logfile nach "System Check"-Malware - Hallo zusammen, habe mir heute leider malware eingefangen, "System Check" (hier Beschreibung, weiß nicht wie seriös sie ist: trojan-killer.net/de/tag/system-check-virus-removal/). Habe dann ComboFix durchlaufen lassen (unter Berücksichtigung dieser Anleitung: bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird#restore). Die - ComboFix-Logfile nach "System Check"-Malware...
Archiv
Du betrachtest: ComboFix-Logfile nach "System Check"-Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.