Entschuldige bitte, das wusste ich nicht.
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1645522239-602162358-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Liuqunfal deleted successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vores\dumy.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-602162358-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Run\\execm deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-602162358-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Run\\userlmon deleted successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Yhco folder moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Woobw folder moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Evgeer folder moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vores folder moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Finyni folder moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buusad folder moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Pkfcykmcc folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003\\"MasterDeviceTimingMode|"dword:ffffffff /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003\\"MasterDeviceTimingModeAllowed"|dword:ffffffff /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003\\MasterIdDataCheckSum deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003\\"SlaveDeviceTimingMode"|dword:ffffffff /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003\\SlaveIdDataCheckSum deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 606380 bytes
->Temporary Internet Files folder emptied: 3375371 bytes
->Java cache emptied: 467838 bytes
->FireFox cache emptied: 436594086 bytes
->Flash cache emptied: 15163568 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 737324 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 438,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04112013_191025
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL Logfile: Code:
OTL logfile created on: 11.04.2013 19:56:53 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,36 Mb Total Physical Memory | 579,54 Mb Available Physical Memory | 57,08% Memory free
2,39 Gb Paging File | 1,91 Gb Available in Paging File | 79,90% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048E:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 84,57 Gb Free Space | 56,74% Space Free | Partition Type: NTFS
Computer Name: FRANK-45B7562C6 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.09 23:08:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL(1).exe
PRC - [2013.03.28 21:48:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 21:48:03 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.28 21:48:01 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 21:48:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.08 18:03:50 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.02.12 11:43:56 | 000,248,208 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013.02.12 11:43:56 | 000,093,072 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013.01.08 09:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.06 16:57:33 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.09.10 20:44:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.02.18 21:00:53 | 000,090,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.09.24 11:56:40 | 006,479,712 | ---- | M] (ALLNET GmbH) -- C:\Programme\ALLNET\Common\RaUI.exe
PRC - [2010.06.21 17:13:52 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\ALLNET\Common\RaRegistry.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.04 16:22:02 | 000,086,016 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.06.21 17:14:02 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\DiagFunc.dll
MOD - [2010.06.21 17:13:48 | 000,984,416 | ---- | M] () -- C:\Programme\ALLNET\Common\RaWLAPI.dll
MOD - [2010.06.17 22:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.02 19:23:18 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.28 21:48:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 21:48:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 19:15:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 18:03:50 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.02.12 11:43:56 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.10 20:44:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.06.21 17:13:52 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\ALLNET\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFRITZ.SYS -- (NETFRITZ)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2013.03.28 21:48:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.28 21:48:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.28 21:48:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.07.29 16:48:26 | 000,920,160 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2010.06.21 17:14:02 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.06.28 16:25:24 | 004,304,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2004.11.24 01:00:00 | 000,548,864 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)
DRV - [2004.11.24 01:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2001.08.17 13:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2001.08.17 12:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-602162358-299502267-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1645522239-602162358-299502267-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-602162358-299502267-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-602162358-299502267-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.02 19:23:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.08 19:21:01 | 000,000,000 | ---D | M]
[2012.02.20 17:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2012.02.20 17:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2013.04.08 00:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\hqufigz8.default-1349387477654\extensions
[2013.02.24 12:20:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\hqufigz8.default-1349387477654\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.14 12:16:02 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\hqufigz8.default-1349387477654\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.02 19:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.02 19:22:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.02 19:22:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.02 19:22:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.02 19:23:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.17 14:41:05 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.17 21:09:02 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.17 14:41:05 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 14:41:05 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 14:41:05 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.04.10 19:47:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1645522239-602162358-299502267-1004..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1645522239-602162358-299502267-1004..\Run: [Liuqunfal] "C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vores\dumy.exe" File not found
O4 - HKU\S-1-5-21-1645522239-602162358-299502267-1004..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1645522239-602162358-299502267-1004..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ALL0233MINI Wireless Utility.lnk = C:\Programme\ALLNET\Common\RaUI.exe (ALLNET GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-602162358-299502267-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-602162358-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-602162358-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-602162358-299502267-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341327213468 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 194.25.0.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F63F51FF-D477-42AC-A5C7-C84170A3E405}: DhcpNameServer = 8.8.8.8 194.25.0.60
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.11 20:13:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.11 19:19:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\mbar
[2013.04.11 19:11:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.04.11 19:10:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.10 20:02:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Logdateien
[2013.04.10 19:20:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.04.10 19:16:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.04.10 19:16:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.04.10 19:16:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.04.10 19:16:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.04.10 19:15:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.10 19:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.04.10 19:09:05 | 005,050,592 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe
[2013.04.10 17:50:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.04.09 23:16:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL(1).exe
[2013.04.09 20:59:07 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Admin\Desktop\tdsskiller.exe
[2013.04.08 20:13:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller
[2013.04.08 01:11:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2013.04.08 01:11:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.04.08 01:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.04.08 01:11:09 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.08 01:11:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.04.02 19:22:47 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.03.29 13:10:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2013.03.13 19:00:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TomTom
========== Files - Modified Within 30 Days ==========
[2013.04.11 19:52:17 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.11 19:52:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.11 19:14:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.11 19:08:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.11 19:00:06 | 000,372,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.11 18:46:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.10 21:02:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.04.10 19:47:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.04.10 19:21:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.04.10 19:09:25 | 005,050,592 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe
[2013.04.10 18:46:43 | 000,613,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
[2013.04.10 17:57:05 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.09 23:08:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL(1).exe
[2013.04.09 23:02:32 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\3fq8u10w.exe
[2013.04.09 20:59:08 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Admin\Desktop\tdsskiller.exe
[2013.04.08 19:21:01 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.04.08 01:11:13 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.06 18:21:08 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Microsoft Word 2010.lnk
[2013.04.06 10:32:44 | 000,000,595 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.03.31 14:04:45 | 000,495,818 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.03.31 14:04:45 | 000,475,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.03.31 14:04:45 | 000,091,962 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.03.31 14:04:45 | 000,076,804 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.03.29 13:10:46 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.03.28 21:48:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.03.28 21:48:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.03.28 21:48:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.03.25 18:28:20 | 000,179,200 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2013.04.10 19:20:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.04.10 19:20:48 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.04.10 19:16:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.04.10 19:16:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.04.10 19:16:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.04.10 19:16:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.04.10 19:16:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.04.10 18:46:42 | 000,613,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
[2013.04.09 23:16:25 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\3fq8u10w.exe
[2013.04.08 20:16:39 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Outlook Express.lnk
[2013.04.08 19:21:01 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.04.08 19:21:01 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.04.08 01:11:13 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.06 10:32:31 | 000,000,595 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013.03.29 13:10:46 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.03.10 18:21:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2013.03.10 18:21:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2012.03.09 11:52:51 | 000,270,848 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2012.03.09 11:52:51 | 000,006,006 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2012.03.09 11:52:23 | 000,000,356 | ---- | C] () -- C:\WINDOWS\DINFO.INI
[2012.02.15 15:44:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.26 19:29:22 | 000,000,294 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012.01.26 17:37:27 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012.01.26 17:37:27 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012.01.26 17:37:27 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012.01.26 17:36:12 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011.11.19 20:01:55 | 000,018,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.07.26 12:26:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011.07.23 15:04:13 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011.07.23 15:04:13 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.07.22 23:55:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011.07.20 17:36:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011.07.20 17:36:53 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011.07.20 17:36:41 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\$_hpcst$.hpc
[2011.07.03 20:14:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.20 18:00:01 | 000,179,200 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.13 14:53:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.06.11 21:03:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.06.11 21:02:17 | 000,372,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.06.11 21:00:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.06.11 20:15:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.06.11 20:10:33 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2012.03.10 01:29:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011.11.01 22:35:05 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.01.06 18:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Amazon
[2012.11.21 20:42:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service GmbH
[2011.11.19 20:00:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.06.13 14:40:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DAEMON Tools Lite
[2012.12.24 22:56:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoft
[2012.11.25 17:34:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\EPSON
[2013.03.10 18:21:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FreePDF
[2012.01.26 18:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FRITZ!
[2012.03.09 23:55:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Meine Traffic
[2013.04.08 20:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller
[2011.07.20 17:55:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PC Suite
[2013.04.08 00:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\QuickScan
[2011.07.20 17:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Samsung
[2012.02.04 21:50:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Serif
[2011.09.12 16:07:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SSE
[2012.02.20 17:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TomTom
[2012.01.26 17:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ALL0233MINI Driver
[2012.02.04 21:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest Software
[2012.11.21 19:35:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.06.11 22:25:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.06.14 23:05:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011.07.20 17:55:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.02.18 21:04:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2012.02.20 17:23:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
========== Purity Check ==========
========== Custom Scans ==========
< reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0
DMAEnabled REG_DWORD 0x0
Driver REG_SZ atapi
< reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}
Class REG_SZ hdc
<NO NAME> REG_SZ IDE ATA/ATAPI-Controller
Icon REG_SZ -9
Installer32 REG_SZ SysSetup.Dll,HdcClassInstaller
TroubleShooter-0 REG_SZ hcp://help/tshoot/tsdrive.htm
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000
InfPath REG_SZ mshdc.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ pci\cc_0101
DriverDesc REG_SZ Standard-Zweikanal-PCI-IDE-Controller
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0001
InfPath REG_SZ mshdc.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ pci\cc_0101
DriverDesc REG_SZ Standard-Zweikanal-PCI-IDE-Controller
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x1
SlaveDeviceType REG_DWORD 0x2
MasterDeviceTimingMode REG_DWORD 0x10010
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
SlaveDeviceTimingMode REG_DWORD 0x10010
SlaveDeviceTimingModeAllowed REG_DWORD 0xffffffff
MasterDeviceTimingMod REG_SZ dword:fffffff
MasterIdDataCheckSum REG_DWORD 0x202e7
SlaveIdDataCheckSum REG_DWORD 0x11c4d
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0005
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties
< >
[2011.06.11 20:11:29 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011.06.11 20:16:55 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012.01.26 19:36:54 | 000,001,084 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012.01.26 19:36:54 | 000,001,088 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.02.04 21:45:42 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2012.03.30 15:28:39 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.04.17 23:31:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tasks\.txt
< End of report > --- --- ---
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.11.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: FRANK-45B7562C6 [administrator]
11.04.2013 19:40:10
mbar-log-2013-04-11 (19-40-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25560
Time elapsed: 18 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end) |