Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus öffnet selbständig Tabs in Firefox (https://www.trojaner-board.de/89413-virus-oeffnet-selbstaendig-tabs-firefox.html)

Christin 12.08.2010 14:06
Virus öffnet selbständig Tabs in Firefox
 
Hallo,
bei mir hat sich irgendein Virus eingenistet, der in regelmäßigen Abständen neue Tabs im Firefox öffnet, mit den unterschiedlichsten Inhalten.

Bisher hab ich CCleaner laufen lassen und mit Malwarebytes ne ganze Reihe Sachen gelöscht. Das log im Anschluss. Trotzdem ist da noch immer was, was im firefox rumspukt. Was würde es nützen wenn ich eine Systemwiederherstellung von einem früheren Zeitpunkt aufrufe? (kenn mich damit nicht so aus).

Das Log von Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12.08.2010 13:53:24
mbam-log-2010-08-12 (13-53-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 224131
Laufzeit: 43 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 4
Infizierte Dateien: 44

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2 (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\pbdev2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\Thumbs.db (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\PBDEV2TB0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Programme\dynamic toolbar\PBDEV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.

von OTL das OTL.txt:OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 12.08.2010 12:15:07 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Dokumente und Einstellungen\doris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,00 Mb Total Physical Memory | 613,00 Mb Available Physical Memory | 68,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,51 Gb Total Space | 13,48 Gb Free Space | 19,68% Space Free | Partition Type: NTFS
Drive D: | 9,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: doris
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (PanelSvc) -- C:\Programme\Meinungsstudie\PanelApp\PanelSvc.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CyberLink Media Library Service) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (GenericHidService) -- c:\APPS\HIDSERVICE\HidService.exe ()
SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VMnetAdapter) -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWALI) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ULI5261) -- C:\WINDOWS\system32\drivers\ULILAN.SYS (ULi Electronics Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (SIS162u) -- C:\WINDOWS\system32\drivers\sis162u.sys (SiS Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.studivz.net/Login | www.gmail.com"
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {53F9B74B-B22A-4EB0-9FEB-14F05390930C}:1402.2010.415.1356
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.24 21:36:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.24 21:36:20 | 000,000,000 | ---D | M]
 
[2010.01.13 00:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Extensions
[2010.07.21 23:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions
[2010.04.28 20:32:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.14 20:11:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.03.26 18:50:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010.07.21 23:39:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.04.13 22:07:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.13 22:07:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.13 22:07:26 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.13 22:07:26 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.13 22:07:27 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.27 23:59:03 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A8DAFB07-B6B6-44E7-AD73-6DA074935B3E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sta]  File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [BackgroundSwitcher] C:\Programme\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Programme\Octoshape Streaming Services\doris\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SiWake.lnk = C:\Programme\Wireless LAN Utility\SiWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ssl.cms.hu-berlin.de/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ce65381a-f9a7-11db-acb0-00038a000015}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.12 11:29:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Malwarebytes
[2010.08.12 11:29:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.12 11:29:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.12 11:29:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.12 11:29:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.12 11:25:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\doris\Recent
[2010.08.12 11:22:17 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.12 11:19:14 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\doris\Desktop\ccsetup234.exe
[2010.08.12 11:19:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe
[2010.08.12 11:19:06 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\doris\Desktop\mbam-setup.exe
[2010.07.20 00:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.20 00:20:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.07.20 00:19:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Street-Ads
[2010.07.19 22:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\jdbpagfhe
[2010.07.19 22:19:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761
[2010.07.13 20:39:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\DOSBox
[2010.07.13 20:38:52 | 000,000,000 | ---D | C] -- C:\Programme\DOSBox-0.74
[2010.07.13 20:37:44 | 001,448,809 | ---- | C] (DOSBox Team) -- C:\Programme\DOSBox0.74-win32-installer.exe
[2010.07.13 19:05:54 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.12 11:28:11 | 000,406,324 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100812_112758.reg
[2010.08.12 11:24:37 | 000,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.12 11:24:37 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 11:24:37 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.12 11:24:36 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 11:24:36 | 000,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.12 11:22:17 | 000,000,657 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\CCleaner.lnk
[2010.08.12 11:20:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.12 11:20:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.12 11:19:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.12 11:19:27 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\doris\NTUSER.DAT
[2010.08.12 11:19:27 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\doris\ntuser.ini
[2010.08.12 11:14:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.12 11:00:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Master CD_DVD Creator.job
[2010.08.12 11:00:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job
[2010.08.12 10:36:26 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.05 12:52:58 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\doris\Desktop\mbam-setup.exe
[2010.08.05 12:52:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe
[2010.08.05 12:52:54 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\doris\Desktop\ccsetup234.exe
[2010.07.13 20:38:42 | 001,448,809 | ---- | M] (DOSBox Team) -- C:\Programme\DOSBox0.74-win32-installer.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.12 11:28:05 | 000,406,324 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100812_112758.reg
[2010.08.12 11:22:17 | 000,000,657 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\CCleaner.lnk
[2008.08.15 21:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Word Clock.ini
[2008.01.06 15:13:14 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.01.06 15:13:13 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.01.06 14:58:52 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.10.13 12:24:26 | 000,007,417 | ---- | C] () -- C:\WINDOWS\System32\setparam.ini
[2007.10.13 12:24:26 | 000,007,417 | ---- | C] () -- C:\WINDOWS\setparam.ini
[2007.10.13 12:23:40 | 000,007,445 | ---- | C] () -- C:\WINDOWS\System32\wunilog.ini
[2007.08.06 11:03:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2007.01.21 22:30:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.10.16 23:04:46 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.09.29 06:40:34 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.04 13:24:08 | 000,000,058 | ---- | C] () -- C:\WINDOWS\TTN.INI
[2006.03.27 12:10:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.03.27 11:51:22 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006.03.27 11:47:27 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006.03.27 11:40:17 | 000,007,513 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006.03.27 11:28:39 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.05.20 14:05:02 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.06.23 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1997.10.18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.10.18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2007.01.22 16:16:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development
[2009.01.25 15:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CambridgeSoft
[2010.07.20 22:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\foldit
[2010.01.19 00:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GameHouse
[2009.12.08 14:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2010.03.24 21:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Juniper Networks
[2006.03.27 11:45:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2007.03.15 00:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
[2007.03.08 22:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sandlot Games
[2009.03.11 00:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006.03.27 11:47:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2006.03.27 11:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2007.03.13 20:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2010.06.10 19:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.19 22:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761
[2009.05.06 19:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\AliceHilfe
[2008.01.06 15:16:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\DAEMON Tools
[2010.07.08 21:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\DiskSpaceFan
[2006.11.23 16:21:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\FreeCall
[2006.10.16 23:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\ICQ Toolbar
[2006.10.16 23:16:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\ICQLite
[2009.12.12 14:45:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\johnsadventures.com
[2010.03.24 21:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks
[2006.12.22 15:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Leadertech
[2007.03.12 19:13:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Learn2.com
[2006.11.16 22:24:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\MSNInstaller
[2008.06.22 21:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Norman
[2006.08.05 13:26:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\OD2
[2007.01.19 09:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Opera
[2007.03.15 00:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\PlayFirst
[2010.07.20 00:19:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Street-Ads
[2009.10.23 21:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Ulead Systems
[2010.04.25 22:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\XnView
[2007.11.01 18:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Zylom
[2010.08.12 11:00:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job
[2010.08.12 11:00:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Master CD_DVD Creator.job
[2006.08.03 17:08:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 1.job
[2006.08.03 17:08:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 2.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 101 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1AE68282
< End of report >
--- --- ---

--- --- ---
und Extras.txtOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 12.08.2010 12:15:07 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Dokumente und Einstellungen\doris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,00 Mb Total Physical Memory | 613,00 Mb Available Physical Memory | 68,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,51 Gb Total Space | 13,48 Gb Free Space | 19,68% Space Free | Partition Type: NTFS
Drive D: | 9,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: doris
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\programme\microsoft office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- File not found
"%ProgramFiles%\Ahead\SIPPS\SIPPS.exe" = %ProgramFiles%\Ahead\SIPPS\SIPPS.exe:*:Enabled:SIPPS -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Programme\freecall\FreeCall\FreeCall.exe" = C:\Programme\freecall\FreeCall\FreeCall.exe:*:Enabled:FreeCall -- File not found
"C:\Dokumente und Einstellungen\doris\Eigene Dateien\blobby\volley.exe" = C:\Dokumente und Einstellungen\doris\Eigene Dateien\blobby\volley.exe:*:Enabled:volley -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\Programme\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe" = C:\Programme\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe:*:Disabled:ChemBioDraw Ultra 11.0 -- (CambridgeSoft Corp.)
"C:\Programme\CambridgeSoft\ChemOffice2008\Chem3D\Chem3D.exe" = C:\Programme\CambridgeSoft\ChemOffice2008\Chem3D\Chem3D.exe:*:Disabled:ChemBio3D Ultra 11.0 -- (CambridgeSoft Corp.)
"C:\Spiele\Anno  1701\Anno1701.exe" = C:\Spiele\Anno  1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- (Veoh Networks)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{21E90952-11F1-4473-9D6C-2EE09BCB10C3}" = OpenOffice.org 2.0
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41B98462-FBBD-4A22-AFFC-8CA8B19A5FDB}" = Qtiplot
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{750B9AD1-4C63-4143-94C5-6FB304199BAD}" = Opera 9.10
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5EA1755-1899-4380-A4BA-83840648CBDA}" = Die Meinungsstudie
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F1482413-D644-45D4-8E2A-FBDCEC18142A}" = CambridgeSoft ChemOffice Ultra 2008
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ACDLabs in C__ACDFREE10_" = ACD/Labs Software in C:\ACDFREE10\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AliceHilfe 1.0.0.1" = AliceHilfe
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_C00E1631" = Soft Data Fax Modem with SmartCP
"Disk Space Fan_is1" = Disk Space Fan 1.4.4.1
"Dynamic Toolbar_is1" = Packard Bell Toolbar 1.0
"foldit" = foldit
"ie8" = Windows Internet Explorer 8
"InstallShield_{F1482413-D644-45D4-8E2A-FBDCEC18142A}" = CambridgeSoft ChemOffice Ultra 2008
"Juniper Network Connect 6.0.0" = Juniper Networks Network Connect 6.0.0
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenTTD" = OpenTTD 0.7.0
"Scribus 1.3.3.12" = Scribus 1.3.3.12
"sis162u" = 802.11b USB Wireless LAN Adapter
"TmNations_is1" = TrackMania Nations ESWC 0.1.7.5
"Trillian" = Trillian
"Veoh Web Player Beta" = Veoh Web Player
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.7
"Wireless LAN Utility" = Wireless LAN Utility
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Clock_is1" = Word Clock
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2010 14:46:48 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
Error - 08.08.2010 15:14:06 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
Error - 08.08.2010 15:46:48 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
Error - 08.08.2010 16:14:05 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
Error - 08.08.2010 16:46:48 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
Error - 08.08.2010 17:14:05 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
Error - 11.08.2010 15:59:40 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
Error - 12.08.2010 04:36:08 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
Error - 12.08.2010 04:41:36 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
Error - 12.08.2010 05:14:05 | Computer Name = *** | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 11.08.2010 16:39:16 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 11.08.2010 16:39:30 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 11.08.2010 16:40:22 | Computer Name =*** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 11.08.2010 16:40:38 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12.08.2010 04:36:59 | Computer Name = *** | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
Error - 12.08.2010 05:21:09 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12.08.2010 05:21:36 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 12.08.2010 05:21:56 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  AmdK8  avgio  avipbb  Fips
 
Error - 12.08.2010 05:30:16 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "ImapiService"
 mit den Argumenten "-Service"  gestartet wurde, um den folgenden Server zu verwenden:
{520CCA63-51A5-11D3-9144-00104BA11C5E}
 
Error - 12.08.2010 06:13:20 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >
--- --- ---

cosinus 12.08.2010 14:21
Ist das ein anderer Rechner? Oder weswegen sonst machst Du einen neuen Strang auf? :confused:
http://www.trojaner-board.de/89146-t...n-dateien.html

Christin 12.08.2010 14:24
ist tatsächlich ein zweiter Rechner, das andere war bei meinen Eltern...

cosinus 12.08.2010 15:01
Zitat:
Datenbank Version: 4052
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Christin 12.08.2010 16:51
ok, nun wurden nochmal ein paar Dateien gefunden und gelöscht.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4422

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.08.2010 17:43:20
mbam-log-2010-08-12 (17-43-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 238816
Laufzeit: 1 Stunde(n), 30 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8dafb07-b6b6-44e7-ad73-6da074935b3e} (Adware.AdRotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

cosinus 12.08.2010 17:06
Dann brauch ich jetzt auch ein neues OTL-Log, da sich das System durch Malwarebytes verändert hat. Ich brauch aber nur die OTL.txt und nicht die Extras.txt

Christin 12.08.2010 17:19
ok, hier ist das gesuchte:OTL Logfile:
Code:
OTL logfile created on: 12.08.2010 18:08:19 - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Dokumente und Einstellungen\doris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,00 Mb Total Physical Memory | 342,00 Mb Available Physical Memory | 38,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,51 Gb Total Space | 12,76 Gb Free Space | 18,62% Space Free | Partition Type: NTFS
Drive D: | 9,76 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: doris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Programme\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Octoshape Streaming Services\doris\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
PRC - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - c:\APPS\HIDSERVICE\HidService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Wireless LAN Utility\SiWake.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (PanelSvc) -- C:\Programme\Meinungsstudie\PanelApp\PanelSvc.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CyberLink Media Library Service) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (GenericHidService) -- c:\APPS\HIDSERVICE\HidService.exe ()
SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VMnetAdapter) -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWALI) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ULI5261) -- C:\WINDOWS\system32\drivers\ULILAN.SYS (ULi Electronics Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (SIS162u) -- C:\WINDOWS\system32\drivers\sis162u.sys (SiS Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.studivz.net/Login | www.gmail.com"
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {53F9B74B-B22A-4EB0-9FEB-14F05390930C}:1402.2010.415.1356
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.24 21:36:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.24 21:36:20 | 000,000,000 | ---D | M]
 
[2010.01.13 00:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Extensions
[2010.08.12 14:44:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions
[2010.04.28 20:32:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.14 20:11:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.03.26 18:50:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010.08.12 14:44:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.04.13 22:07:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.13 22:07:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.13 22:07:26 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.13 22:07:26 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.13 22:07:27 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.27 23:59:03 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [BackgroundSwitcher] C:\Programme\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Programme\Octoshape Streaming Services\doris\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SiWake.lnk = C:\Programme\Wireless LAN Utility\SiWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ssl.cms.hu-berlin.de/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ce65381a-f9a7-11db-acb0-00038a000015}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.12 11:29:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Malwarebytes
[2010.08.12 11:29:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.12 11:29:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.12 11:29:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.12 11:29:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.12 11:25:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\doris\Recent
[2010.08.12 11:22:17 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.12 11:19:14 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\doris\Desktop\ccsetup234.exe
[2010.08.12 11:19:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe
[2010.08.12 11:19:06 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\doris\Desktop\mbam-setup.exe
[2010.07.20 00:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.20 00:20:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.07.19 22:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\jdbpagfhe
[2010.07.19 22:19:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761
[2010.07.13 20:39:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\DOSBox
[2010.07.13 20:38:52 | 000,000,000 | ---D | C] -- C:\Programme\DOSBox-0.74
[2010.07.13 20:37:44 | 001,448,809 | ---- | C] (DOSBox Team) -- C:\Programme\DOSBox0.74-win32-installer.exe
[2010.07.13 19:05:54 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.12 18:00:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Master CD_DVD Creator.job
[2010.08.12 18:00:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job
[2010.08.12 17:45:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.12 17:45:29 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.12 17:45:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.12 17:44:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.12 17:44:54 | 939,048,960 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.12 17:43:44 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\doris\NTUSER.DAT
[2010.08.12 17:43:44 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\doris\ntuser.ini
[2010.08.12 17:43:41 | 004,313,052 | -H-- | M] () -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.08.12 17:14:03 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.12 14:31:44 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 14:31:44 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.12 14:31:44 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 14:31:44 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.12 14:31:44 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.12 12:20:18 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.12 12:18:33 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 11:28:11 | 000,406,324 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100812_112758.reg
[2010.08.12 11:22:17 | 000,000,657 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\CCleaner.lnk
[2010.08.05 12:52:58 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\doris\Desktop\mbam-setup.exe
[2010.08.05 12:52:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe
[2010.08.05 12:52:54 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\doris\Desktop\ccsetup234.exe
[2010.07.13 20:38:42 | 001,448,809 | ---- | M] (DOSBox Team) -- C:\Programme\DOSBox0.74-win32-installer.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.12 13:54:42 | 939,048,960 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.12 11:28:05 | 000,406,324 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100812_112758.reg
[2010.08.12 11:22:17 | 000,000,657 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\CCleaner.lnk
[2008.08.15 21:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Word Clock.ini
[2008.01.06 15:13:14 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.01.06 15:13:13 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.01.06 14:58:52 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.10.13 12:24:26 | 000,007,417 | ---- | C] () -- C:\WINDOWS\System32\setparam.ini
[2007.10.13 12:24:26 | 000,007,417 | ---- | C] () -- C:\WINDOWS\setparam.ini
[2007.10.13 12:23:40 | 000,007,445 | ---- | C] () -- C:\WINDOWS\System32\wunilog.ini
[2007.08.06 11:03:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2007.01.21 22:30:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.10.16 23:04:46 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.09.29 06:40:34 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.04 13:24:08 | 000,000,058 | ---- | C] () -- C:\WINDOWS\TTN.INI
[2006.03.27 12:10:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.03.27 11:51:22 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006.03.27 11:47:27 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006.03.27 11:40:17 | 000,007,513 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006.03.27 11:28:39 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.05.20 14:05:02 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.06.23 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1997.10.18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.10.18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2007.01.22 16:16:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development
[2009.01.25 15:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CambridgeSoft
[2010.07.20 22:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\foldit
[2010.01.19 00:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GameHouse
[2009.12.08 14:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2010.03.24 21:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Juniper Networks
[2006.03.27 11:45:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2007.03.15 00:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
[2007.03.08 22:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sandlot Games
[2009.03.11 00:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006.03.27 11:47:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2006.03.27 11:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2007.03.13 20:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2010.06.10 19:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.19 22:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761
[2009.05.06 19:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\AliceHilfe
[2008.01.06 15:16:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\DAEMON Tools
[2010.07.08 21:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\DiskSpaceFan
[2006.11.23 16:21:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\FreeCall
[2006.10.16 23:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\ICQ Toolbar
[2006.10.16 23:16:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\ICQLite
[2009.12.12 14:45:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\johnsadventures.com
[2010.03.24 21:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks
[2006.12.22 15:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Leadertech
[2007.03.12 19:13:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Learn2.com
[2006.11.16 22:24:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\MSNInstaller
[2008.06.22 21:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Norman
[2006.08.05 13:26:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\OD2
[2007.01.19 09:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Opera
[2007.03.15 00:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\PlayFirst
[2009.10.23 21:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Ulead Systems
[2010.04.25 22:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\XnView
[2007.11.01 18:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Zylom
[2010.08.12 18:00:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job
[2010.08.12 18:00:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Master CD_DVD Creator.job
[2006.08.03 17:08:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 1.job
[2006.08.03 17:08:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 2.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 101 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1AE68282
< End of report >
--- --- ---

Christin 12.08.2010 17:54
das Problem tritt immer noch auf wie es aussieht. Ich werd mich wohl erst nach meinem Urlaub wieder darum kümmern können.
Danke erstmal für deinen Rat.

cosinus 12.08.2010 19:54
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
@Alternate Data Stream - 101 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1AE68282
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Christin 22.08.2010 22:33
Hallo,

hier ist das Logfile:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1AE68282 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 363369 bytes

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: doris
->Temp folder emptied: 1101638 bytes
->Temporary Internet Files folder emptied: 43979644 bytes
->Java cache emptied: 7140 bytes
->FireFox cache emptied: 35045818 bytes
->Flash cache emptied: 10661 bytes

User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 201497 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 113389834 bytes
->Flash cache emptied: 2067 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 3614087 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 189,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08222010_232829

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
___
Gruß, Christin

cosinus 23.08.2010 12:43
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Christin 23.08.2010 20:56
Da hab ich mal eine etwas doofe Frage...
Wie beende ich Avira denn richtig? Ich kann den Guard deaktivieren, aber das reicht Combofix natürlich nicht. Den Prozess avguard.exe im Taskmanager kann ich irgendwie nicht abbrechen (Zugriff verweigert).

Außerdem macht es mich stutzig, dass Combofix in seiner Fehlermeldung als noch laufende Programme viermal Avira aufzählt (also viermal den identischen Programmnamen). Selbst wenn ich vor der letzten Versionserneuerung Avira nicht ordentlich deinstalliert habe - vier Versionen können eigentlich nicht auf dem Rechner sein.

Gleiches Problem tritt auch im abgesicherten Modus auf, obwohl Avira da gar nicht unten in der Leiste erscheint. Kommt mir alles komisch vor...

cosinus 23.08.2010 21:19
Regenschirm schließen reicht

Christin 23.08.2010 22:12
hier haben wir das Ergebnis:

Combofix Logfile:
Code:
ComboFix 10-08-22.07 - doris 23.08.2010  22:37:36.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.895.538 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\doris\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD218-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD408-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD408-FFA4-00FC-0D24-347CA8A3377C}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-23 bis 2010-08-23  ))))))))))))))))))))))))))))))
.

2010-08-22 21:31 . 2010-08-22 21:31        --------        d-----w-        c:\dokumente und einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\Octoshape
2010-08-22 21:28 . 2010-08-22 21:28        --------        d-----w-        C:\_OTL
2010-08-12 09:29 . 2010-08-12 09:29        --------        d-----w-        c:\dokumente und einstellungen\doris\Anwendungsdaten\Malwarebytes
2010-08-12 09:29 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-12 09:29 . 2010-08-12 09:29        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-08-12 09:29 . 2010-08-12 09:29        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-12 09:29 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-12 09:22 . 2010-08-12 09:22        --------        d-----w-        c:\programme\CCleaner

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 20:25 . 2006-11-17 13:00        --------        d-----w-        c:\programme\trillian
2010-08-22 21:28 . 2004-08-11 16:48        84722        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-22 21:28 . 2004-08-11 16:48        459396        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-12 10:32 . 2006-09-28 21:49        --------        d-----w-        c:\dokumente und einstellungen\doris\Anwendungsdaten\OpenOffice.org2
2010-08-12 10:20 . 2006-08-03 15:09        60928        ----a-w-        c:\dokumente und einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-07-20 20:07 . 2009-06-22 20:40        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\foldit
2010-07-19 20:20 . 2010-07-19 20:19        --------        d-----w-        c:\dokumente und einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761
2010-07-13 19:04 . 2010-07-13 18:38        --------        d-----w-        c:\programme\DOSBox-0.74
2010-07-13 18:38 . 2010-07-13 18:37        1448809        ----a-w-        c:\programme\DOSBox0.74-win32-installer.exe
2010-07-08 19:50 . 2010-04-11 10:00        --------        d-----w-        c:\dokumente und einstellungen\doris\Anwendungsdaten\DiskSpaceFan
2010-07-07 22:16 . 2006-08-05 11:21        --------        d-----w-        c:\dokumente und einstellungen\doris\Anwendungsdaten\Skype
2010-07-07 22:08 . 2009-11-02 18:14        --------        d-----w-        c:\dokumente und einstellungen\doris\Anwendungsdaten\skypePM
2010-07-01 22:04 . 2010-07-01 22:04        --------        d-----w-        c:\programme\Gemeinsame Dateien\Skype
2010-06-14 14:31 . 2004-08-11 17:03        744448        ----a-w-        c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-04-21 18:42 . 2010-04-21 18:42        3084859        ----a-w-        c:\programme\winscp427setup.exe
2010-02-23 20:14 . 2010-02-23 20:13        215048        ----a-w-        c:\programme\Opera_1010_in_Setup.exe
2010-02-06 09:09 . 2010-02-06 09:09        1115663        ----a-w-        c:\programme\PanelApp_installer_pa_RN_de.msi
2009-12-09 18:59 . 2009-12-09 18:59        8810568        ----a-w-        c:\programme\VeohWebPlayerSetup_eng.exe
2009-11-17 15:56 . 2009-11-17 15:56        318904        ----a-w-        c:\programme\wmpfirefoxplugin.exe
2009-11-03 18:51 . 2009-11-03 18:51        978432        ----a-w-        c:\programme\VDMSound-2.0.4-WinNT-i386.msi
2008-03-22 18:45 . 2008-03-22 18:50        1010824        ----a-w-        c:\programme\HamachiSetup-1.0.2.5-de.exe
2007-12-29 09:32 . 2007-12-29 09:31        8759168        ----a-w-        c:\programme\winamp551_full_emusic-7plus_en-us.exe
2007-04-12 14:29 . 2007-04-12 14:29        11868792        ----a-w-        c:\programme\winamp533_full_bundle_emusic-7plus.exe
2007-01-19 07:08 . 2007-01-19 07:08        620        ----a-w-        c:\programme\Opera.lnk
2007-01-19 07:07 . 2007-01-19 07:06        6441056        ----a-w-        c:\programme\Opera_9.10_International_Setup.exe
2007-01-18 18:35 . 2007-01-18 18:35        872        ----a-w-        c:\programme\TmNations.lnk
2007-01-18 16:58 . 2007-01-18 14:28        278695200        ----a-w-        c:\programme\TmNationsESWC_Setup.exe
2006-10-18 17:00 . 2006-10-18 17:00        10141008        ----a-w-        c:\programme\PackardBell-SkypeSetup.exe
2006-10-17 17:37 . 2006-10-17 17:37        1355912        ----a-w-        c:\programme\install_flash_player.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"Octoshape Streaming Services"="c:\programme\Octoshape Streaming Services\doris\OctoshapeClient.exe" [2008-05-22 156944]
"BackgroundSwitcher"="c:\programme\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2009-09-23 119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"Ulead AutoDetector v2"="c:\programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-03-27 180269]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
SiWake.lnk - c:\programme\Wireless LAN Utility\SiWake.exe [2007-10-13 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\Ahead\\SIPPS\\SIPPS.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"=
"c:\\Programme\\CambridgeSoft\\ChemOffice2008\\Chem3D\\Chem3D.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Spiele\\Anno  1701\\Anno1701.exe"=
"c:\\Programme\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [22.03.2009 23:22 108289]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [31.12.2004 15:24 28160]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [12.10.2009 21:54 133104]
S3 PanelSvc;PanelSvc;c:\programme\Meinungsstudie\PanelApp\PanelSvc.exe [30.12.2009 12:20 91136]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.01.2008 14:58 715248]
.
Inhalt des "geplante Tasks" Ordners

2010-08-22 c:\windows\Tasks\Erweiterte Garantie.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 11:55]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-12 19:54]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-12 19:54]

2010-08-22 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 13:26]

2006-08-03 c:\windows\Tasks\Registrierungserinnerung 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 02:22]

2006-08-03 c:\windows\Tasks\Registrierungserinnerung 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 02:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.web.de/home
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\dokumente und einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.studivz.net/Login | www.gmail.com
FF - component: c:\dokumente und einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\Meinungsstudie\PanelApp\ff\components\FFoxAddinStub.dll
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\dokumente und einstellungen\doris\Anwendungsdaten\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\programme\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\programme\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programme\Octoshape Streaming Services\doris\octoprogram-L03-NMS1002170_SUA_000\npoctoshape.dll
FF - plugin: c:\programme\Octoshape Streaming Services\doris\octoprogram-L03-NMS1008042_SUA_000\npoctoshape.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

ShellIconOverlayIdentifiers-{B8A03725-03B9-485F-BB22-E848799D4C2A} - (no file)
AddRemove-Octoshape Streaming Services - c:\programme\Octoshape Streaming Services\doris\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-23 23:00
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85021B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7598f28
\Driver\ACPI -> ACPI.sys @ 0xf73aacb8
\Driver\atapi -> atapi.sys @ 0xf734a852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
 ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: ULi PCI Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7211bb0
 PacketIndicateHandler -> NDIS.sys @ 0xf7200a0d
 SendHandler -> NDIS.sys @ 0xf7214b40
user & kernel MBR OK

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1052)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\programme\Juniper Networks\Common Files\dsNcService.exe
c:\programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-23  23:08:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-23 21:08

Vor Suchlauf: 16 Verzeichnis(se), 13.682.327.552 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 13.628.620.800 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 6F4786C6536ADAD22C490926C61BD3A0
--- --- ---

cosinus 24.08.2010 12:40
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Christin 24.08.2010 18:14
hier kommt das GMER-Log:
GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-24 19:13:43
Windows 5.1.2600 Service Pack 3
Running: 3p9zkh2u.exe; Driver: C:\DOKUME~1\doris\LOKALE~1\Temp\kglcqpod.sys


---- System - GMER 1.0.15 ----

SSDT            F7B14056                                                                                                            ZwCreateKey
SSDT            F7B1404C                                                                                                            ZwCreateThread
SSDT            F7B1405B                                                                                                            ZwDeleteKey
SSDT            F7B14065                                                                                                            ZwDeleteValueKey
SSDT            F7B1406A                                                                                                            ZwLoadKey
SSDT            F7B14038                                                                                                            ZwOpenProcess
SSDT            F7B1403D                                                                                                            ZwOpenThread
SSDT            F7B14074                                                                                                            ZwReplaceKey
SSDT            F7B1406F                                                                                                            ZwRestoreKey
SSDT            F7B14060                                                                                                            ZwSetValueKey
SSDT            F7B14047                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xEB56B300, 0x3ACC8, 0xE8000020]
.text          C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xEDAB8300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory                                              7C91D6EE 5 Bytes  JMP 006E000A
.text          C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory                                                7C91DFAE 5 Bytes  JMP 006F000A
.text          C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!KiUserExceptionDispatcher                                            7C91E47C 5 Bytes  JMP 006D000C
.text          C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!GetCursorPos                                                        7E37974E 5 Bytes  JMP 0179000A
.text          C:\WINDOWS\System32\svchost.exe[1096] ole32.dll!CoCreateInstance                                                    774D057E 5 Bytes  JMP 00DE000A
.text          C:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtProtectVirtualMemory                                                      7C91D6EE 5 Bytes  JMP 00B8000A
.text          C:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtWriteVirtualMemory                                                        7C91DFAE 5 Bytes  JMP 00BE000A
.text          C:\WINDOWS\Explorer.EXE[1912] ntdll.dll!KiUserExceptionDispatcher                                                    7C91E47C 5 Bytes  JMP 00B7000C

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x48 0x1F 0x72 0x5A ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xB2 0x85 0x09 0xA0 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD3 0xC1 0xEC 0x73 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x0D 0x2D 0xD8 0xBC ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xB2 0x85 0x09 0xA0 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD3 0xC1 0xEC 0x73 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x0D 0x2D 0xD8 0xBC ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x48 0x1F 0x72 0x5A ...
Reg            HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x48 0x1F 0x72 0x5A ...

---- EOF - GMER 1.0.15 ----
--- --- ---

Christin 24.08.2010 18:30
OSAM:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:28:38 on 24.08.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.11

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Erweiterte Garantie.job" - "Packard Bell BV" - C:\APPS\SMP\PBCARNOT.EXE
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Master CD_DVD Creator.job" - "Packard Bell BV" - C:\Apps\SMP\MCDCHECK.EXE

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"SETUPPC.CPL" - "NEC Computers International" - C:\WINDOWS\system32\SETUPPC.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys  (File not found)
"WAN Miniport (ATW)" (wanatw) - "America Online, Inc." - C:\WINDOWS\System32\DRIVERS\wanatw4.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\programme\microsoft office\Office10\msohev.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\programme\microsoft office\Office10\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Apps\RecordNow\shlext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\WINDOWS\Downloaded Program Files\JuniperSetupClient.ocx / https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab
{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} "JuniperSetupSP1 Control" - "Juniper Networks" - C:\WINDOWS\DOWNLO~1\JUNIPE~1.OCX / https://ssl.cms.hu-berlin.de/dana-cached/setup/JuniperSetupSP1.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"SiWake.lnk" - ? - C:\Programme\Wireless LAN Utility\SiWake.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\doris\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BackgroundSwitcher" - "johnsadventures.com" - "C:\Programme\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
"Octoshape Streaming Services" - "Octoshape ApS" - "C:\Programme\Octoshape Streaming Services\doris\OctoshapeClient.exe" -inv:bootrun
"SmpcSys" - "Packard Bell BV" - C:\APPS\SMP\SmpSys.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ATIPTA" - "ATI Technologies, Inc." - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"PCMService" - "CyberLink Corp." - "c:\Apps\Powercinema\PCMService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"Ulead AutoDetector v2" - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Generic Service for HID Keyboard Input Collections" (GenericHidService) - ? - c:\APPS\HIDSERVICE\HIDSERVICE.exe  (File found, but it contains no detailed information)
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Programme\Juniper Networks\Common Files\dsNcService.exe
"PanelSvc" (PanelSvc) - ? - C:\Programme\Meinungsstudie\PanelApp\PanelSvc.exe  (File found, but it contains no detailed information)
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Christin 24.08.2010 18:36
ich glaub Bootkit Remover hat nichts gefunden, der einzige Eintrag in der Tabelle lautet:

Size 74 GB
Device Name \\.\PhysicalDrive0
MBR Status: OK (DOS/Win32 Boot code found)

cosinus 24.08.2010 19:02
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Christin 24.08.2010 20:46
Das ist von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4470

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.08.2010 21:36:14
mbam-log-2010-08-24 (21-36-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 238131
Laufzeit: 1 Stunde(n), 25 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\extensions.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\Temp\0.6797027898868435.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\extensions.exe\config.bin (Spyware.SpyEyes) -> Quarantined and deleted successfully.
C:\extensions.exe\extensions.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.

Christin 24.08.2010 23:09
und SASW:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/24/2010 at 11:53 PM

Application Version : 4.41.1000

Core Rules Database Version : 5400
Trace Rules Database Version: 3212

Scan type : Complete Scan
Total Scan Time : 01:56:59

Memory items scanned : 507
Memory threats detected : 0
Registry items scanned : 7201
Registry threats detected : 0
File items scanned : 101017
File threats detected : 4

Trojan.Agent/Gen-CDesc[Gen]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP689\A0138098.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP689\A0138099.EXE

Trojan.Agent/Gen-Faldesc
C:\SYSTEM VOLUME INFORMATION\_RESTORE{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP689\A0138100.EXE

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP690\A0138240.EXE

Christin 25.08.2010 10:25
Es öffnen sich leider immer noch Browsertabs "wie von Zauberhand". Langsam bin ich ja etwas entmutigt.

cosinus 25.08.2010 11:47
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Christin 25.08.2010 12:51
es gab nur ein OTL-log, Extras hat er nicht ausgegeben.OTL Logfile:
Code:
OTL logfile created on: 25.08.2010 13:37:23 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Dokumente und Einstellungen\doris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,51 Gb Total Space | 12,49 Gb Free Space | 18,23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRISTIN
Current User Name: doris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Programme\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Octoshape Streaming Services\doris\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
PRC - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - c:\APPS\HIDSERVICE\HidService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Wireless LAN Utility\SiWake.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (PanelSvc) -- C:\Programme\Meinungsstudie\PanelApp\PanelSvc.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CyberLink Media Library Service) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (GenericHidService) -- c:\APPS\HIDSERVICE\HidService.exe ()
SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VMnetAdapter) -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys File not found
DRV - (catchme) -- C:\cofi\catchme.sys File not found
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWALI) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ULI5261) -- C:\WINDOWS\system32\drivers\ULILAN.SYS (ULi Electronics Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (SIS162u) -- C:\WINDOWS\system32\drivers\sis162u.sys (SiS Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.studivz.net/Login | www.gmail.com"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {53F9B74B-B22A-4EB0-9FEB-14F05390930C}:1402.2010.415.1356
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.22 19:51:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.22 19:51:30 | 000,000,000 | ---D | M]
 
[2010.01.13 00:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Extensions
[2010.08.25 08:45:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions
[2010.04.28 20:32:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.14 20:11:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.03.26 18:50:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla\Firefox\Profiles\may46yl2.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010.08.25 08:45:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.08.22 19:51:22 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.22 19:51:22 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.22 19:51:22 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.22 19:51:22 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.22 19:51:22 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.23 23:00:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [BackgroundSwitcher] C:\Programme\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Programme\Octoshape Streaming Services\doris\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SiWake.lnk = C:\Programme\Wireless LAN Utility\SiWake.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ssl.cms.hu-berlin.de/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "AOL ACS"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm  - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (68130555115339776)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.24 23:20:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.08.24 21:49:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\SUPERAntiSpyware.com
[2010.08.24 21:49:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.08.24 21:49:04 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.08.24 21:47:41 | 009,157,960 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\doris\Desktop\SUPERAntiSpyware.exe
[2010.08.24 19:31:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Desktop\bootkit_remover
[2010.08.24 19:24:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Desktop\5.1.2600.2.00010300.3.0-Dateien
[2010.08.24 19:19:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\AdobeUM
[2010.08.24 19:19:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Real
[2010.08.24 19:18:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.08.24 19:18:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2010.08.24 19:17:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Desktop\osam_autorun_manager_5_0_portable
[2010.08.23 22:26:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.08.23 22:26:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.08.23 22:26:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.08.23 22:26:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.08.23 21:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.08.23 21:42:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.23 21:35:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\doris\Recent
[2010.08.22 23:31:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\Octoshape
[2010.08.22 23:28:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.12 11:29:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Malwarebytes
[2010.08.12 11:29:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.12 11:29:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.12 11:29:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.12 11:29:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.12 11:22:17 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.12 11:19:14 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\doris\Desktop\ccsetup234.exe
[2010.08.12 11:19:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe
[2010.08.12 11:19:06 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\doris\Desktop\mbam-setup.exe
[2010.07.20 00:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.20 00:20:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.07.19 22:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\jdbpagfhe
[2010.07.19 22:19:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761
[2010.07.13 20:39:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\DOSBox
[2010.07.13 20:38:52 | 000,000,000 | ---D | C] -- C:\Programme\DOSBox-0.74
[2010.07.13 20:37:44 | 001,448,809 | ---- | C] (DOSBox Team) -- C:\Programme\DOSBox0.74-win32-installer.exe
[2010.07.02 00:04:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.06.10 19:04:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.10 18:59:33 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.06.10 18:58:33 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.06.10 18:58:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.25 13:30:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Master CD_DVD Creator.job
[2010.08.25 13:30:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job
[2010.08.25 13:14:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.25 08:33:58 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.25 08:33:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.25 08:33:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.25 08:33:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.25 08:33:08 | 939,048,960 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.25 00:12:32 | 006,553,600 | -H-- | M] () -- C:\Dokumente und Einstellungen\doris\NTUSER.DAT
[2010.08.25 00:12:32 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\doris\ntuser.ini
[2010.08.25 00:03:52 | 004,845,432 | -H-- | M] () -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.08.24 21:49:09 | 000,001,645 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.24 21:48:05 | 009,157,960 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\doris\Desktop\SUPERAntiSpyware.exe
[2010.08.24 20:07:58 | 000,000,679 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.24 20:06:46 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\doris\Desktop\mbam-setup.exe
[2010.08.24 19:31:01 | 000,036,833 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\bootkit_remover.rar
[2010.08.24 19:27:24 | 000,043,339 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\osam1.html
[2010.08.24 19:26:26 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.24 19:26:26 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.24 19:26:26 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.24 19:26:26 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.24 19:26:26 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.24 19:24:31 | 000,009,089 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\5.1.2600.2.00010300.3.0.htm
[2010.08.24 19:18:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.24 19:16:52 | 004,272,474 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.08.24 18:00:29 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\3p9zkh2u.exe
[2010.08.24 09:02:03 | 011,237,816 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\principles-of-polymerization.pdf
[2010.08.23 23:01:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.23 23:00:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.23 21:39:09 | 000,000,790 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100823_213906.reg
[2010.08.23 21:38:58 | 000,000,670 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100823_213855.reg
[2010.08.23 21:38:45 | 000,006,784 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100823_213835.reg
[2010.08.23 21:27:26 | 003,825,912 | R--- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\cofi.exe
[2010.08.12 12:20:18 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.12 12:18:33 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 11:28:11 | 000,406,324 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100812_112758.reg
[2010.08.12 11:22:17 | 000,000,657 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Desktop\CCleaner.lnk
[2010.08.05 12:52:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\doris\Desktop\OTL.exe
[2010.08.05 12:52:54 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\doris\Desktop\ccsetup234.exe
[2010.07.13 20:38:42 | 001,448,809 | ---- | M] (DOSBox Team) -- C:\Programme\DOSBox0.74-win32-installer.exe
[2010.06.16 22:48:08 | 000,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.16 22:48:08 | 000,000,293 | RHS- | M] () -- C:\BOOT.INI
[2010.06.10 18:47:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.05.27 22:02:57 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\winscp.rnd
 
========== Files Created - No Company Name ==========
 
[2010.08.24 21:49:09 | 000,001,645 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.24 20:07:58 | 000,000,679 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.24 19:31:00 | 000,036,833 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\bootkit_remover.rar
[2010.08.24 19:27:24 | 000,043,339 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\osam1.html
[2010.08.24 19:24:30 | 000,009,089 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\5.1.2600.2.00010300.3.0.htm
[2010.08.24 19:18:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.24 19:16:52 | 004,272,474 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.08.24 18:00:28 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\3p9zkh2u.exe
[2010.08.24 09:02:03 | 011,237,816 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\principles-of-polymerization.pdf
[2010.08.23 22:26:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.08.23 22:26:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.08.23 22:26:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.08.23 22:26:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.08.23 22:26:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.23 21:47:19 | 939,048,960 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.23 21:39:08 | 000,000,790 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100823_213906.reg
[2010.08.23 21:38:57 | 000,000,670 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100823_213855.reg
[2010.08.23 21:38:43 | 000,006,784 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100823_213835.reg
[2010.08.23 21:27:06 | 003,825,912 | R--- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\cofi.exe
[2010.08.12 11:28:05 | 000,406,324 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\cc_20100812_112758.reg
[2010.08.12 11:22:17 | 000,000,657 | ---- | C] () -- C:\Dokumente und Einstellungen\doris\Desktop\CCleaner.lnk
[2008.08.15 21:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Word Clock.ini
[2008.01.06 15:13:14 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.01.06 15:13:13 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.10.13 12:24:26 | 000,007,417 | ---- | C] () -- C:\WINDOWS\System32\setparam.ini
[2007.10.13 12:24:26 | 000,007,417 | ---- | C] () -- C:\WINDOWS\setparam.ini
[2007.10.13 12:23:40 | 000,007,445 | ---- | C] () -- C:\WINDOWS\System32\wunilog.ini
[2007.08.06 11:03:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2007.01.21 22:30:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.10.16 23:04:46 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.09.29 06:40:34 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.04 13:24:08 | 000,000,058 | ---- | C] () -- C:\WINDOWS\TTN.INI
[2006.03.27 12:10:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.03.27 11:51:22 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006.03.27 11:47:27 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006.03.27 11:40:17 | 000,007,513 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006.03.27 11:28:39 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.05.20 14:05:02 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.06.23 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1997.10.18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.10.18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2007.01.22 16:16:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development
[2009.01.25 15:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CambridgeSoft
[2010.07.20 22:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\foldit
[2010.01.19 00:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GameHouse
[2009.12.08 14:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2010.03.24 21:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Juniper Networks
[2006.03.27 11:45:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2007.03.15 00:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
[2007.03.08 22:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sandlot Games
[2009.03.11 00:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006.03.27 11:47:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2006.03.27 11:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2007.03.13 20:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2010.06.10 19:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.19 22:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761
[2009.05.06 19:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\AliceHilfe
[2008.01.06 15:16:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\DAEMON Tools
[2010.07.08 21:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\DiskSpaceFan
[2006.11.23 16:21:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\FreeCall
[2006.10.16 23:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\ICQ Toolbar
[2006.10.16 23:16:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\ICQLite
[2009.12.12 14:45:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\johnsadventures.com
[2010.03.24 21:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks
[2006.12.22 15:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Leadertech
[2007.03.12 19:13:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Learn2.com
[2006.11.16 22:24:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\MSNInstaller
[2008.06.22 21:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Norman
[2006.08.05 13:26:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\OD2
[2007.01.19 09:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Opera
[2007.03.15 00:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\PlayFirst
[2009.10.23 21:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Ulead Systems
[2010.04.25 22:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\XnView
[2007.11.01 18:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Zylom
[2010.08.25 13:30:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job
[2010.08.25 13:30:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Master CD_DVD Creator.job
[2006.08.03 17:08:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 1.job
[2006.08.03 17:08:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 2.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.19 22:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761
[2009.07.13 06:57:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Adobe
[2008.05.12 10:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\AdobeUM
[2009.05.06 19:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\AliceHilfe
[2006.08.05 13:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\AOL
[2010.06.14 14:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Apple Computer
[2007.01.21 22:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\CyberLink
[2008.01.06 15:16:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\DAEMON Tools
[2010.07.08 21:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\DiskSpaceFan
[2006.11.23 16:21:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\FreeCall
[2009.10.12 21:57:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Google
[2008.03.22 20:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Hamachi
[2006.08.05 13:16:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Help
[2006.10.16 23:17:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\ICQ Toolbar
[2006.10.16 23:16:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\ICQLite
[2007.11.01 18:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Identities
[2009.12.12 14:45:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\johnsadventures.com
[2010.03.24 21:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks
[2006.12.22 15:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Leadertech
[2007.03.12 19:13:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Learn2.com
[2006.08.05 12:00:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Macromedia
[2010.08.12 11:29:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Malwarebytes
[2010.02.06 11:29:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Microsoft
[2010.01.11 19:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Move Networks
[2010.01.13 00:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Mozilla
[2006.11.16 22:24:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\MSNInstaller
[2008.06.22 21:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Norman
[2006.08.05 13:26:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\OD2
[2010.08.12 12:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\OpenOffice.org2
[2007.01.19 09:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Opera
[2007.03.15 00:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\PlayFirst
[2007.01.08 22:26:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Real
[2010.07.08 00:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Skype
[2010.07.08 00:08:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\skypePM
[2006.12.22 15:24:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Sonic
[2006.08.05 13:18:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Sun
[2010.08.24 21:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\SUPERAntiSpyware.com
[2006.08.05 11:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Symantec
[2009.10.23 21:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Ulead Systems
[2008.02.29 00:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\VMware
[2007.11.09 12:28:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\WinRAR
[2010.04.25 22:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\XnView
[2006.03.27 11:39:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\You've Got Pictures Screensaver
[2007.11.01 18:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Zylom
 
< %APPDATA%\*.exe /s >
[2007.06.16 12:07:20 | 023,813,608 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe
[2008.05.11 11:26:02 | 022,319,360 | ---- | M] (                                  ) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe
[2010.01.14 06:19:20 | 000,132,464 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\Setup Client\dsmmf.exe
[2010.01.14 06:19:18 | 000,484,720 | ---- | M] (Juniper Networks) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2010.01.14 06:18:42 | 000,327,512 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2010.01.14 06:17:28 | 000,210,728 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2010.01.14 06:19:24 | 000,049,832 | ---- | M] (Juniper Networks) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\Setup Client\uninstall.exe
[2010.03.24 21:47:42 | 000,161,704 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
[2010.03.24 21:47:41 | 000,291,768 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
[2010.01.14 06:17:24 | 000,062,904 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\setup\dsmmf.exe
[2010.01.14 06:17:22 | 000,042,432 | R--- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\setup\JuniperSetupApp.exe
[2010.01.14 06:17:24 | 000,111,984 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\setup\JuniperSetupClient.exe
[2010.03.24 21:47:38 | 000,036,948 | ---- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Juniper Networks\setup\uninstall.exe
[2007.01.19 09:08:19 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
[2010.02.06 11:09:34 | 000,002,550 | R--- | M] () -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\Microsoft\Installer\{D5EA1755-1899-4380-A4BA-83840648CBDA}\MainExecutableShortcutIcon.exe
[2006.11.16 22:24:33 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\MSNInstaller\msnauins.exe
 
< %SYSTEMDRIVE%\*.exe >
[2003.07.08 18:25:00 | 000,073,728 | R--- | M] (Moore Computer Consultants, Inc.) -- C:\CYG_Uninstall.exe
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.04.26 09:32:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009.04.26 09:32:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.04.26 09:32:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009.04.26 09:32:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.08.11 18:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.08.11 18:55:48 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.08.11 18:55:48 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
--- --- ---

cosinus 25.08.2010 13:18
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
[2010.06.10 19:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.19 22:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Christin 25.08.2010 14:13
All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Dokumente und Einstellungen\doris\Anwendungsdaten\564F4DBF989305C84D74229DF90BE761 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: doris
->Temp folder emptied: 5247445 bytes
->Temporary Internet Files folder emptied: 6235167 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54337788 bytes
->Flash cache emptied: 879 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13249700 bytes
->Java cache emptied: 8739 bytes
->Flash cache emptied: 1391 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83083 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08252010_150814

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


______
Gruß, Christin


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131