| Mustang_68 | 30.06.2012 20:43 |
Aloha noch mal,
der zweite Rechner ist in der Tat vorhanden, ich bin jetzt aber über start -> ausführen an den Internet Explorer ran gekommen und arbeite die Anleitung von GuRu ab. Emsisoft braucht wohl noch ein bisschen, wenn ich damit durch bin, stelle ich alle Files hier ein.
Vielen Dank für die schnelle Unterstützung,
Katja
Moin,
aktueller Zwischenstand: Ich bin immer noch verseucht.
Gestern Nachmittag hatte ich in folgender Reihenfolge ausgeführt:
rkill -> malwarebytes -> emsisoft
Danach habe ich (dummerweise) neu gestartet, um die obige Anweisung zu befolgen.
Data Recovery war natürlich immer noch am Werk.
Danach: OTL mit dem angegebenen Code ausgeführt, Combofix hat sich wohl aufgehängt. Habe meinen Rechner gegen 00:30 allein gelassen, heute früh immer noch die selbe Anzeige „Nach infizierten Dateien wird gescannt“. Die erbeuteten Files:
OTL.TXT:OTL Logfile: Code:
OTL logfile created on: 30.06.2012 23:00:36 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\Katja\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 457,78 Mb Available Physical Memory | 44,73% Memory free
2,40 Gb Paging File | 1,79 Gb Available in Paging File | 74,42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 15,64 Gb Free Space | 10,50% Space Free | Partition Type: NTFS
Drive E: | 496,71 Mb Total Space | 314,38 Mb Free Space | 63,29% Space Free | Partition Type: FAT
Computer Name: KATJASCHLEPPTOP | User Name: Katja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.30 22:40:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katja\Desktop\OTL.exe
PRC - [2012.06.30 15:31:07 | 000,255,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\05fIevTXo6WaxI.exe
PRC - [2012.06.30 15:05:10 | 000,346,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeJJMGoqiUaYbjF.exe
PRC - [2012.06.17 15:44:46 | 003,069,752 | -H-- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 18:47:32 | 000,161,664 | -H-- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.01.04 20:20:50 | 001,391,272 | -H-- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.10.30 00:23:05 | 000,273,528 | -H-- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.01.12 21:54:19 | 000,819,352 | -H-- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2010.09.09 15:38:16 | 000,452,016 | -H-- | M] (CANON INC.) -- C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.08.17 19:51:38 | 000,054,784 | -H-- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2010.03.23 13:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.09.25 16:38:16 | 000,312,784 | -H-- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2009.09.17 18:37:48 | 000,157,968 | RH-- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\starter4g.exe
PRC - [2009.09.17 18:37:04 | 000,125,200 | RH-- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\service4g.exe
PRC - [2009.04.16 00:52:06 | 000,091,432 | -H-- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.03.10 09:46:18 | 000,090,112 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
========== Modules (No Company Name) ==========
MOD - [2012.06.30 15:31:07 | 000,255,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\05fIevTXo6WaxI.exe
MOD - [2012.06.30 15:05:10 | 000,346,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeJJMGoqiUaYbjF.exe
MOD - [2012.04.16 23:11:02 | 000,398,288 | -H-- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.03.23 13:26:48 | 000,201,512 | -H-- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009.09.25 16:38:16 | 000,312,784 | -H-- | M] () -- C:\Programme\XSManager\WTGService.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2002.05.28 18:11:04 | 000,122,880 | -H-- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.17 15:44:46 | 003,069,752 | -H-- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.05.02 01:42:28 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 18:47:32 | 000,161,664 | -H-- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.01.12 21:54:19 | 000,819,352 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2010.08.17 19:51:38 | 000,054,784 | -H-- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2010.03.23 13:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.09.25 16:38:16 | 000,312,784 | -H-- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2009.09.17 18:37:04 | 000,125,200 | RH-- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\WINDOWS\service4g.exe -- (XS Stick Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (Aspi32)
DRV - [2012.04.30 18:45:28 | 000,054,072 | -H-- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2012.04.27 10:20:04 | 000,137,928 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.14 12:55:03 | 000,281,760 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.04.14 12:55:02 | 000,025,888 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.05.19 14:10:34 | 000,017,904 | -H-- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011.01.12 21:54:19 | 000,004,608 | -H-- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2010.08.17 19:51:39 | 000,012,464 | -H-- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2010.06.17 15:14:27 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.23 13:15:36 | 000,308,859 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.03.18 11:02:32 | 000,028,624 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 11:02:08 | 000,037,328 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 11:01:52 | 000,038,864 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.03.18 11:01:12 | 000,010,448 | -H-- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010.02.11 14:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.11.11 05:26:02 | 002,216,064 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2008.11.16 18:39:44 | 000,131,984 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.10.31 17:19:38 | 000,103,424 | -H-- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2007.11.14 19:05:16 | 000,394,952 | -H-- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.01.18 20:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.05.26 18:19:18 | 000,839,724 | -H-- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.05.03 17:34:02 | 000,027,392 | -H-- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005.03.23 16:08:52 | 002,547,008 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004.12.02 17:36:08 | 000,070,912 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.10.27 15:21:30 | 000,145,920 | -H-- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.06.08 12:35:26 | 000,038,081 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004.06.08 12:35:18 | 000,054,817 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004.06.08 12:35:08 | 000,071,533 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004.06.08 12:34:48 | 000,024,637 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\Audiograbber Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{15E5998F-CBDD-4098-BBFA-7AB56FC7DDBE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=62713EBB-1132-4693-8DD7-A01D4902ABFE&apn_sauid=0ADD194B-F90D-4F32-87B9-A2CD0E2F6255
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.30 00:23:32 | 000,000,000 | -H-D | M]
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll ()
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Audiograbber Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Audiograbber Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Audiograbber Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Audiograbber Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Audiograbber Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [starter4g] C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VeJJMGoqiUaYbjF.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeJJMGoqiUaYbjF.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{096EE4B1-FD2A-461A-B81B-A01C2A000175}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Church of Tiamat.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Church of Tiamat.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.17 17:48:40 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b2bdb2b4-6ba7-11e1-97a7-0013ce737934}\Shell - "" = AutoRun
O33 - MountPoints2\{b2bdb2b4-6ba7-11e1-97a7-0013ce737934}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2bdb2b4-6ba7-11e1-97a7-0013ce737934}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk - C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: InstantOn - hkey= - key= - C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()
MsConfig - StartUpReg: OpwareSE2 - hkey= - key= - C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: RaidTool - hkey= - key= - C:\Programme\VIA\RAID\raid_tool.exe (VIA Technologies)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.06.30 23:06:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Katja\Recent
[2012.06.30 22:43:37 | 004,567,958 | ---- | C] (Swearware) -- C:\Dokumente und Einstellungen\Katja\Desktop\ComboFix.exe
[2012.06.30 22:43:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katja\Desktop\OTL.exe
[2012.06.30 18:56:14 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Emsisoft Anti-Malware
[2012.06.30 18:55:09 | 000,000,000 | -H-D | C] -- C:\Programme\Emsisoft Anti-Malware
[2012.06.30 18:55:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Eigene Dateien\Anti-Malware
[2012.06.30 18:45:29 | 138,473,800 | -H-- | C] (Emsisoft GmbH ) -- C:\Dokumente und Einstellungen\Katja\Desktop\EmsisoftAntiMalwareSetup.exe
[2012.06.30 18:28:00 | 007,247,536 | -H-- | C] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\Katja\Desktop\HitmanPro36.exe
[2012.06.30 17:40:42 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Anwendungsdaten\Malwarebytes
[2012.06.30 17:40:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.30 17:40:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.30 17:40:26 | 000,022,344 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.30 17:40:26 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.30 17:37:20 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Katja\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.30 15:31:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Startmenü\Programme\Data Recovery
[2012.06.27 20:19:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Anwendungsdaten\Apple Computer
[2012.06.27 20:04:20 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012.06.27 20:03:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2012.06.27 20:03:12 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2012.06.27 20:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Lokale Einstellungen\Anwendungsdaten\Apple
[2012.06.27 20:02:49 | 000,000,000 | -H-D | C] -- C:\Programme\Apple Software Update
[2012.06.27 20:02:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2012.06.27 19:58:36 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2012.06.27 19:31:53 | 000,000,000 | -H-D | C] -- C:\Programme\QuickTime
[2012.06.20 10:06:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Desktop\Fraport
[2012.06.14 09:30:04 | 000,521,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.06.10 11:32:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Eigene Dateien\Brandschutz
[2012.06.03 15:10:00 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Anwendungsdaten\AskToolbar
[2012.06.03 15:09:45 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Anwendungsdaten\Avira
[2012.06.03 15:03:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.06.03 15:03:31 | 000,000,000 | -H-D | C] -- C:\Programme\Ask.com
[2012.06.03 15:03:29 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Katja\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2012.06.03 15:03:14 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.06.03 15:03:11 | 000,137,928 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.06.03 15:03:11 | 000,083,392 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.06.03 15:03:11 | 000,036,000 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.06.03 15:03:09 | 000,000,000 | -H-D | C] -- C:\Programme\Avira
[2012.06.03 15:03:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Katja\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Katja\Eigene Dateien\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.30 23:08:03 | 000,000,226 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.06.30 23:06:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1085031214-839522115-1005.job
[2012.06.30 23:06:09 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1085031214-839522115-1005.job
[2012.06.30 22:49:06 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.30 22:48:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.30 22:40:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katja\Desktop\OTL.exe
[2012.06.30 22:37:16 | 004,567,958 | ---- | M] (Swearware) -- C:\Dokumente und Einstellungen\Katja\Desktop\ComboFix.exe
[2012.06.30 22:33:02 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.30 22:29:08 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Katja\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.30 22:16:56 | 000,000,847 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Data_Recovery.lnk
[2012.06.30 18:56:14 | 000,000,738 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2012.06.30 18:45:29 | 138,473,800 | -H-- | M] (Emsisoft GmbH ) -- C:\Dokumente und Einstellungen\Katja\Desktop\EmsisoftAntiMalwareSetup.exe
[2012.06.30 18:28:13 | 007,247,536 | -H-- | M] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\Katja\Desktop\HitmanPro36.exe
[2012.06.30 17:24:42 | 001,012,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\rkill.com
[2012.06.30 15:42:18 | 000,000,480 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\05fIevTXo6WaxI
[2012.06.30 15:40:21 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-05fIevTXo6WaxI
[2012.06.30 15:31:22 | 000,000,136 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-05fIevTXo6WaxIr
[2012.06.30 15:31:07 | 000,255,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\05fIevTXo6WaxI.exe
[2012.06.30 15:05:10 | 000,346,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeJJMGoqiUaYbjF.exe
[2012.06.30 11:20:15 | 000,022,051 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.06.27 18:15:25 | 001,505,624 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Bewerbung Katja Kerber.pdf
[2012.06.27 16:23:33 | 000,055,006 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Bewerbung Katja Kerber Anschreiben.pdf
[2012.06.27 15:46:45 | 000,059,580 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Deckblatt.pdf
[2012.06.27 15:43:02 | 000,065,388 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Bewerbung Katja Kerber Lebenslauf.pdf
[2012.06.22 12:52:49 | 000,000,452 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Eigene Dateien\spider.sav
[2012.06.21 11:41:58 | 000,112,814 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\FlyerALBA_LB-GreenBuildingConsulting_A4_Druckerei-dt-V050510.pdf
[2012.06.21 08:43:31 | 000,101,082 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Entgelttarif-Chemie2007.pdf
[2012.06.20 15:33:42 | 000,047,959 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\showJobOfferDetail.pdf
[2012.06.20 12:48:18 | 001,341,364 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Bewerbung Katja Kerber Zeugnisse.pdf
[2012.06.14 10:17:12 | 000,245,512 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.14 10:14:51 | 000,459,844 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.14 10:14:51 | 000,441,906 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.14 10:14:51 | 000,085,170 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.14 10:14:51 | 000,071,842 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.14 10:05:16 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.02 15:19:38 | 000,329,240 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012.06.02 15:19:38 | 000,329,240 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012.06.02 15:19:38 | 000,219,160 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012.06.02 15:19:38 | 000,210,968 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012.06.02 15:19:38 | 000,015,896 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012.06.02 15:19:34 | 000,097,304 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012.06.02 15:19:34 | 000,097,304 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012.06.02 15:19:34 | 000,053,784 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012.06.02 15:19:34 | 000,045,080 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012.06.02 15:19:34 | 000,035,864 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012.06.02 15:19:34 | 000,035,864 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012.06.02 15:19:28 | 000,023,576 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012.06.02 15:19:24 | 000,577,048 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012.06.02 15:19:24 | 000,577,048 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012.06.02 07:54:42 | 000,683,733 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\Desktop\spielplan EM 2012.pdf
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Katja\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Katja\Eigene Dateien\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.30 22:16:56 | 000,000,847 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Data_Recovery.lnk
[2012.06.30 18:56:14 | 000,000,738 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2012.06.30 17:24:36 | 001,012,656 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\rkill.com
[2012.06.30 15:31:22 | 000,000,136 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-05fIevTXo6WaxIr
[2012.06.30 15:31:22 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-05fIevTXo6WaxI
[2012.06.30 15:31:19 | 000,000,480 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\05fIevTXo6WaxI
[2012.06.30 15:31:07 | 000,255,736 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\05fIevTXo6WaxI.exe
[2012.06.30 15:07:45 | 000,346,872 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeJJMGoqiUaYbjF.exe
[2012.06.21 13:58:01 | 001,505,624 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Bewerbung Katja Kerber.pdf
[2012.06.21 11:41:58 | 000,112,814 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\FlyerALBA_LB-GreenBuildingConsulting_A4_Druckerei-dt-V050510.pdf
[2012.06.21 08:43:31 | 000,101,082 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Entgelttarif-Chemie2007.pdf
[2012.06.20 15:33:40 | 000,047,959 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\showJobOfferDetail.pdf
[2012.06.20 12:48:47 | 000,065,388 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Bewerbung Katja Kerber Lebenslauf.pdf
[2012.06.20 12:48:17 | 001,341,364 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Bewerbung Katja Kerber Zeugnisse.pdf
[2012.06.17 09:49:40 | 000,059,580 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Deckblatt.pdf
[2012.06.15 17:04:05 | 000,055,006 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\Bewerbung Katja Kerber Anschreiben.pdf
[2012.06.03 15:03:51 | 000,000,226 | -H-- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.06.02 07:54:42 | 000,683,733 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Desktop\spielplan EM 2012.pdf
[2012.04.16 14:06:57 | 000,008,704 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS7A.DLL
[2012.04.14 22:07:30 | 000,021,840 | -H-- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012.04.14 22:07:30 | 000,017,212 | -H-- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012.04.14 22:07:30 | 000,012,067 | -H-- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012.04.14 22:05:53 | 000,038,747 | -H-- | C] () -- C:\WINDOWS\DIIUnin.dat
[2012.02.16 11:36:59 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.02.18 16:56:28 | 000,165,376 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.02.18 16:56:27 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.02.18 16:56:25 | 000,810,496 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.02.18 16:56:25 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.02.18 16:56:24 | 000,080,896 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.02.14 22:55:38 | 000,000,023 | -H-- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011.01.27 18:08:35 | 000,007,216 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.01.18 13:12:29 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\adistres.dll
[2011.01.12 21:17:33 | 000,000,005 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\getfile.dat
[2011.01.12 21:17:32 | 000,002,939 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\x_dtrace_log
[2010.12.29 13:00:38 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.05 18:16:03 | 000,000,436 | -H-- | C] () -- C:\WINDOWS\Tcd_C7CBF1A2.ini
[2010.10.04 13:53:22 | 000,050,451 | -H-- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.09.29 19:58:28 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010.08.27 20:04:37 | 000,021,504 | -H-- | C] () -- C:\WINDOWS\jestertb.dll
[2010.08.25 19:46:50 | 000,281,760 | -H-- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.08.25 19:46:47 | 000,025,888 | -H-- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.08.24 12:21:07 | 000,007,680 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\WINWORD.box
[2010.08.21 18:55:32 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.21 18:55:30 | 000,053,760 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.18 18:13:09 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2010.08.18 17:00:42 | 000,001,065 | -H-- | C] () -- C:\WINDOWS\winamp.ini
[2010.08.18 16:49:18 | 000,001,344 | -H-- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2010.08.18 15:03:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\WinInit.ini
[2010.08.18 14:31:34 | 000,000,516 | -H-- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010.08.18 14:27:15 | 000,434,176 | -H-- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2010.08.18 12:14:43 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Katja\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.08.17 19:44:16 | 000,210,944 | -H-- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010.08.17 18:37:55 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.08.17 18:36:39 | 000,245,512 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.17 18:06:49 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010.08.17 18:06:49 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.08.17 18:04:52 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\sm56spn.dll
[2010.08.17 18:04:52 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\sm56itl.dll
[2010.08.17 18:04:52 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\sm56ger.dll
[2010.08.17 18:04:52 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\sm56fra.dll
[2010.08.17 18:04:52 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\sm56eng.dll
[2010.08.17 18:04:52 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\sm56brz.dll
[2010.08.17 18:04:52 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\sm56jpn.dll
[2010.08.17 18:04:52 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\sm56cht.dll
[2010.08.17 18:04:52 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\sm56chs.dll
[2010.08.17 17:54:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.08.17 17:51:51 | 000,001,082 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.08.17 17:46:02 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010.08.17 17:51:55 | 000,000,000 | -H-D | M] -- C:\AddOn
[2010.08.18 14:27:14 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2011.10.19 19:20:10 | 000,000,000 | -H-D | M] -- C:\Dia
[2012.06.30 16:18:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen
[2012.06.30 18:26:28 | 000,000,000 | -H-D | M] -- C:\Downloads
[2010.08.17 18:07:42 | 000,000,000 | -H-D | M] -- C:\Program Files
[2012.06.30 18:55:09 | 000,000,000 | RH-D | M] -- C:\Programme
[2010.08.17 18:19:04 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.08.17 17:55:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.17 18:05:11 | 000,000,000 | -H-D | M] -- C:\VIARAID
[2012.06.28 06:29:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.08.18 12:40:46 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.08.18 12:40:46 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.08.18 12:40:46 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.08.18 12:40:46 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.04 14:00:00 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: IASTOR.SYS >
[2004.09.26 15:24:54 | 000,477,952 | -H-- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2004.09.02 09:24:38 | 000,082,816 | -H-- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2004.08.04 14:00:00 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2005.04.08 11:43:26 | 000,060,928 | -H-- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
[2004.05.18 15:55:26 | 000,074,112 | -H-- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | -H-- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010.08.17 19:35:57 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.08.17 19:35:57 | 000,638,976 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.08.17 19:35:57 | 000,425,984 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %USERPROFILE%\*.* >
[2010.08.17 17:51:07 | 000,002,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\dotNetFx.log
[2011.01.12 21:17:33 | 000,000,005 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\getfile.dat
[2010.08.17 17:51:09 | 000,001,082 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\langpackSetup.log
[2012.06.30 22:46:48 | 006,815,744 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\ntuser.dat
[2012.06.30 23:18:03 | 000,028,672 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\ntuser.dat.LOG
[2012.06.30 22:46:46 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Katja\ntuser.ini
[2010.08.24 12:21:07 | 000,007,680 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\WINWORD.box
[2011.01.12 21:23:05 | 000,002,939 | -H-- | M] () -- C:\Dokumente und Einstellungen\Katja\x_dtrace_log
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.05.15 15:56:00 | 001,863,296 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< End of report >
--- --- ---
EXTRAS.TXT:OTL Logfile: Code:
OTL Extras logfile created on: 30.06.2012 23:00:36 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\Katja\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 457,78 Mb Available Physical Memory | 44,73% Memory free
2,40 Gb Paging File | 1,79 Gb Available in Paging File | 74,42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 15,64 Gb Free Space | 10,50% Space Free | Partition Type: NTFS
Drive E: | 496,71 Mb Total Space | 314,38 Mb Free Space | 63,29% Space Free | Partition Type: FAT
Computer Name: KATJASCHLEPPTOP | User Name: Katja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Programme\Spiele\ANNO 1404 - Königsedition\Anno4.exe" = C:\Programme\Spiele\ANNO 1404 - Königsedition\Anno4.exe:*:Enabled:ANNO 1404 - Königsedition (Classic) -- (Related Designs)
"C:\Programme\Spiele\ANNO 1404 - Königsedition\Addon.exe" = C:\Programme\Spiele\ANNO 1404 - Königsedition\Addon.exe:*:Enabled:ANNO 1404 - Königsedition (Addon) -- (Related Designs)
"C:\Programme\Spiele\ANNO 1404 - Königsedition\tools\Anno4Web.exe" = C:\Programme\Spiele\ANNO 1404 - Königsedition\tools\Anno4Web.exe:*:Enabled:ANNO 1404 Web -- ()
"C:\Programme\Spiele\ANNO 1404 - Königsedition\tools\AddonWeb.exe" = C:\Programme\Spiele\ANNO 1404 - Königsedition\tools\AddonWeb.exe:*:Enabled:ANNO 1404 - Venedig Web -- ()
"C:\Programme\Spiele\ANNO 1404 - Königsedition\tools\Benchmark.exe" = C:\Programme\Spiele\ANNO 1404 - Königsedition\tools\Benchmark.exe:*:Enabled:Anno 1404 - Königsedition Setup Benchmark -- ()
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7866E9E2-AC5B-4F4D-9791-F160AC2C9406}" = GetSolar Demo
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel(R) PROSet/Wireless WiFi-Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90510407-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [DEU]
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 4200F
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.0
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{E55E016B-8254-4A3F-ACEB-FE9988CD880F}" = Origin8
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber Toolbar" = Audiograbber Toolbar
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Autodesk Express Viewer" = Autodesk Express Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"BeCyPDFMetaEdit" = BeCyPDFMetaEdit
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONBJ_Deinstall_CNMCP7A.DLL" = Canon iP5200R
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CdaC13Ba" = SafeCast Shared Components
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CSI - Tödliche Verschwörung" = CSI - Tödliche Verschwörung
"Diablo II" = Diablo II
"DivX Setup" = DivX-Setup
"DSMT5" = MathType 5
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.0.2.2 (June 26, 2009)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EED 3 Demo" = EED 3 Demo
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FlashGet(JetCar)" = FlashGet(JetCar)
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.2.804
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"Kyodai Mahjongg_is1" = Kyodai Mahjongg
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MasterIndex-PlugIn für die deutsche Version_is1" = MasterIndex_MW_Plug_dtsch
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PENTAX Digital Camera Utility" = PENTAX Digital Camera Utility
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"ST6UNST #1" = Hero Editor V0.96
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WinZip" = WinZip
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.53
"XnView_is1" = XnView 1.97.8
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.06.2012 01:49:24 | Computer Name = KATJASCHLEPPTOP | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
excel.exe, version 10.0.2614.0, fault address 0x004e7be9.
Error - 02.06.2012 01:50:01 | Computer Name = KATJASCHLEPPTOP | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
excel.exe, version 10.0.2614.0, fault address 0x004e7be9.
Error - 02.06.2012 01:50:08 | Computer Name = KATJASCHLEPPTOP | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
excel.exe, version 10.0.2614.0, fault address 0x004e7be9.
Error - 11.06.2012 12:56:38 | Computer Name = KATJASCHLEPPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.06.2012 12:18:44 | Computer Name = KATJASCHLEPPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.06.2012 12:55:39 | Computer Name = KATJASCHLEPPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung DVDFab.exe, Version 6.0.2.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.06.2012 12:58:58 | Computer Name = KATJASCHLEPPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung DVDFab.exe, Version 6.0.2.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.06.2012 12:59:18 | Computer Name = KATJASCHLEPPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung DVDFab.exe, Version 6.0.2.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.06.2012 14:21:17 | Computer Name = KATJASCHLEPPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 30.06.2012 09:04:32 | Computer Name = KATJASCHLEPPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul icucnv36.dll, Version 3.6.0.0, Fehleradresse 0x000013df.
[ System Events ]
Error - 30.06.2012 13:01:19 | Computer Name = KATJASCHLEPPTOP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 30.06.2012 13:01:19 | Computer Name = KATJASCHLEPPTOP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 30.06.2012 13:01:19 | Computer Name = KATJASCHLEPPTOP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 30.06.2012 13:01:20 | Computer Name = KATJASCHLEPPTOP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 30.06.2012 13:01:20 | Computer Name = KATJASCHLEPPTOP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 30.06.2012 13:01:20 | Computer Name = KATJASCHLEPPTOP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 30.06.2012 13:01:20 | Computer Name = KATJASCHLEPPTOP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 30.06.2012 13:01:20 | Computer Name = KATJASCHLEPPTOP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 30.06.2012 16:17:31 | Computer Name = KATJASCHLEPPTOP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Aspi32
Error - 30.06.2012 16:50:59 | Computer Name = KATJASCHLEPPTOP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Aspi32
< End of report >
--- --- ---
Update:
Habe folgendes ausgeführt:
rkill -> malwarebytes -> tdsskiller ("cure" ausgewählt) -> neustart -> bin immer noch verseucht
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.07.01.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Katja :: KATJASCHLEPPTOP [Administrator]
01.07.2012 10:41:28
mbam-log-2012-07-01 (10-41-28).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 311283
Laufzeit: 1 Stunde(n), 1 Minute(n), 31 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Dokumente und Einstellungen\Katja\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) |
