Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internet Explorer öffnet Seiten mit Werbungen. (https://www.trojaner-board.de/85811-internet-explorer-oeffnet-seiten-werbungen.html)

_audioslave 06.05.2010 20:39
Internet Explorer öffnet Seiten mit Werbungen.
 
Hallo, bei mir besteht das gleiche Problem.
Malwarebytes gibt mir verschiedene Vieren an.
u.a. den Trojan.FakeAlter

Malwarebytes

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4073

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

06.05.2010 21:27:55
mbam-log-2010-05-06 (21-27-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 207452
Laufzeit: 1 Stunde(n), 4 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\drivers\cdcno.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Code:
OTL logfile created on: 06.05.2010 21:34:54 - Run 1
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\Lisa\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 33,66 Gb Total Space | 12,34 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 59,37 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive E: | 322,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LISA-PC
Current User Name: Lisa
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lisa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Lisa\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SpyHunter 4 Service) -- C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.11 12:34:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 15:56:54 | 000,000,000 | ---D | M]
 
[2010.04.11 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions
[2010.05.06 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\io64xbcq.default\extensions
[2010.04.14 13:45:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\io64xbcq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.11 18:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.06 21:27:27 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 18:39:10 | 000,000,061 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{48b68e3e-4546-11df-a535-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48b68e3e-4546-11df-a535-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe -- [2008.10.17 14:03:46 | 001,552,336 | R--- | M] (HanseNet Telekommunikation GmbH)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.06 21:33:44 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2010.05.06 21:27:15 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.05.06 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010.05.06 21:26:33 | 000,000,000 | ---D | C] -- C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010.05.06 21:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.05.06 21:23:56 | 000,490,392 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Lisa\Desktop\SpyHunter-Installer.exe
[2010.05.06 20:14:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2010.05.06 20:13:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.06 20:13:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.06 20:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.06 20:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.06 20:12:56 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Lisa\Desktop\mbam-setup.exe
[2010.05.06 19:35:07 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.05.03 21:07:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Roaming\lowsec
[2010.05.01 14:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.04.29 22:00:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.29 20:43:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\ICQ
[2010.04.22 21:16:06 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.04.22 21:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.04.15 14:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.04.15 14:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.04.15 14:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.04.15 14:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.04.15 14:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.04.15 14:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.04.15 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Adobe
[2010.04.14 13:51:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
[2010.04.14 10:28:35 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 10:28:35 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 10:28:33 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 10:28:32 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.14 10:28:31 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.12 20:45:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.04.12 08:57:21 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Avira
[2010.04.11 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\WinRAR
[2010.04.11 22:02:53 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.04.11 22:02:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.04.11 21:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010.04.11 18:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010.04.11 18:11:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.04.11 18:11:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.11 18:11:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.11 18:11:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.11 18:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.04.11 17:15:26 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\vlc
[2010.04.11 17:14:37 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.04.11 17:14:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.04.11 17:14:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.04.11 17:14:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010.04.11 17:14:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010.04.11 17:14:27 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010.04.11 17:14:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010.04.11 17:14:27 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010.04.11 17:14:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010.04.11 17:14:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010.04.11 17:14:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010.04.11 17:14:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010.04.11 17:14:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.04.11 17:14:16 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010.04.11 17:14:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010.04.11 17:14:16 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010.04.11 17:14:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010.04.11 17:14:07 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010.04.11 17:14:06 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.04.11 17:14:04 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.04.11 17:13:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.04.11 17:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010.04.11 17:13:40 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010.04.11 17:13:37 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.04.11 17:13:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.04.11 17:13:30 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.04.11 17:13:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.04.11 17:13:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.04.11 17:13:27 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.04.11 17:13:19 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.04.11 17:13:17 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.04.11 17:13:16 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.04.11 17:13:16 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.04.11 17:13:16 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.04.11 17:13:12 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010.04.11 17:13:06 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.04.11 17:13:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010.04.11 17:13:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010.04.11 17:13:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010.04.11 17:13:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010.04.11 17:13:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010.04.11 17:12:57 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010.04.11 17:12:52 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010.04.11 17:09:01 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.11 13:04:21 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.04.11 13:04:21 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.04.11 13:04:13 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.04.11 13:04:13 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.04.11 13:04:13 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.04.11 13:04:06 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.04.11 13:04:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.04.11 12:53:21 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.04.11 12:53:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\ICQ
[2010.04.11 12:53:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\AOL
[2010.04.11 12:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.04.11 12:41:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\DivX
[2010.04.11 12:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.04.11 12:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010.04.11 12:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.04.11 12:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.11 12:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.04.11 12:35:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Apple Computer
[2010.04.11 12:35:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Apple Computer
[2010.04.11 12:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.04.11 12:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.11 12:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.04.11 12:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.11 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Apple
[2010.04.11 12:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.04.11 12:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.04.11 12:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.04.11 12:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.04.11 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Macromedia
[2010.04.11 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Adobe
[2010.04.11 12:28:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.04.11 12:21:42 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.11 12:21:42 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.11 12:21:42 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.11 12:21:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.11 12:21:42 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.11 12:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.11 12:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.04.11 12:20:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.04.11 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Mozilla
[2010.04.11 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Mozilla
[2010.04.11 12:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.04.11 11:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.04.11 11:45:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.04.11 11:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.04.11 11:35:55 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010.04.11 11:23:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Microsoft Games
[2010.04.11 10:57:10 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Searches
[2010.04.11 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Identities
[2010.04.11 10:57:00 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Contacts
[2010.04.11 10:56:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\VirtualStore
[2010.04.11 10:56:55 | 000,000,000 | --SD | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Videos
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Saved Games
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Pictures
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Music
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Links
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Favorites
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Downloads
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Documents
[2010.04.11 10:56:55 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Desktop
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Vorlagen
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\Verlauf
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\Temporary Internet Files
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Startmenü
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\SendTo
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Recent
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Netzwerkumgebung
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Lokale Einstellungen
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Documents\Eigene Videos
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Documents\Eigene Musik
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Eigene Dateien
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Documents\Eigene Bilder
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Druckumgebung
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Cookies
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\AppData\Local\Anwendungsdaten
[2010.04.11 10:56:55 | 000,000,000 | -HSD | C] -- C:\Users\Lisa\Anwendungsdaten
[2010.04.11 10:56:55 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData
[2010.04.11 10:56:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Temp
[2010.04.11 10:56:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Microsoft
[2010.04.11 10:56:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Media Center Programs
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.04.11 10:54:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.04.11 10:54:04 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010.04.11 10:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.04.11 10:45:58 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010.04.11 10:43:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.04.11 10:34:05 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.04.09 19:41:06 | 000,000,000 | ---D | C] -- C:\drivers
[2010.04.09 18:42:59 | 000,000,000 | R--D | C] -- C:\Programme
[2010.04.09 18:41:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen
[2010.04.09 18:41:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.06 21:36:06 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\cdcno.sys
[2010.05.06 21:34:36 | 001,048,576 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT
[2010.05.06 21:33:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2010.05.06 21:27:16 | 000,002,075 | ---- | M] () -- C:\Users\Lisa\Desktop\SpyHunter.lnk
[2010.05.06 21:23:57 | 000,490,392 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Lisa\Desktop\SpyHunter-Installer.exe
[2010.05.06 20:57:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.06 20:57:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.06 20:13:09 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Lisa\Desktop\mbam-setup.exe
[2010.05.06 16:57:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.06 16:34:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.06 16:34:56 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010.05.06 16:34:56 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.05.06 13:19:17 | 729,894,912 | ---- | M] () -- C:\Users\Lisa\Desktop\smaak-hp5_cd1.avi
[2010.05.03 22:31:53 | 033,316,864 | ---- | M] () -- C:\Users\Lisa\Desktop\TAAHM S07E01.avi
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.22 21:16:09 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.19 12:47:55 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.04.12 11:48:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.04.11 22:47:08 | 000,053,992 | ---- | M] () -- C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.11 22:45:58 | 000,251,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.11 21:19:44 | 152,882,016 | ---- | M] () -- C:\Users\Lisa\OOo_3.2.0_Win32Intel_install_de.exe
[2010.04.11 18:11:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.04.11 18:11:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.11 18:11:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.11 18:11:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.11 11:42:17 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010.04.11 11:42:16 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2010.04.11 11:04:36 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010.04.11 11:04:26 | 000,171,136 | RHS- | M] () -- C:\grldr
[2010.04.11 10:56:55 | 000,000,020 | -HS- | M] () -- C:\Users\Lisa\ntuser.ini
[2010.04.11 10:49:27 | 000,348,064 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.04.11 10:48:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.04.11 10:34:07 | 000,000,355 | -H-- | M] () -- C:\Boot.BAK
[2010.04.09 17:51:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.04.09 17:51:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.06 21:27:16 | 000,002,075 | ---- | C] () -- C:\Users\Lisa\Desktop\SpyHunter.lnk
[2010.05.06 08:36:52 | 729,894,912 | ---- | C] () -- C:\Users\Lisa\Desktop\smaak-hp5_cd1.avi
[2010.05.03 21:53:22 | 033,316,864 | ---- | C] () -- C:\Users\Lisa\Desktop\TAAHM S07E01.avi
[2010.05.03 21:09:16 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\cdcno.sys
[2010.04.22 21:16:09 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.15 14:16:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.04.12 11:48:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.04.11 21:18:21 | 152,882,016 | ---- | C] () -- C:\Users\Lisa\OOo_3.2.0_Win32Intel_install_de.exe
[2010.04.11 17:14:16 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010.04.11 11:04:26 | 000,171,136 | RHS- | C] () -- C:\grldr
[2010.04.11 10:56:55 | 001,048,576 | -HS- | C] () -- C:\Users\Lisa\NTUSER.DAT
[2010.04.11 10:56:55 | 000,524,288 | -HS- | C] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010.04.11 10:56:55 | 000,524,288 | -HS- | C] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010.04.11 10:56:55 | 000,262,144 | -H-- | C] () -- C:\Users\Lisa\ntuser.dat.LOG1
[2010.04.11 10:56:55 | 000,065,536 | -HS- | C] () -- C:\Users\Lisa\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.04.11 10:56:55 | 000,000,020 | -HS- | C] () -- C:\Users\Lisa\ntuser.ini
[2010.04.11 10:56:55 | 000,000,000 | -H-- | C] () -- C:\Users\Lisa\ntuser.dat.LOG2
[2010.04.11 10:48:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.04.11 10:48:14 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.04.11 10:34:07 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010.04.11 10:34:07 | 000,000,355 | -H-- | C] () -- C:\Boot.BAK
[2010.04.11 10:34:05 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2010.04.09 19:41:10 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved
[2010.04.09 17:51:57 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.04.09 17:51:57 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2009.04.11 15:19:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.01.21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
Code:
OTL Extras logfile created on: 06.05.2010 21:34:54 - Run 1
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\Lisa\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 33,66 Gb Total Space | 12,34 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 59,37 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive E: | 322,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LISA-PC
Current User Name: Lisa
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C06837-70A7-4D4F-B392-419BD937C73E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{02C5D7BC-B6C7-4B1C-81CB-1940A6D962B0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{05888C3B-FC81-453F-AB75-B671FCA074F3}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{0D9E3D6E-48C3-4E9E-A222-4F8EC9D540F5}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{24F69AFE-AE06-4C26-9CB5-7886B5E3894A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{44AC64E8-71BE-4667-86AD-AF1EE171053F}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{49E3B692-0DDE-4AF1-B1EA-FEFDC9BA9130}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4F9F5534-FF9B-4365-8790-310CF75796F7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{688ABFE3-9878-4F99-95CB-5B8A9A6F4B65}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{8480B31E-F4FE-48FF-886A-4334D47D8A6D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{92314743-ADC8-4A7D-AEA8-DEB9CAF63C99}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{9896D4D5-480C-4CEE-9AEC-A3CC5724CDA6}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{A1CAD22C-A800-4743-9012-E1F4F15538D1}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{A5ECDBB7-EC2D-434D-B72A-377558F86071}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{C275C96F-EA42-486B-BCC8-48FECC3C8CCB}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C78A166F-4CAB-4077-BA5E-C7CCFF9CCB1A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1297959B-B342-48AD-BB52-C5A84E87DB92}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{85960C8E-DC41-4636-9A70-B3A1201C12CB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E620A7DC-6B6C-418D-92D3-B8E8084B6D12}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{F12C63CF-5F17-4304-ADD4-95FD0A8964A6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{351C86BD-7490-4AAD-8D76-BD32E9EAAA7A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{AEBD39BD-9AE1-47B2-B2C9-4ED30451C090}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{BF8CECDF-138D-44CF-8513-AFD50088C5CE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D21B906A-9269-4F42-B931-A9B56D764E51}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"033AF7005E28212C588F4A6A7C70FC337035B868" = Windows Driver Package - Intel net  (02/25/2007 11.1.0.86)
"68C0F080293D2F762A22106C594B4792339BE161" = Windows Driver Package - Intel (NETw4v32) net  (02/25/2007 11.1.0.86)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"D378CF7D7829BEE3D6C6016D3E4A00DF2B5B858B" = Windows Driver Package - Intel (NETw2v32) net  (02/14/2007 9.1.1.13)
"DivX Setup.divx.com" = DivX-Setup
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"SopCast" = SopCast 3.2.9
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2010 12:19:17 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 06.05.2010 12:19:17 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 06.05.2010 12:19:17 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 06.05.2010 12:19:17 | Computer Name = Lisa-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 06.05.2010 13:34:50 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:34:56 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:34:56 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:35:01 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:35:02 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.05.2010 13:35:07 | Computer Name = Lisa-PC | Source = VSS | ID = 12289
Description =
 
[ System Events ]
Error - 01.05.2010 04:59:02 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.05.2010 15:09:17 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.05.2010 15:18:39 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.05.2010 15:24:57 | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 03.05.2010 16:00:45 | Computer Name = Lisa-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
 
Error - 03.05.2010 16:31:54 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
Error - 03.05.2010 17:11:17 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.05.2010 09:15:13 | Computer Name = Lisa-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
 
Error - 04.05.2010 14:52:35 | Computer Name = Lisa-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.05.2010 um 20:43:28 unerwartet heruntergefahren.
 
Error - 06.05.2010 08:52:01 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

_audioslave 06.05.2010 21:40
hab das ganze auch durchgeführt.. in der hoffnung nix falsch gemacht zu haben :D

(edith: hab grad nochmal spyhunter4 durchlaufen lassen.
diese cdcno.sys datei ist immernoch vorhanden Oo)

voila

Code:
ComboFix 10-05-05.0D - Lisa 06.05.2010  22:11:28.2.2 - x86
Microsoft® Windows Vista™ Ultimate  6.0.6002.2.1252.49.1031.18.3061.1968 [GMT 2:00]
ausgeführt von:: c:\users\Lisa\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-04-06 bis 2010-05-06  ))))))))))))))))))))))))))))))
.

2010-05-06 20:15 . 2010-05-06 20:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-05-06 20:02 . 2010-05-06 20:02        --------        d-----w-        c:\program files\CCleaner
2010-05-06 19:27 . 2010-05-06 19:27        110080        ----a-r-        c:\users\Lisa\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe
2010-05-06 19:27 . 2010-05-06 19:27        110080        ----a-r-        c:\users\Lisa\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe
2010-05-06 19:27 . 2010-05-06 19:27        --------        d-----w-        C:\sh4ldr
2010-05-06 19:27 . 2010-05-06 19:27        --------        d-----w-        c:\program files\Enigma Software Group
2010-05-06 19:26 . 2010-05-06 19:27        --------        d-----w-        c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-06 19:26 . 2010-05-06 19:26        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2010-05-06 18:14 . 2010-05-06 18:14        --------        d-----w-        c:\users\Lisa\AppData\Roaming\Malwarebytes
2010-05-06 18:13 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 18:13 . 2010-05-06 18:13        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-05-06 18:13 . 2010-05-06 18:13        --------        d-----w-        c:\programdata\Malwarebytes
2010-05-06 18:13 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-06 17:35 . 2010-05-06 17:35        --------        d-----w-        C:\avrescue
2010-05-03 19:07 . 2010-05-06 13:34        --------        d-sh--w-        c:\users\Lisa\AppData\Roaming\lowsec
2010-04-30 08:27 . 2009-08-24 11:36        377344        ----a-w-        c:\windows\system32\winhttp.dll
2010-04-29 20:00 . 2010-02-12 10:32        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-04-28 20:08 . 2009-06-15 14:53        270848        ----a-w-        c:\windows\system32\schannel.dll
2010-04-28 20:08 . 2009-06-15 14:52        499712        ----a-w-        c:\windows\system32\kerberos.dll
2010-04-22 19:16 . 2009-05-18 11:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-22 19:16 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2010-04-22 19:15 . 2010-04-22 19:15        --------        d-----w-        c:\program files\iPod
2010-04-15 12:17 . 2010-04-15 12:17        --------        d-----w-        c:\program files\Common Files\Adobe
2010-04-15 12:16 . 2010-04-15 12:16        --------        d-----w-        c:\programdata\McAfee Security Scan
2010-04-15 12:16 . 2010-04-15 12:16        --------        d-----w-        c:\programdata\McAfee
2010-04-15 12:16 . 2010-04-19 10:47        --------        d-----w-        c:\program files\McAfee Security Scan
2010-04-15 12:16 . 2010-04-15 12:19        --------        d-----w-        c:\users\Lisa\AppData\Local\Adobe
2010-04-14 11:51 . 2010-05-06 06:30        1        ----a-w-        c:\users\Lisa\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-14 11:51 . 2010-04-14 11:51        --------        d-----w-        c:\users\Lisa\AppData\Roaming\OpenOffice.org
2010-04-14 08:28 . 2010-02-23 11:10        212992        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:28 . 2010-02-23 11:10        79360        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:28 . 2010-02-23 11:10        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:28 . 2010-02-18 14:07        3600776        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:28 . 2010-02-18 14:07        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-04-14 08:28 . 2010-03-04 17:33        430080        ----a-w-        c:\windows\system32\vbscript.dll
2010-04-14 08:28 . 2010-02-18 14:07        904576        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-04-14 08:28 . 2010-02-18 13:30        200704        ----a-w-        c:\windows\system32\iphlpsvc.dll
2010-04-14 08:28 . 2010-02-18 11:28        25088        ----a-w-        c:\windows\system32\drivers\tunnel.sys
2010-04-14 08:27 . 2009-12-23 11:33        172032        ----a-w-        c:\windows\system32\wintrust.dll
2010-04-14 08:27 . 2010-01-13 17:34        98304        ----a-w-        c:\windows\system32\cabview.dll
2010-04-12 06:57 . 2010-04-12 06:57        --------        d-----w-        c:\users\Lisa\AppData\Roaming\Avira
2010-04-11 20:02 . 2010-02-20 23:06        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2010-04-11 20:02 . 2010-02-20 23:05        30720        ----a-w-        c:\windows\system32\httpapi.dll
2010-04-11 20:02 . 2010-02-20 20:53        411648        ----a-w-        c:\windows\system32\drivers\http.sys
2010-04-11 19:22 . 2010-04-11 19:22        --------        d-----w-        c:\program files\OpenOffice.org 3
2010-04-11 19:18 . 2010-04-11 19:19        152882016        ----a-w-        c:\users\Lisa\OOo_3.2.0_Win32Intel_install_de.exe
2010-04-11 16:11 . 2010-05-06 15:29        --------        d-----w-        c:\program files\JDownloader
2010-04-11 16:11 . 2010-04-11 16:11        411368        ----a-w-        c:\windows\system32\deploytk.dll
2010-04-11 16:11 . 2010-04-11 16:11        --------        d-----w-        c:\program files\Java
2010-04-11 15:15 . 2010-05-06 17:52        --------        d-----w-        c:\users\Lisa\AppData\Roaming\vlc
2010-04-11 15:13 . 2009-06-04 12:07        2066432        ----a-w-        c:\windows\system32\mstscax.dll
2010-04-11 15:12 . 2009-10-07 11:36        243712        ----a-w-        c:\windows\system32\rastls.dll
2010-04-11 15:12 . 2009-09-14 09:29        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-04-11 15:12 . 2009-05-08 12:53        604672        ----a-w-        c:\windows\system32\WMSPDMOD.DLL
2010-04-11 15:09 . 2010-02-24 08:16        181632        ------w-        c:\windows\system32\MpSigStub.exe
2010-04-11 11:04 . 2009-08-07 02:24        44768        ----a-w-        c:\windows\system32\wups2.dll
2010-04-11 11:04 . 2009-08-07 02:24        53472        ----a-w-        c:\windows\system32\wuauclt.exe
2010-04-11 11:04 . 2009-08-07 02:23        1929952        ----a-w-        c:\windows\system32\wuaueng.dll
2010-04-11 11:04 . 2009-08-07 01:45        2421760        ----a-w-        c:\windows\system32\wucltux.dll
2010-04-11 11:04 . 2009-08-07 02:24        35552        ----a-w-        c:\windows\system32\wups.dll
2010-04-11 11:04 . 2009-08-07 02:23        575704        ----a-w-        c:\windows\system32\wuapi.dll
2010-04-11 11:04 . 2009-08-07 01:44        87552        ----a-w-        c:\windows\system32\wudriver.dll
2010-04-11 11:04 . 2009-08-06 17:23        171608        ----a-w-        c:\windows\system32\wuwebv.dll
2010-04-11 11:04 . 2009-08-06 16:44        33792        ----a-w-        c:\windows\system32\wuapp.exe
2010-04-11 10:53 . 2010-04-11 10:53        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-04-11 10:53 . 2010-05-06 19:24        --------        d-----w-        c:\users\Lisa\AppData\Roaming\ICQ
2010-04-11 10:53 . 2010-04-11 10:53        --------        d-----w-        c:\users\Lisa\AppData\Local\AOL
2010-04-11 10:53 . 2010-04-11 15:04        --------        d-----w-        c:\program files\ICQ7.1
2010-04-11 10:41 . 2010-04-11 10:41        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-11 10:41 . 2010-04-11 10:39        754984        ----a-w-        c:\programdata\DivX\Setup\Resource.dll
2010-04-11 10:41 . 2010-04-11 10:41        56978        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-11 10:41 . 2010-04-11 10:41        56766        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-11 10:41 . 2010-04-11 10:39        1180952        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-11 10:41 . 2010-04-11 10:41        57679        ----a-w-        c:\programdata\DivX\Player\Uninstaller.exe
2010-04-11 10:41 . 2010-04-11 10:41        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe
2010-04-11 10:41 . 2010-04-12 08:42        --------        d-----w-        c:\users\Lisa\AppData\Roaming\DivX
2010-04-11 10:39 . 2010-04-11 10:39        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-11 10:39 . 2010-04-11 10:41        --------        d-----w-        c:\programdata\DivX
2010-04-11 10:38 . 2010-04-11 10:38        --------        d-----w-        c:\program files\VideoLAN
2010-04-11 10:35 . 2010-04-12 09:54        --------        d-----w-        c:\users\Lisa\AppData\Roaming\Apple Computer
2010-04-11 10:35 . 2010-04-11 10:35        --------        d-----w-        c:\users\Lisa\AppData\Local\Apple Computer
2010-04-11 10:35 . 2010-04-22 19:16        --------        d-----w-        c:\program files\iTunes
2010-04-11 10:35 . 2010-04-11 10:35        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-11 10:34 . 2010-04-11 10:34        --------        d-----w-        c:\program files\QuickTime
2010-04-11 10:34 . 2010-04-11 10:35        --------        d-----w-        c:\programdata\Apple Computer
2010-04-11 10:34 . 2010-04-11 10:34        --------        d-----w-        c:\users\Lisa\AppData\Local\Apple
2010-04-11 10:34 . 2010-04-11 10:34        --------        d-----w-        c:\program files\Apple Software Update
2010-04-11 10:33 . 2010-04-11 10:33        --------        d-----w-        c:\program files\Bonjour
2010-04-11 10:33 . 2010-04-22 19:15        --------        d-----w-        c:\program files\Common Files\Apple
2010-04-11 10:33 . 2010-04-12 09:47        --------        d-----w-        c:\programdata\Apple
2010-04-11 10:28 . 2010-04-11 10:28        --------        d-----w-        c:\windows\system32\Macromed
2010-04-11 10:21 . 2010-03-01 07:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-04-11 10:21 . 2010-02-16 11:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-04-11 10:21 . 2009-05-11 09:49        51992        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2010-04-11 10:21 . 2009-05-11 09:49        17016        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2010-04-11 10:21 . 2010-04-11 10:21        --------        d-----w-        c:\programdata\Avira
2010-04-11 10:21 . 2010-04-11 10:21        --------        d-----w-        c:\program files\Avira
2010-04-11 10:20 . 2010-05-06 19:27        --------        d-sh--w-        c:\windows\Installer
2010-04-11 10:10 . 2010-04-11 10:10        --------        d-----w-        c:\users\Lisa\AppData\Local\Mozilla
2010-04-11 09:45 . 2010-04-11 09:45        --------        d-----w-        c:\program files\DIFX
2010-04-11 09:45 . 2010-04-22 19:16        --------        dc----w-        c:\windows\system32\DRVSTORE
2010-04-11 09:42 . 2010-04-11 08:49        --------        d-----w-        c:\windows\Panther
2010-04-11 09:35 . 2010-04-11 09:35        --------        d-----w-        C:\Windows.old
2010-04-11 09:23 . 2010-05-04 14:16        --------        d-----w-        c:\users\Lisa\AppData\Local\Microsoft Games
2010-04-11 08:57 . 2010-04-11 20:47        53992        ----a-w-        c:\users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\users\Default\Vorlagen
2010-04-11 08:48 . 2010-05-06 14:34        12        ----a-w-        c:\windows\bthservsdp.dat
2010-04-11 08:34 . 2010-04-11 09:42        --------        d-----w-        C:\Boot
2010-04-09 17:41 . 2010-04-09 17:41        --------        d-----w-        C:\drivers
2010-04-09 16:42 . 2010-04-09 16:03        --------        d-----r-        C:\Programme
2010-04-09 16:41 . 2010-04-09 16:03        --------        d-----w-        C:\Dokumente und Einstellungen

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 20:01 . 2010-05-06 18:04        4838        ----a-w-        c:\windows\system32\PerfStringBackup.TMP
2010-04-12 09:48 . 2010-04-12 09:48        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-04-11 15:13 . 2010-04-11 15:13        --------        d-----w-        c:\program files\SopCast
2010-04-11 10:41 . 2010-04-11 10:40        --------        d-----w-        c:\program files\DivX
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Vorlagen
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Startmenü
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Favoriten
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Dokumente
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\programdata\Anwendungsdaten
2010-04-11 08:54 . 2010-04-11 08:54        --------        d-sh--we        c:\program files\Gemeinsame Dateien
2010-04-11 08:48 . 2010-04-11 08:48        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-25 23:48 . 2010-03-25 23:48        73000        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-09 16:25 . 2010-04-11 15:13        78336        ----a-w-        c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-04-11 15:13        834048        ----a-w-        c:\windows\system32\wininet.dll
2010-03-08 17:59 . 2010-03-08 17:59        94208        ----a-w-        c:\windows\system32\dpl100.dll
2010-02-19 19:27 . 2010-02-19 19:27        720384        ----a-w-        c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27        856064        ----a-w-        c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27        856064        ----a-w-        c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27        847872        ----a-w-        c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27        843776        ----a-w-        c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27        839680        ----a-w-        c:\windows\system32\divx_xx11.dll
2010-02-12 09:46 . 2010-02-12 09:46        91424        ----a-w-        c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46        107808        ----a-w-        c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):18,aa,f7,f7,a9,ba,c9,01

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - cdcno
*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {B7E2450D-49C3-49F6-9408-7FEFFA648A61} = 213.191.74.11 213.191.92.82
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\io64xbcq.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",  1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",      2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",      1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",  25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",    5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdcno]

.
Zeit der Fertigstellung: 2010-05-06  22:18:25
ComboFix-quarantined-files.txt  2010-05-06 20:18

Vor Suchlauf: 11 Verzeichnis(se), 13.329.575.936 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 13.177.352.192 Bytes frei

- - End Of File - - B1089390971C781866F32601C89050B4

_audioslave 06.05.2010 22:34
osam

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:32:42 on 06.05.2010

OS: Windows Vista Ultimate Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Lisa\AppData\Local\Temp\catchme.sys  (File not found)
"cdcno" (cdcno) - ? - C:\Windows\system32\drivers\cdcno.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ymmd" (ymmd) - ? - C:\Windows\System32\drivers\lwgnwd.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{0a4286ea-e355-44fb-8086-af3df7645bd9} "Windows Media Player" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"SpyHunter 4 Service" (SpyHunter 4 Service) - "Enigma Software Group USA, LLC." - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

_audioslave 06.05.2010 23:02
gmer

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-07 00:01:01
Windows 6.0.6002 Service Pack 2
Running: chcqvobj.exe; Driver: C:\Users\Lisa\AppData\Local\Temp\kxldapow.sys


---- Kernel code sections - GMER 1.0.15 ----

?              System32\Drivers\cdcno.sys                                                                      Ein an das System angeschlossenes Gerät funktioniert nicht. !

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                          85F57DB0

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service          (*** hidden *** )                                                                              [BOOT] cdcno                                                          <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b28047e                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdcno@Type                                                1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdcno@Start                                              0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdcno@ErrorControl                                        0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\cdcno@Group                                              Boot Bus Extender
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b28047e (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\cdcno@Type                                                    1
Reg            HKLM\SYSTEM\ControlSet003\Services\cdcno@Start                                                  0
Reg            HKLM\SYSTEM\ControlSet003\Services\cdcno@ErrorControl                                            0
Reg            HKLM\SYSTEM\ControlSet003\Services\cdcno@Group                                                  Boot Bus Extender

---- EOF - GMER 1.0.15 ----

_audioslave 07.05.2010 22:12
kann mir jemand helfen? :D

bzw fehlen doch irgendwelche infos?

_audioslave 11.05.2010 23:32
ich hols nochmal hoch.... :heilig:


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:19 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58