Antimalware Doctor kommt immer wieder!

IceCrygel · 10.06.2010, 14:10

Hallo zusammen,
ich habe mir ebenfalls den Antimalware Doctor eingefangen und schon viel versucht um diesen zu entfernen (unter anderem die Entfernungs-Anleitung auf dieser Seite) .. Ich habe zudem drei Vollscans mit Malwarebytes Anti-Malware gemacht, leider kommt er bei jedem Neustart wieder.. Was kann ich tun?
Vielen Dank für eure Hilfe!

markusg · 10.06.2010, 14:11

ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "run Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide.
und poste das Malwarebytes log, zu finden unter malwarebytes, logdateien.

IceCrygel · 10.06.2010, 15:00

OTL.Txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.06.2010 15:40:31 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Dokumente und Einstellungen\mr\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 457,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,14 Gb Total Space | 30,82 Gb Free Space | 41,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PHILIPPMOBIL
Current User Name: mr
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\mr\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\mr\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3697.dll ()
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aec) -- C:\WINDOWS\system32\drivers\aec.sys ()
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (R592) -- C:\WINDOWS\system32\DRIVERS\R592.sys (REDC)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1004\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7BC4DC8B-80A9-4eae-A4DA-3509E88733C8}:2.0.0.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.17 22:48:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.17 22:48:31 | 000,000,000 | ---D | M]
 
[2010.05.17 22:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Mozilla\Extensions
[2009.03.18 12:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.06.09 20:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Mozilla\Firefox\Profiles\5f7aohup.default\extensions
[2010.05.18 00:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Mozilla\Firefox\Profiles\5f7aohup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.08 21:24:42 | 000,000,000 | ---D | M] (FocusedPFF Module) -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Mozilla\Firefox\Profiles\5f7aohup.default\extensions\{7BC4DC8B-80A9-4eae-A4DA-3509E88733C8}
[2010.05.17 22:48:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBHOBJObj Object) - {8A406068-D45C-40B9-A096-38AC717FB608} - C:\WINDOWS\BHOBJ.dll ()
O3 - HKU\S-1-5-21-606747145-1715567821-725345543-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-606747145-1715567821-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-606747145-1715567821-725345543-1004..\Run: [setupupdater0000.exe] C:\Dokumente und Einstellungen\mr\Anwendungsdaten\F37E69D45867F5F1DFFDE4DDC6CF3D65\setupupdater0000.exe (MS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1715567821-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} hxxp://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\msxurl32.exe) - C:\WINDOWS\system32\msxurl32.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: UpdateCheck - {EEC5656B-20CC-4127-ACCC-A86FFA7A9F22} - C:\WINDOWS\system32\mstmdm.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\mr\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\mr\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.09 11:54:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0010ee3d-d375-11de-bdb5-0012f0dde915}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{0010ee3d-d375-11de-bdb5-0012f0dde915}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{15aaef68-54e0-11de-bb9e-0000f07ad2c2}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{15aaef68-54e0-11de-bb9e-0000f07ad2c2}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{21046a54-64fe-11df-bfe9-0000f07ad2c2}\Shell - "" = AutoRun
O33 - MountPoints2\{21046a54-64fe-11df-bfe9-0000f07ad2c2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21046a54-64fe-11df-bfe9-0000f07ad2c2}\Shell\AutoRun\command - "" = F:\StarUSB.exe -- File not found
O33 - MountPoints2\{21046a55-64fe-11df-bfe9-0000f07ad2c2}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{21046a55-64fe-11df-bfe9-0000f07ad2c2}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{48665f26-a836-11de-bcf9-0000f07ad2c2}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{48665f26-a836-11de-bcf9-0000f07ad2c2}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{7e2dd3ec-6fc0-11da-aad0-0000f07ad2c2}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{7e2dd3ec-6fc0-11da-aad0-0000f07ad2c2}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{b7d9038c-b8ed-11de-bd3d-0012f0dde915}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{b7d9038c-b8ed-11de-bd3d-0012f0dde915}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{bd5d52fc-4f2c-11dc-b24b-0000f07ad2c2}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{bd5d52fc-4f2c-11dc-b24b-0000f07ad2c2}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{db46a7fa-5447-11df-bf8d-0000f07ad2c2}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{db46a7fa-5447-11df-bf8d-0000f07ad2c2}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{dcee055e-6b35-11de-bc01-0000f07ad2c2}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{dcee055e-6b35-11de-bc01-0000f07ad2c2}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{faca8c6a-850b-11de-bc96-0000f07ad2c2}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{faca8c6a-850b-11de-bc96-0000f07ad2c2}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005.10.09 11:53:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: SSHNAS -  File not found
 
MsConfig - Services: "SoundMAX Agent Service (default)"
MsConfig - Services: "ServiceLayer"
MsConfig - Services: "Samsung Update Plus"
MsConfig - Services: "ose"
MsConfig - Services: "MDM"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Last.fm Helper.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^mr^Startmenü^Programme^Autostart^Last.fm Helper.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^mr^Startmenü^Programme^Autostart^Stardock ObjectDock.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: ICQ Lite - hkey= - key= - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
MsConfig - StartUpReg: MagicKeyboard - hkey= - key= - C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: Nokia.PCSync - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: updateMgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69256455022182400)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.10 12:52:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.06.09 20:06:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mr\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2010.06.09 19:52:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.06.09 19:17:21 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\mr\Recent
[2010.06.09 14:22:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.09 14:22:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.06.09 14:19:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Malwarebytes
[2010.06.09 14:18:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.09 14:18:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.09 14:18:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.09 14:18:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.08 21:24:54 | 000,000,000 | ---D | C] -- C:\Programme\$NtUninstallWTF1012$
[2010.06.08 21:24:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mr\Lokale Einstellungen\Anwendungsdaten\FocusedPrediction
[2010.06.08 21:22:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\F37E69D45867F5F1DFFDE4DDC6CF3D65
[2010.06.04 19:34:29 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010.06.04 19:34:28 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010.06.04 19:34:28 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010.06.04 19:34:21 | 000,000,000 | ---D | C] -- C:\Programme\K-Lite Codec Pack
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.10 15:44:14 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys
[2010.06.10 12:55:38 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{426361F3-ABFC-494A-80B3-823D36A03FB9}.job
[2010.06.10 12:54:25 | 001,339,259 | ---- | M] () -- C:\WINDOWS\System32\mswmpdat.tlb
[2010.06.10 12:51:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.10 12:51:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.10 00:10:56 | 004,980,736 | ---- | M] () -- C:\Dokumente und Einstellungen\mr\NTUSER.DAT
[2010.06.10 00:10:56 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\mr\ntuser.ini
[2010.06.09 23:04:15 | 000,000,583 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2010.06.09 19:23:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.09 19:21:25 | 000,001,940 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010.06.09 14:18:50 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.08 21:25:05 | 000,050,981 | ---- | M] () -- C:\WINDOWS\System32\gqtgdojqucfujadry.exe
[2010.06.05 17:11:21 | 000,002,381 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.06.04 15:21:31 | 000,001,475 | ---- | M] () -- C:\Dokumente und Einstellungen\mr\Desktop\DivX Movies.lnk
[2010.06.04 15:21:08 | 000,000,757 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk
[2010.06.04 15:20:38 | 000,000,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Converter.lnk
[2010.06.02 10:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.06.02 10:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010.05.31 19:48:13 | 000,024,064 | ---- | M] () -- C:\Dokumente und Einstellungen\mr\Eigene Dateien\Erasmus fragebogen.doc
[2010.05.27 13:57:10 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\mrmftrsqoumpcakq.dll
[2010.05.25 07:37:48 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\yshpzjpe.dll
[2010.05.21 19:34:29 | 000,009,474 | ---- | M] () -- C:\WINDOWS\System32\winview.ocx
[2010.05.17 22:48:35 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.05.17 22:04:08 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\mr\Eigene Dateien\Kündigung1.doc
[2010.05.17 20:39:45 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\mr\Eigene Dateien\kochen.doc
[2010.05.17 17:16:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.14 16:57:49 | 000,167,424 | ---- | M] () -- C:\Dokumente und Einstellungen\mr\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.11 21:07:49 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.09 14:18:50 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.09 14:06:57 | 000,001,940 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010.06.08 21:25:05 | 000,050,981 | ---- | C] () -- C:\WINDOWS\System32\gqtgdojqucfujadry.exe
[2010.06.04 19:34:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.06.04 19:34:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.06.04 19:34:29 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010.06.04 19:34:27 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.06.04 19:34:27 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.06.04 19:34:27 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.06.04 19:34:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.06.04 15:21:08 | 000,000,757 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk
[2010.05.31 19:48:13 | 000,024,064 | ---- | C] () -- C:\Dokumente und Einstellungen\mr\Eigene Dateien\Erasmus fragebogen.doc
[2010.05.27 13:57:10 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\mrmftrsqoumpcakq.dll
[2010.05.25 07:37:48 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\yshpzjpe.dll
[2010.05.17 22:48:35 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.05.17 22:21:59 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Converter.lnk
[2010.05.17 20:39:44 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\mr\Eigene Dateien\kochen.doc
[2009.09.19 13:58:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2008.12.26 14:56:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.04.17 09:22:21 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008.03.04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007.12.01 16:09:17 | 000,000,067 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.10.31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007.05.17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006.11.07 00:49:36 | 000,000,302 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006.09.09 16:28:01 | 000,000,158 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.05.17 14:29:09 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006.05.17 14:29:09 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006.05.17 14:29:09 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006.05.17 14:29:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2006.05.17 14:29:03 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006.05.17 14:29:03 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006.05.17 14:29:02 | 000,009,013 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2006.05.17 14:28:38 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006.04.13 22:58:49 | 000,000,052 | ---- | C] () -- C:\WINDOWS\pex.INI
[2006.03.11 18:30:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.03.09 19:41:50 | 000,000,583 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005.12.02 01:37:48 | 000,135,168 | ---- | C] () -- C:\WINDOWS\BHOBJ.dll
[2005.11.21 11:17:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005.11.19 23:09:30 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.10.09 12:11:43 | 000,002,243 | ---- | C] () -- C:\WINDOWS\System32\mr_KBD.ini
[2005.10.09 12:11:43 | 000,002,237 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2005.10.09 12:11:41 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2005.10.09 12:11:41 | 000,002,700 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2005.10.09 12:11:41 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2005.10.09 12:11:41 | 000,002,554 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2005.10.09 12:11:41 | 000,002,461 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2005.10.09 12:11:41 | 000,002,237 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2005.10.09 12:11:41 | 000,001,886 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2005.10.09 12:11:41 | 000,001,820 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2005.10.09 12:11:41 | 000,001,811 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2005.10.09 12:11:41 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2005.10.09 12:11:41 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2005.10.09 12:11:41 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2005.10.09 12:11:41 | 000,001,332 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2005.10.09 12:09:21 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2005.10.09 12:07:31 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys
[2005.10.09 12:07:31 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys.bak
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.04.11 20:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
 
========== LOP Check ==========
 
[2008.07.05 16:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008.10.06 19:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2008.03.26 13:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.06.09 20:08:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006.03.09 19:39:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2009.10.15 12:45:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.06.05 11:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\BitTorrent
[2010.06.08 21:22:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\F37E69D45867F5F1DFFDE4DDC6CF3D65
[2008.07.05 16:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\ICQ
[2006.03.06 21:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\ICQLite
[2008.02.25 14:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Leadertech
[2009.10.16 13:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Mobipocket
[2007.04.27 17:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\MusicIP
[2008.03.26 13:31:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Nokia
[2008.10.06 18:54:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\PC Suite
[2009.05.22 12:45:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Tinn-R
[2007.04.12 19:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Ulead Systems
[2010.06.10 12:55:38 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{426361F3-ABFC-494A-80B3-823D36A03FB9}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2005.12.23 16:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Samsung
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.02.24 13:29:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Adobe
[2007.03.01 13:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\AdobeUM
[2009.10.15 13:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Apple Computer
[2010.06.05 11:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\BitTorrent
[2006.05.22 13:23:10 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Brother
[2010.05.17 22:22:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\DivX
[2010.01.14 01:02:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\dvdcss
[2010.06.08 21:22:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\F37E69D45867F5F1DFFDE4DDC6CF3D65
[2009.10.27 18:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Google
[2006.03.09 19:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Help
[2008.07.05 16:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\ICQ
[2006.03.06 21:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\ICQLite
[2005.10.09 12:00:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Identities
[2006.09.09 15:52:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Lavasoft
[2008.02.25 14:43:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Leadertech
[2005.12.26 13:13:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Macromedia
[2010.06.09 14:19:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Malwarebytes
[2010.01.14 23:16:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Microsoft
[2009.10.16 13:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Mobipocket
[2009.03.18 12:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Mozilla
[2007.04.27 17:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\MusicIP
[2008.03.26 13:31:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Nokia
[2008.10.06 18:54:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\PC Suite
[2008.10.18 23:00:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Real
[2010.06.05 17:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Skype
[2010.06.05 17:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\skypePM
[2007.03.23 13:53:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Sun
[2006.09.09 16:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Talkback
[2009.05.22 12:45:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Tinn-R
[2008.02.05 18:47:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\TVU networks
[2009.10.15 20:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\U3
[2007.04.12 19:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Ulead Systems
[2007.03.06 22:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\vlc
[2007.06.17 14:15:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2007.03.01 13:03:38 | 023,813,608 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe
[2010.06.08 21:22:15 | 001,066,496 | ---- | M] (MS) -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\F37E69D45867F5F1DFFDE4DDC6CF3D65\setupupdater0000.exe
[2009.06.02 14:10:57 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.09.19 13:58:53 | 000,007,406 | R--- | M] () -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Microsoft\Installer\{20370E2E-E19B-4D8D-A6D4-81C1D268F6EA}\_3b251e1f.exe
[2009.09.19 13:58:53 | 000,007,406 | R--- | M] () -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Microsoft\Installer\{20370E2E-E19B-4D8D-A6D4-81C1D268F6EA}\_45091238.exe
[2009.09.19 13:58:53 | 000,007,406 | R--- | M] () -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\Microsoft\Installer\{20370E2E-E19B-4D8D-A6D4-81C1D268F6EA}\_7a5a767d.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
[2005.10.31 17:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.23 13:57:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.10.23 13:57:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.23 13:57:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.23 13:57:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.10 15:48:40 | 000,823,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\aec.sys
 
< %systemroot%\System32\config\*.sav >
[2005.10.09 13:41:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.10.09 13:41:29 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.10.09 13:41:29 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >

--- --- ---

IceCrygel · 10.06.2010, 15:07

Code:

ATTFilter

 
OTL Extras logfile created on: 10.06.2010 15:40:32 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Dokumente und Einstellungen\mr\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 457,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,14 Gb Total Space | 30,82 Gb Free Space | 41,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PHILIPPMOBIL
Current User Name: mr
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
"47963:TCP" = 47963:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Spiele\Warcraft III\war3.exe" = C:\Programme\Spiele\Warcraft III\war3.exe:*:Enabled:war3.exe -- (HeLLkiLLeR)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Programme\czero\czero.exe" = C:\Programme\czero\czero.exe:*:Enabled:Condition Zero Launcher -- File not found
"C:\Programme\Spiele\Starcraft\starcraft.exe" = C:\Programme\Spiele\Starcraft\starcraft.exe:*:Enabled:Starcraft -- File not found
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Programme\Morpheus\Morpheus.exe" = C:\Programme\Morpheus\Morpheus.exe:*:Enabled:M5Shell -- File not found
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Programme\Spiele\UT2004\System\UT2004.exe" = C:\Programme\Spiele\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- File not found
"C:\Programme\PPLive\PPLive.exe" = C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive -- File not found
"C:\Programme\Last.fm\LastFM.exe" = C:\Programme\Last.fm\LastFM.exe:*:Enabled:LastFM -- File not found
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component -- File not found
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{20370E2E-E19B-4D8D-A6D4-81C1D268F6EA}" = Mobipocket Reader 5.2
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{403F6D5C-E051-486C-ADA9-58B1333547B8}" = Brother HL-2030
"{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"{5A739D61-489F-42DA-8619-C600C68BFDAA}" = WinDiag
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{75AECBC5-B17D-424B-B847-D7B72B6CB97C}" = Internet Access
"{77F09242-A107-4CB6-A295-D8656C2C3795}" = Samsung USB Driver (MCCI 4.24)
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}" = Ulead Photo Explorer 7.0 SE Platinum
"{7FF00365-0D54-48DF-B494-F7852EA41FCD}" = MultiMemoryCardDriver
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{920D671E-0BE1-4510-AAA0-B5898E7B6E2E}" = Samsung Network Manager
"{9A174DB5-0B95-46B1-A787-341DF14AB2D5}" = Samsung Smart Screen
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = PC Studio for SGH-Z500V
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"2DA959FE3D6F0F5BC313481E72071D510DD786FB" = Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows-Treiberpaket - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows-Treiberpaket - Nokia Modem (08/03/2007 6.84.0.2)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"Akamai" = Akamai NetSession Interface
"Ashampoo WinOptimizer 4 FREE_is1" = Ashampoo WinOptimizer 4 FREE
"BitTorrent" = BitTorrent
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1)
"EA92D36B2621B412A14375F1D39FCB7FBC2C84D4" = Windows Driver Package - Intel (NETw5x32) net (11/17/2008 12.2.0.11)
"ICQLite" = ICQ 5.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{77F09242-A107-4CB6-A295-D8656C2C3795}" = Samsung USB Driver (MCCI 4.24)
"InstallShield_{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = PC Studio
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Full)
"LimeWire" = LimeWire 5.5.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PrimoPDF4.0.1" = PrimoPDF
"ProInst" = Intel(R) PROSet/Wireless Software
"R for Windows 2.9.0_is1" = R for Windows 2.9.0
"RealPlayer 6.0" = RealPlayer
"RegCompact.NET" = RegCompact.NET 1.8
"SequoiaView" = SequoiaView
"SopCast" = SopCast 3.2.9
"Tinn-R_is1" = Tinn-R 1.17.2.4
"Trillian" = Trillian
"TV Player" = Veetle TV Player 0.9.11
"Veetle TV Player" = Veetle TV Player 0.9.11
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-606747145-1715567821-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"Warcraft III" = Warcraft III: All Products

Malwarebytes Report (es fehlen bei der Extras-Datei die 10 Last Event Log Errors, die lassen sich irgendwie nicht posten):

Code:

ATTFilter

Datenbank Version: 4183
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
09.06.2010 19:16:03
mbam-log-2010-06-09 (19-16-03).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 193834
Laufzeit: 59 Minute(n), 17 Sekunde(n)
 
Infizierte Speicherprozesse: 5
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11
 
Infizierte Speicherprozesse:
C:\WINDOWS\services.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\services.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\services.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\services.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\services.exe (Trojan.Dropper) -> Unloaded process successfully.
 
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
 
Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
 
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
C:\WINDOWS\services.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\mr\Lokale Einstellungen\Temp\~TM152.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\mr\Lokale Einstellungen\Temp\~TM158.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\mr\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EZUXR1YA\loadx1[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv021276089128.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\mr\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Dokumente und Einstellungen\mr\Lokale Einstellungen\Temp\0.5249748708412049.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

markusg · 10.06.2010, 15:32

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
[2010.06.10 15:44:14 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys
O4 - HKU\S-1-5-21-606747145-1715567821-725345543-1004..\Run: [setupupdater0000.exe] C:\Dokumente und Einstellungen\mr\Anwendungsdaten\F37E69D45867F5F1DFFDE4DDC6CF3D65\setupupdater0000.exe
(MS)
[2010.06.08 21:22:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mr\Anwendungsdaten\F37E69D45867F5F1DFFDE4DDC6CF3D65
[2010.06.08 21:25:05 | 000,050,981 | ---- | M] () -- C:\WINDOWS\System32\gqtgdojqucfujadry.exe
[2010.05.27 13:57:10 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\mrmftrsqoumpcakq.dll
[2010.05.25 07:37:48 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\yshpzjpe.dll
[2010.06.10 15:48:40 | 000,823,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\aec.sys
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

FC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[start explorer]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

IceCrygel · 10.06.2010, 16:05

All processes killed
========== OTL ==========
File move failed. C:\WINDOWS\system32\drivers\aec.sys scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-606747145-1715567821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\setupupdater0000.exe deleted successfully.
C:\Dokumente und Einstellungen\mr\Anwendungsdaten\F37E69D45867F5F1DFFDE4DDC6CF3D65\setupupdater0000.exe moved successfully.
C:\Dokumente und Einstellungen\mr\Anwendungsdaten\F37E69D45867F5F1DFFDE4DDC6CF3D65 folder moved successfully.
C:\WINDOWS\system32\gqtgdojqucfujadry.exe moved successfully.
C:\WINDOWS\system32\mrmftrsqoumpcakq.dll moved successfully.
C:\WINDOWS\system32\yshpzjpe.dll moved successfully.
File move failed. C:\WINDOWS\system32\drivers\aec.sys scheduled to be moved on reboot.
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2 .
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: mr
->Flash cache emptied: 1920706 bytes

User: NetworkService
->Flash cache emptied: 869 bytes

Total Flash Files Cleaned = 2,00 mb

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1094488 bytes

User: mr
->Temp folder emptied: 233328910 bytes
->Temporary Internet Files folder emptied: 77150991 bytes
->Java cache emptied: 21884 bytes
->FireFox cache emptied: 87972810 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5485565 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114764 bytes
%systemroot%\System32 .tmp files removed: 22360967 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2706994 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 412,00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06102010_165530

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\aec.sys scheduled to be moved on reboot.
C:\WINDOWS\temp\flaA9.tmp moved successfully.
C:\WINDOWS\temp\flaAA.tmp moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_13c.dat not found!

Registry entries deleted on Reboot...

markusg · 10.06.2010, 16:20

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

IceCrygel · 10.06.2010, 17:32

Der Antimalware Doctor kam beim letzten Start des Computers nicht mehr.. Soll ich dennoch eine ComboFix-Log erstellen?

markusg · 10.06.2010, 17:47

ja sicher.

IceCrygel · 10.06.2010, 20:37

Hier der combifox-log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-06-09.04 - mr 10.06.2010  21:19:32.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1014.706 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\mr\Eigene Dateien\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\BHOBj.dll
c:\windows\SEC
c:\windows\SEC\CLEANUPFOLDER.INI
c:\windows\SEC\CONFIGSYS.EXE
c:\windows\SEC\INSTALL.EXE
c:\windows\SEC\INSTALL.INI
c:\windows\SEC\JRE150.EXE
c:\windows\SEC\MP10GER.EXE
c:\windows\system32\mstmdm.dll
c:\windows\system32\mswmpdat.tlb
c:\windows\system32\winview.ocx

Infizierte Kopie von c:\windows\system32\drivers\cdrom.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
c:\windows\system32\grpconv.exe fehlte 
Kopie von - c:\windows\ServicePackFiles\i386\grpconv.exe wurde wiederhergestellt

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_SSHNAS
-------\Service_Iprip


(((((((((((((((((((((((   Dateien erstellt von 2010-05-10 bis 2010-06-10  ))))))))))))))))))))))))))))))
.

2010-06-10 19:29 . 2010-06-10 19:29	--------	d-----w-	c:\windows\LastGood
2010-06-10 19:25 . 2008-04-14 02:22	39424	-c--a-w-	c:\windows\system32\dllcache\grpconv.exe
2010-06-10 19:25 . 2008-04-14 02:22	39424	----a-w-	c:\windows\system32\grpconv.exe
2010-06-10 14:55 . 2010-06-10 14:55	--------	d-----w-	C:\_OTL
2010-06-09 18:06 . 2010-06-09 18:06	--------	d-----w-	c:\dokumente und einstellungen\mr\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-06-09 17:52 . 2010-06-09 18:08	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-06-09 16:26 . 2010-06-09 16:26	--------	d-----r-	c:\dokumente und einstellungen\NetworkService\Favoriten
2010-06-09 12:19 . 2010-06-09 12:19	--------	d-----w-	c:\dokumente und einstellungen\mr\Anwendungsdaten\Malwarebytes
2010-06-09 12:18 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 12:18 . 2010-06-09 12:18	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-06-09 12:18 . 2010-06-09 12:18	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-09 12:18 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-08 19:24 . 2010-06-08 19:24	--------	d-----w-	c:\programme\$NtUninstallWTF1012$
2010-06-08 19:24 . 2010-06-09 13:12	--------	d-----w-	c:\dokumente und einstellungen\mr\Lokale Einstellungen\Anwendungsdaten\FocusedPrediction
2010-06-04 17:34 . 2010-03-15 09:31	165376	----a-w-	c:\windows\system32\unrar.dll
2010-06-04 17:34 . 2004-01-25 16:18	217088	----a-w-	c:\windows\system32\yv12vfw.dll
2010-06-04 17:34 . 2010-06-02 08:00	108032	----a-w-	c:\windows\system32\ff_vfw.dll
2010-06-04 17:34 . 2009-05-29 21:37	205824	----a-w-	c:\windows\system32\xvidvfw.dll
2010-06-04 17:34 . 2009-05-29 21:31	881664	----a-w-	c:\windows\system32\xvidcore.dll
2010-06-04 17:34 . 2010-06-04 17:35	--------	d-----w-	c:\programme\K-Lite Codec Pack

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 19:32 . 2005-10-09 10:07	823808	----a-w-	c:\windows\system32\drivers\aec.sys
2010-06-10 19:28 . 2010-01-25 11:31	--------	d-----w-	c:\programme\Gemeinsame Dateien\Akamai
2010-06-08 19:24 . 2010-06-08 19:24	32768	----a-w-	c:\dokumente und einstellungen\mr\Anwendungsdaten\Mozilla\Firefox\Profiles\5f7aohup.default\extensions\{7BC4DC8B-80A9-4eae-A4DA-3509E88733C8}\components\FocusedPFF.dll
2010-06-05 15:17 . 2008-12-02 16:02	--------	d-----w-	c:\dokumente und einstellungen\mr\Anwendungsdaten\Skype
2010-06-05 15:11 . 2008-12-02 16:04	--------	d-----w-	c:\dokumente und einstellungen\mr\Anwendungsdaten\skypePM
2010-06-05 09:52 . 2010-04-29 15:30	--------	d-----w-	c:\dokumente und einstellungen\mr\Anwendungsdaten\BitTorrent
2010-06-04 17:28 . 2010-05-04 21:07	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
2010-06-04 13:23 . 2010-05-17 20:32	57344	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-04 13:21 . 2010-06-04 13:21	56765	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-04 13:21 . 2010-01-31 20:10	--------	d-----w-	c:\programme\Gemeinsame Dateien\DivX Shared
2010-06-04 13:21 . 2008-12-25 10:25	--------	d-----w-	c:\programme\DivX
2010-06-04 13:21 . 2010-06-04 13:21	56997	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe
2010-06-04 13:21 . 2010-06-04 13:21	53600	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe
2010-06-04 13:21 . 2010-06-04 13:21	57715	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe
2010-06-04 13:20 . 2010-06-04 13:20	54153	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe
2010-06-04 13:20 . 2010-06-04 13:20	54128	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Converter\Uninstaller.exe
2010-06-04 13:20 . 2010-06-04 13:20	54644	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 13:20 . 2010-06-04 13:20	54101	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-04 13:18 . 2010-05-17 20:23	1062184	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll
2010-06-04 13:18 . 2010-05-17 20:23	895256	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe
2010-05-17 20:22 . 2009-03-15 21:01	--------	d-----w-	c:\dokumente und einstellungen\mr\Anwendungsdaten\DivX
2010-05-17 20:22 . 2010-05-17 20:22	84040	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TransferWizard\Uninstaller.exe
2010-05-17 20:22 . 2010-05-17 20:22	57054	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-17 20:22 . 2010-05-17 20:22	54166	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-17 20:22 . 2010-05-17 20:22	57532	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSASPDecoder\Uninstaller.exe
2010-05-17 20:22 . 2010-05-17 20:22	56458	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-17 20:22 . 2010-05-17 20:22	54174	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAACDecoder\Uninstaller.exe
2010-05-17 20:21 . 2010-05-17 20:21	57409	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ControlPanel\Uninstaller.exe
2010-05-17 20:21 . 2010-05-17 20:21	52963	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-17 20:21 . 2010-05-17 20:21	54073	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Qt4.5\Uninstaller.exe
2010-05-17 20:21 . 2010-05-17 20:21	56969	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ASPEncoder\Uninstaller.exe
2010-04-29 15:29 . 2010-04-29 15:29	--------	d-----w-	c:\programme\BitTorrent
2010-04-24 17:41 . 2010-04-24 17:41	--------	d-----w-	c:\programme\SopCast
2010-04-10 21:07 . 2004-08-04 12:00	86604	----a-w-	c:\windows\system32\perfc007.dat
2010-04-10 21:07 . 2004-08-04 12:00	464062	----a-w-	c:\windows\system32\perfh007.dat
2010-03-31 01:58 . 2008-12-25 10:26	123888	------w-	c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2008-12-25 10:26	125424	------w-	c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-04-27 15:36	133616	-c----w-	c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2005-11-19 19:47	44944	----a-w-	c:\windows\system32\drivers\pxhelp20.sys
.

------- Sigcheck -------

[-] 2010-06-10 19:33 . !HASH: COULD NOT OPEN FILE !!!!! . 823808 . . [------] . . c:\windows\system32\drivers\aec.sys
[-] 2008-04-13 16:39 . !HASH: COULD NOT OPEN FILE !!!!! . 142592 . . [------] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2006-02-15 00:30 . !HASH: COULD NOT OPEN FILE !!!!! . 142464 . . [------] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . !HASH: COULD NOT OPEN FILE !!!!! . 142464 . . [------] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 20:39 . !HASH: COULD NOT OPEN FILE !!!!! . 142464 . . [------] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\msxurl32.exe,"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Last.fm Helper.lnk]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^mr^Startmenü^Programme^Autostart^Last.fm Helper.lnk]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^mr^Startmenü^Programme^Autostart^Stardock ObjectDock.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45	63712	-c--a-w-	c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05	40368	----a-w-	c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-01 23:59	126976	-c--a-r-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:15	3144800	----a-w-	c:\programme\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]
2005-04-11 11:01	151552	-c--a-w-	c:\programme\Samsung\MagicKBD\PreMKbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	--sh--w-	c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50	155648	-c--a-w-	c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 14:00	1249280	-c--a-w-	c:\programme\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08	417792	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-03-17 00:06	32768	-c--a-w-	c:\programme\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-18 15:31	21633320	----a-r-	c:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-10-09 09:59	36972	-c--a-w-	c:\programme\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-03-27 11:09	180269	----a-w-	c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54	37376	----a-w-	c:\programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Samsung Update Plus"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Spiele\\Warcraft III\\war3.exe"=
"c:\\Programme\\LimeWire\\LimeWire.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQLite\\ICQLite.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\BitTorrent\\bittorrent.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-zu-Peer-Gruppierung
"3540:UDP"= 3540:UDP:Peer Name Resolution-Protokoll (PNRP)
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 R592;R592;c:\windows\system32\drivers\R592.sys [09.10.2005 12:08 54912]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04.08.2004 14:00 14336]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [09.10.2005 12:09 4300]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners

2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{426361F3-ABFC-494A-80B3-823D36A03FB9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_803138DCE93649E4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\mr\Anwendungsdaten\Mozilla\Firefox\Profiles\5f7aohup.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - component: c:\dokumente und einstellungen\mr\Anwendungsdaten\Mozilla\Firefox\Profiles\5f7aohup.default\extensions\{7BC4DC8B-80A9-4eae-A4DA-3509E88733C8}\components\FocusedPFF.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programme\Veetle\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SSODL-UpdateCheck-{EEC5656B-20CC-4127-ACCC-A86FFA7A9F22} - c:\windows\system32\mstmdm.dll
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programme\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-10 21:29
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(228)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-10  21:34:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-10 19:34

Vor Suchlauf: 15 Verzeichnis(se), 33.328.054.272 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 33.227.296.768 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3EDD603DD40C86E85C8F779838BC6FDF

--- --- ---

10.06.2010, 16:20	#7
markusg /// Malware-holic	Antimalware Doctor kommt immer wieder! bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix

10.06.2010, 17:47	#9
markusg /// Malware-holic	Antimalware Doctor kommt immer wieder! ja sicher.

Antimalware Doctor kommt immer wieder!

Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor kommt immer wieder!