Trojaner-Board - Auf Paypal Phishing-Mail reingefallen

Das wäre super, dankeschön :)! Hier das frische Log. Allerdings nochmal mit der Anmerkung, dass ich normalerweise nicht auf Administratorebene arbeite, das Log wurde aber von dort aus erstellt, OHNE "alle Benutzer scannen" anzuhaken. Markus meinte, ich hätte alles richtig gemacht, ich wollte das bloß anmerken, falls ich doch alle Benutzer scannen sollte.
Code:
OTL logfile created on: 22.06.2013 10:52:27 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Dateien von Rina\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,92 Mb Total Physical Memory | 682,23 Mb Available Physical Memory | 66,69% Memory free

1,65 Gb Paging File | 1,33 Gb Available in Paging File | 80,50% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 24,41 Gb Total Space | 12,19 Gb Free Space | 49,93% Space Free | Partition Type: NTFS

Drive D: | 50,12 Gb Total Space | 20,08 Gb Free Space | 40,07% Space Free | Partition Type: NTFS

 

Computer Name: COMPI | User Name: Rina_2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.06.17 12:17:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Dateien von Rina\Downloads\OTL.exe

PRC - [2013.05.07 22:35:46 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2013.03.28 06:35:07 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2013.03.28 06:30:36 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2013.03.28 06:30:00 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.09.06 02:52:22 | 000,112,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe

PRC - [2010.11.19 14:52:54 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

PRC - [2009.09.12 19:05:25 | 000,114,688 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

PRC - [2009.09.12 19:05:25 | 000,065,536 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe

PRC - [2009.05.01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.05.15 21:56:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll

MOD - [2013.05.15 21:47:50 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll

MOD - [2013.05.15 21:16:40 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2013.05.15 21:16:28 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2013.02.05 18:44:23 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll

MOD - [2013.02.05 10:48:42 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll

MOD - [2013.02.05 10:48:14 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll

MOD - [2013.02.05 10:47:53 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll

MOD - [2013.02.05 10:46:24 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll

MOD - [2013.02.05 10:42:15 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll

MOD - [2013.02.03 20:18:02 | 000,296,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll

MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2013.05.29 14:29:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.03.28 06:35:07 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013.03.28 06:30:00 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.09.06 02:52:22 | 000,112,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R)

SRV - [2009.09.12 19:05:25 | 000,114,688 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009.05.01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Rina_2\LOKALE~1\Temp\catchme.sys -- (catchme)

DRV - [2013.03.28 06:35:38 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2013.03.28 06:35:38 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2013.03.28 06:35:38 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.09.12 19:05:22 | 000,201,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)

DRV - [2009.09.12 19:05:22 | 000,028,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009.09.12 19:05:21 | 000,081,280 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)

DRV - [2009.04.30 23:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928)

DRV - [2007.05.02 10:54:08 | 000,472,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2007.02.22 12:28:48 | 000,030,864 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- C:\Programme\ASTRA32\astra32.sys -- (ASTRA32)

DRV - [2005.05.22 02:00:00 | 000,015,104 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET)

DRV - [2005.02.01 19:39:20 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004.05.04 13:35:56 | 000,119,296 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504)

DRV - [2003.06.27 08:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 08 28 EE A6 04 CE 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{B15FE290-4F7F-4976-930E-BD5AA864E0A7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"

FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933

FF - prefs.js..extensions.enabledItems: {B922D405-6D13-4A2B-AE89-08A030DA4402}:1.1.1

FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\ff\ [2013.02.16 19:58:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.29 14:29:06 | 000,000,000 | ---D | M]

 

[2011.01.31 19:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\Mozilla\Extensions

[2013.05.29 13:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\Mozilla\Firefox\Profiles\lhf9t9sa.default\extensions

[2011.01.31 19:44:59 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\Mozilla\Firefox\Profiles\lhf9t9sa.default\extensions\ietab@ip.cn

[2013.05.29 13:06:44 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\Mozilla\Firefox\Profiles\lhf9t9sa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.05.29 14:29:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.05.29 14:29:01 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}

[2013.05.29 14:29:00 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com

[2013.05.29 14:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions

[2013.05.29 14:29:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013.02.16 19:58:35 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAMME\GEMEINSAME DATEIEN\DVDVIDEOSOFT\PLUGINS\FF

[2011.01.11 13:22:42 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

 

O1 HOSTS File: ([2013.06.18 23:35:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PHOTOfunSTUDIO 6.0.lnk = C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Free YouTube Download - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytvdownloader.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytmp3downloader.htm ()

O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 79.134.240.31 85.195.194.128

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71E48D7F-DB94-4341-BDA2-14098D315CCF}: DhcpNameServer = 79.134.240.31 85.195.194.128

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABAD656F-326E-4F40-A8EE-322345F9EB5A}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Rina_2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Rina_2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.09.12 12:39:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.19 23:09:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner

[2013.06.19 23:09:52 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2013.06.19 23:05:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013.06.19 00:15:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\Malwarebytes

[2013.06.19 00:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2013.06.19 00:15:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2013.06.19 00:15:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013.06.19 00:15:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2013.06.18 23:37:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2013.06.18 23:22:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013.06.18 23:22:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013.06.18 23:22:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013.06.18 23:22:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013.06.18 23:22:33 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.06.18 23:22:29 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Rina_2\Startmenü\Programme\Verwaltung

[2013.06.18 23:22:29 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos

[2013.06.18 23:22:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013.06.17 15:32:28 | 005,079,999 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Rina_2\Desktop\ComboFix.exe

[2013.05.29 14:28:57 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.22 10:46:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.06.18 23:35:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013.06.17 15:33:06 | 005,079,999 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Rina_2\Desktop\ComboFix.exe

[2013.06.17 15:26:53 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2013.06.12 13:05:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.06.11 22:13:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.06.18 23:22:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013.06.18 23:22:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013.06.18 23:22:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013.06.18 23:22:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013.06.18 23:22:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013.02.07 23:36:29 | 000,156,250 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2013.02.06 23:35:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2013.02.04 13:02:50 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2013.02.03 23:04:35 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Rina_2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.02.03 20:23:52 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2013.02.03 20:23:52 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2013.02.03 20:23:52 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2013.02.03 20:23:52 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2013.02.03 20:23:52 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2013.02.03 20:23:52 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2013.02.03 20:23:52 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2013.02.03 20:23:52 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2013.02.03 20:23:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2013.02.03 20:23:52 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2013.02.03 20:23:52 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2013.02.03 20:23:52 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2013.02.03 20:23:52 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2013.02.03 20:23:52 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2013.02.03 20:23:52 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2013.02.03 20:23:52 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2013.02.03 20:23:52 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2013.02.03 20:23:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2013.02.03 20:23:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2013.02.03 16:10:38 | 000,817,973 | ---- | C] () -- C:\Programme\adblock_plus-2.2.2-tb+fx+sm+an.xpi

[2012.12.26 17:26:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Programme\openofficeorg1.cab

[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Programme\openofficeorg341.msi

[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Programme\setup.ini

[2011.01.31 22:53:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\AVSMediaPlayer.m3u

 
 ========== ZeroAccess Check ==========

 

[2013.02.03 20:09:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2009.07.18 18:03:13 | 001,509,888 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2009.09.12 20:14:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems

[2013.02.07 22:25:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic

[2011.01.30 20:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Seagate

[2011.01.31 22:00:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\ACD Systems

[2011.02.02 13:58:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\Acronis

[2013.02.16 20:04:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\DVDVideoSoft

[2013.02.16 19:58:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\DVDVideoSoftIEHelpers

[2013.04.09 04:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\OpenOffice.org

[2011.01.31 19:33:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\pdfforge

[2011.01.31 19:33:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rina_2\Anwendungsdaten\Search Settings

 
 ========== Purity Check ==========

 

 
 

< End of report >