Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Suchanfragen werden umgeleitet (https://www.trojaner-board.de/98952-suchanfragen-umgeleitet.html)

Dyna 11.05.2011 14:48
Suchanfragen werden umgeleitet
 
Problem: Suchanfragen über Google im IE und in Firefox werden umgeleitet auf ähnliche Seiten zu dem Thema aber nicht zu der angeklickten Seite.
MBAM, Superantispyware und a2Antimalware finden nichts mehr.

Vielen Dank

markusg 11.05.2011 14:51
hi, was heißt nicht mehr..
wenn du hilfe möchtest, benötigen wir infos, denn nicht wir sitzen vor dem pc sondern du.
malwarebytes öffnen, logdateien, alle logs mit funden posten.
das selbe bei superantispy und emsisoft

Dyna 11.05.2011 15:11
Ich arbeite gerade die "load.exe Anleitung" ab. Wäre das auch Ok?

markusg 11.05.2011 15:47
ja ich benötige aber die emsisoft superantispy und alten malwarebytes logs ebenfalls

Dyna 11.05.2011 17:07
Extras:
Code:
OTL Extras logfile created on: 11.05.2011 16:06:46 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 381,00 Mb Available Physical Memory | 38,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,04 Gb Total Space | 30,54 Gb Free Space | 42,99% Space Free | Partition Type: NTFS
Drive D: | 72,00 Gb Total Space | 71,90 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 0,45 Gb Free Space | 12,03% Space Free | Partition Type: FAT32
 
Computer Name: NAME-E7BC767DA5 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\WINDOWS\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Disabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Disabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"F:\setup\hpznui01.exe" = F:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Disabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Disabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Disabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Disabled:hpwucli.exe -- (Hewlett-Packard)
"F:\setup\hpznui01.exe" = F:\setup\hpznui01.exe:*:Disabled:hpznui01.exe
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Programme\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Disabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{406e8084-70a1-4363-8d52-41e13fedfe2c}" = Nero 9 Trial
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{470C8EFE-AEB0-402E-B05A-91E08C201031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A320CD8-D712-4339-BCC3-87311FD162CB}" = D5500
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78EA684E-97ED-4F0C-8E13-BAF78D5BFE14}" = HP Deskjet D5500 Driver Software 13.0 Rel .6
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A7BF5297-3E74-11D5-B00F-00104B398D77}" = QuarkXPress Passport 5.0
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EC23E72A-3E5D-4F0F-B5FB-C6945D1580C5}" = DJ_SF_06_D5500_SW_Min
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allway Sync_is1" = Allway Sync version 11.2.0
"Architektur Designer 2005_is1" = Architektur Designer 2005
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InterActual Player" = InterActual Player
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"RealPlayer 12.0" = RealPlayer
"SAMSUNG HSPA Modem" = SAMSUNG HSPA Modem Software
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T-MobileInternetManager12" = T-Mobile Internet Manager 12
"VLC media player" = VLC media player 1.0.3
"Weight Watchers FlexPoints" = Weight Watchers FlexPoints
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Lernfortschrittskontrollen" = Lernfortschrittskontrollen
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
OTL:
Code:
OTL logfile created on: 11.05.2011 16:06:46 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 381,00 Mb Available Physical Memory | 38,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,04 Gb Total Space | 30,54 Gb Free Space | 42,99% Space Free | Partition Type: NTFS
Drive D: | 72,00 Gb Total Space | 71,90 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 0,45 Gb Free Space | 12,03% Space Free | Partition Type: FAT32
 
Computer Name: NAME-E7BC767DA5 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.11 15:55:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2011.04.30 22:10:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.04.27 13:07:38 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.27 13:07:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.06.03 10:05:28 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | -H-- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.07.09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.03.09 16:51:40 | 000,296,400 | ---- | M] () -- C:\Programme\T-MobileInternetManager12\WTGService.exe
PRC - [2008.10.20 11:32:54 | 002,768,896 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008.10.06 19:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.09.17 14:25:46 | 001,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.09.17 14:25:46 | 000,580,200 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.05.21 17:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008.05.20 21:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008.05.13 09:44:00 | 000,077,480 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.20 21:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2003.10.24 06:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.11 15:55:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008.09.17 14:19:50 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.04.27 13:07:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.27 13:07:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.03.09 16:51:40 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\T-MobileInternetManager12\WTGService.exe -- (WTGService)
SRV - [2008.05.13 09:44:00 | 000,077,480 | ---- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2003.07.28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.27 13:07:38 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.20 12:57:07 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.11.07 11:04:00 | 000,291,328 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008.10.21 02:54:24 | 000,119,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hspamdm.sys -- (hspamdm)
DRV - [2008.10.21 02:54:24 | 000,098,560 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hspaserd.sys -- (hspaserd) SAMSUNG HSPA Modem Diagnostic Serial Port (WDM)
DRV - [2008.10.21 02:54:24 | 000,014,976 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hspamdfl.sys -- (hspamdfl)
DRV - [2008.10.21 02:54:22 | 000,091,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hspabus.sys -- (hspabus) SAMSUNG HSPA USB Composite Device driver (WDM)
DRV - [2008.10.08 08:35:10 | 001,334,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.09.23 22:23:58 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008.08.27 01:35:00 | 004,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.29 17:59:08 | 000,879,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.07.29 17:59:02 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.07.27 01:29:54 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.07.27 01:29:36 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.07.27 01:29:28 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.01.14 20:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2006.08.01 16:57:24 | 000,019,840 | ---- | M] (Samsung) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD)
DRV - [2005.10.27 06:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/start_ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\TMobile-addons\addon [2009.04.01 17:22:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.11.09 18:10:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.03 10:07:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.30 22:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011.04.27 14:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.04.27 15:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nwhhe90k.default\extensions
[2011.04.27 14:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NWHHE90K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010.09.04 21:40:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.12.23 01:11:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.30 22:10:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.09 16:50:16 | 000,433,990 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 14935 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (GMX Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://tonline.oberon-media.com/gameshell/games/channel--11034697/lc--en/room--0cf59e38-2e35-4d67-b6bc-ddab4eb1b1e8/online/Chuzzle/de/popcaploader_v10de.cab (PopCapLoader Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.12 13:57:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.11.09 18:16:39 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{32b00f9a-1ecf-11de-bbd4-0013776fd713}\Shell - "" = AutoRun
O33 - MountPoints2\{32b00f9a-1ecf-11de-bbd4-0013776fd713}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{32b00f9a-1ecf-11de-bbd4-0013776fd713}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{50d49cac-8b58-11de-a6d6-001377fa8624}\Shell\play\command - "" = C:\Programme\VideoLAN\VLC\vlc.exe -- [2009.10.30 13:28:54 | 000,135,592 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {412EF925-3539-44AE-B9EC-F79D4E8DBE54} - GMX Browser Add-on
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{BEE825F4-60F4-4336-AD47-D87425B5E9C6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.11 16:05:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.11 16:05:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.05.11 16:05:21 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.05.11 15:55:45 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\***\Desktop\Erunt-setup.exe
[2011.05.11 15:55:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.05.11 15:55:45 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe
[2011.05.10 13:03:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Anti-Malware
[2011.04.27 16:28:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sync App Settings
[2011.04.27 16:27:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sync App Settings
[2011.04.27 16:27:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Allway Sync
[2011.04.27 16:26:26 | 000,000,000 | ---D | C] -- C:\Programme\Allway Sync
[2011.04.27 15:44:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2011.04.27 15:10:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
[2011.04.27 14:57:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011.04.27 14:57:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2011.04.27 14:57:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.04.27 14:54:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.04.27 11:44:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
[2011.04.27 11:43:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011.04.27 11:32:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2011.04.27 11:31:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.04.27 11:31:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.04.27 11:31:07 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.04.27 11:31:07 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.04.27 11:31:07 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.04.27 11:31:07 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.04.27 10:22:23 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2011.04.27 10:15:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap
[2011.04.26 17:22:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.04.26 17:22:03 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.04.26 17:22:00 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.26 17:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.04.26 17:21:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.26 17:20:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2011.04.26 17:20:10 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.11 16:05:25 | 000,000,754 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2011.05.11 16:05:22 | 000,000,598 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk
[2011.05.11 16:05:22 | 000,000,579 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk
[2011.05.11 16:03:06 | 000,001,114 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.11 16:03:05 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1815967750-2563440737-2156674030-1005.job
[2011.05.11 16:02:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.11 16:02:29 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.11 16:01:00 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{56FA0194-8CFD-48C0-8637-0CBD6939D950}.job
[2011.05.11 15:55:51 | 000,302,080 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\g2m3e4r.exe
[2011.05.11 15:55:50 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\***\Desktop\Erunt-setup.exe
[2011.05.11 15:55:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.05.11 15:55:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe
[2011.05.11 15:52:32 | 000,377,282 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe
[2011.05.11 15:19:14 | 000,001,118 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.09 16:53:57 | 000,001,721 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2011.05.09 16:50:16 | 000,433,990 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.05.07 21:45:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.05.01 21:39:02 | 000,036,352 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.01 14:51:16 | 000,018,113 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Customer_Relationship_Management.zip
[2011.05.01 14:42:13 | 000,000,165 | ---- | M] () -- C:\WINDOWS\blockplaner.ini
[2011.04.29 16:31:06 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.27 16:37:11 | 000,174,800 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.27 16:27:15 | 000,000,750 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allway Sync.lnk
[2011.04.27 16:22:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.27 15:05:56 | 000,433,290 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110509-165016.backup
[2011.04.27 14:57:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011.04.27 14:57:36 | 000,000,703 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.04.27 13:07:38 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.04.27 11:31:24 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.04.23 21:14:20 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292
[2011.04.22 13:19:00 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1815967750-2563440737-2156674030-1005.job
[2011.04.21 22:27:39 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.04.15 00:37:08 | 000,449,384 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.15 00:37:08 | 000,433,030 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.15 00:37:08 | 000,080,840 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.15 00:37:08 | 000,067,986 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.05.11 16:05:25 | 000,000,754 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2011.05.11 16:05:22 | 000,000,598 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk
[2011.05.11 16:05:22 | 000,000,579 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk
[2011.05.11 15:55:46 | 000,302,080 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\g2m3e4r.exe
[2011.05.11 15:54:02 | 000,377,282 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe
[2011.05.09 16:53:57 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2011.05.09 16:53:57 | 000,001,721 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2011.05.01 14:51:36 | 000,018,113 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Customer_Relationship_Management.zip
[2011.04.27 16:27:15 | 000,000,750 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allway Sync.lnk
[2011.04.27 14:57:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.04.27 14:57:36 | 000,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2011.04.27 14:57:36 | 000,000,703 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.04.27 14:52:12 | 000,000,448 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{56FA0194-8CFD-48C0-8637-0CBD6939D950}.job
[2011.04.27 13:03:31 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.27 11:31:24 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.04.23 21:14:20 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292
[2011.03.31 16:03:14 | 000,000,165 | ---- | C] () -- C:\WINDOWS\blockplaner.ini
[2011.01.03 21:34:41 | 000,000,248 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\default.rss
[2009.12.09 20:42:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009.11.09 17:44:13 | 000,216,839 | -H-- | C] () -- C:\WINDOWS\hphins34.dat
[2009.11.09 17:44:12 | 000,000,606 | -H-- | C] () -- C:\WINDOWS\hphmdl34.dat
[2009.09.26 10:49:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.08.24 17:19:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.08.19 18:34:26 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Ian Niklas Thömmes_KBD.ini
[2009.08.16 20:31:33 | 000,036,352 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.15 17:38:45 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\***_KBD.ini
[2009.05.18 14:26:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.02.12 21:35:38 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.02.12 21:35:30 | 000,449,384 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.02.12 21:35:30 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.02.12 21:35:30 | 000,080,840 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.02.12 21:35:30 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.02.12 21:35:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.02.12 21:35:20 | 000,433,030 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.02.12 21:35:20 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.02.12 21:35:20 | 000,067,986 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.02.12 21:35:20 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.02.12 21:35:19 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.02.12 21:35:19 | 000,004,486 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.02.12 21:35:19 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.02.12 21:35:17 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.02.12 21:35:17 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.02.12 21:35:14 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.02.12 21:35:11 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.02.12 14:17:22 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe
[2009.02.12 14:10:08 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009.02.12 14:10:08 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini
[2009.02.12 14:10:05 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009.02.12 14:10:05 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009.02.12 14:10:05 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009.02.12 14:10:05 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009.02.12 14:10:05 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009.02.12 14:10:05 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009.02.12 14:10:05 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009.02.12 14:10:05 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009.02.12 14:10:05 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009.02.12 14:10:05 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009.02.12 14:10:05 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009.02.12 14:10:05 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009.02.12 14:10:05 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009.02.12 14:10:05 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009.02.12 14:10:05 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009.02.12 14:10:05 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009.02.12 14:10:05 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009.02.12 14:07:50 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009.02.12 14:07:50 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009.02.12 14:04:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.02.12 14:01:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe
[2009.02.12 14:01:47 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009.02.12 14:00:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.02.12 13:55:23 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.02.12 13:49:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.02.12 13:48:48 | 000,174,800 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.09.17 14:20:08 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.26 17:49:12 | 006,139,774 | -H-- | C] () -- C:\WINDOWS\imagine digital freedom.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.08.15 17:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2011.04.27 10:15:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap
[2011.04.27 16:27:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sync App Settings
[2010.06.09 17:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.05.01 14:39:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009.02.12 14:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN
[2009.08.15 17:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.09.04 21:48:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.04.01 17:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Programme
[2011.04.27 16:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sync App Settings
[2009.08.20 16:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\T-MobileInternetManager12
[2011.05.11 16:01:00 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{56FA0194-8CFD-48C0-8637-0CBD6939D950}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.05.09 16:55:30 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.12.05 00:42:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2009.02.12 14:02:14 | 000,000,000 | ---D | M] -- C:\Intel
[2009.12.09 20:39:54 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.05.11 16:05:21 | 000,000,000 | R--D | M] -- C:\Programme
[2009.08.16 19:51:03 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.04.23 22:08:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.11 16:05:50 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-27 16:50:21
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:10E0CEB1

< End of report >

GMER:
GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-11 18:05:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HI rev.HH100-06
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\PAULA-~1\LOKALE~1\Temp\kwxiqaow.sys


---- System - GMER 1.0.15 ----

SSDT            F7C116DE                                ZwCreateKey
SSDT            F7C116D4                                ZwCreateThread
SSDT            F7C116E3                                ZwDeleteKey
SSDT            F7C116ED                                ZwDeleteValueKey
SSDT            F7C116F2                                ZwLoadKey
SSDT            F7C116C0                                ZwOpenProcess
SSDT            F7C116C5                                ZwOpenThread
SSDT            F7C116FC                                ZwReplaceKey
SSDT            F7C116F7                                ZwRestoreKey
SSDT            F7C116E8                                ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwYieldExecution + 452      804E4CAC 4 Bytes  CALL D8460DC7

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:120]                          8632AE7A
Thread          System [4:124]                          8632D008

---- EOF - GMER 1.0.15 ----
--- --- ---



Die anderen Logs habe ich nicht mehr.
Vielen Dank!

markusg 11.05.2011 17:17
öffne malwarebytes, logdateien, dort sind die.
bei emsisoft werden sie auch automatisch gespeichert ebenfalls bei super antispyware musst mal durch die programme klicken

Dyna 11.05.2011 20:12
Sind aber nicht mehr installiert...
Kann man mit dem oben nichts anfangen?

markusg 11.05.2011 20:32
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Dyna 12.05.2011 09:13
Bin dabei!
Es kommt gleich ne Meldung:
volnap.sys o.ä. mit Rootkit infiziert! War leider zu schnell weg ich konnte die Meldung nicht komplett lesen...

markusg 12.05.2011 11:28
jo immer mit der ruhe, ich seh das dann doch im logfile :-)

Dyna 12.05.2011 13:19
Here u go!

Code:
ComboFix 11-05-11.01 - *** 12.05.2011  13:05:11.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1014.506 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-12 bis 2011-05-12  ))))))))))))))))))))))))))))))
.
.
2011-05-11 14:05 . 2011-05-11 14:05    --------    d-----w-    c:\programme\ERUNT
2011-04-27 14:28 . 2011-04-27 14:28    --------    d-----w-    c:\dokumente und einstellungen\***\Anwendungsdaten\Sync App Settings
2011-04-27 14:27 . 2011-04-27 14:27    --------    dc----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Sync App Settings
2011-04-27 14:26 . 2011-04-27 14:27    --------    d-----w-    c:\programme\Allway Sync
2011-04-27 12:57 . 2011-04-27 12:57    --------    d-----w-    c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Mozilla
2011-04-27 11:08 . 2011-04-27 11:08    --------    d-----w-    c:\dokumente und einstellungen\LocalService\Startmenü
2011-04-27 11:05 . 2011-04-27 11:05    --------    d-sh--w-    c:\dokumente und einstellungen\NetworkService\IETldCache
2011-04-27 09:44 . 2011-04-27 09:44    --------    d-----w-    c:\dokumente und einstellungen\***\Anwendungsdaten\Avira
2011-04-27 09:43 . 2011-04-27 09:43    --------    d-----w-    c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2011-04-27 09:32 . 2011-04-27 09:32    --------    dc----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2011-04-27 09:31 . 2011-04-27 11:07    137656    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2011-04-27 09:31 . 2010-12-13 06:39    61960    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2011-04-27 09:31 . 2010-06-17 12:27    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2011-04-27 09:31 . 2010-06-17 12:27    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2011-04-27 08:28 . 2011-04-27 08:28    --------    d-----w-    c:\windows\system32\wbem\Repository
2011-04-27 08:15 . 2011-04-27 08:15    --------    dc----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\PopCap
2011-04-26 15:22 . 2011-04-26 15:22    --------    d-----w-    c:\dokumente und einstellungen\Ian Niklas Thömmes\Anwendungsdaten\Malwarebytes
2011-04-26 15:22 . 2011-04-26 15:22    --------    dc----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2011-04-26 15:22 . 2011-04-26 15:22    --------    d-----w-    c:\programme\Avira
2011-04-26 15:22 . 2011-04-27 13:09    --------    dc----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-04-26 15:22 . 2011-04-27 12:56    --------    d-----w-    c:\programme\Spybot - Search & Destroy
2011-04-26 15:21 . 2011-04-26 15:21    --------    dc----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-04-26 15:21 . 2011-04-26 15:21    --------    d-----w-    c:\dokumente und einstellungen\Ian Niklas Thömmes\Anwendungsdaten\SUPERAntiSpyware.com
2011-04-26 15:20 . 2011-04-26 15:20    --------    d-----w-    c:\windows\LastGood(2)
2011-04-26 15:20 . 2011-05-10 11:05    --------    d-----w-    c:\programme\SUPERAntiSpyware
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 13:54 . 2011-03-31 13:54    1115704    ----a-w-    c:\windows\system32\O2CPlayer.OCX
2011-03-07 05:33 . 2009-02-12 11:55    692736    ----a-w-    c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2009-02-12 19:35    420864    ----a-w-    c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2009-02-12 19:35    1858048    ----a-w-    c:\windows\system32\win32k.sys
2011-02-22 23:05 . 2009-02-12 19:35    916480    ----a-w-    c:\windows\system32\wininet.dll
2011-02-22 23:05 . 2009-02-12 19:35    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2011-02-22 23:05 . 2009-02-12 19:35    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2009-02-12 19:35    385024    ---ha-w-    c:\windows\system32\html.iec
2011-02-17 13:18 . 2009-02-12 19:35    455936    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2009-02-12 19:35    357888    ----a-w-    c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25    5632    ----a-w-    c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2009-02-12 19:35    290432    ----a-w-    c:\windows\system32\atmfd.dll
2011-04-30 20:10 . 2011-04-27 12:57    142296    ----a-w-    c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\programme\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\programme\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-06-03 202256]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Paula-Mirela Th”mmes\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - c:\programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.04.2011 11:31 136360]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [12.02.2009 14:01 4300]
R2 WTGService;WTGService;c:\programme\T-MobileInternetManager12\WTGService.exe [01.04.2009 17:22 296400]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [14.01.2008 20:01 30208]
R3 hspabus;SAMSUNG HSPA USB Composite Device driver (WDM);c:\windows\system32\drivers\hspabus.sys [01.04.2009 17:18 91776]
R3 hspamdfl;SAMSUNG HSPA Modem Filter;c:\windows\system32\drivers\hspamdfl.sys [01.04.2009 17:18 14976]
R3 hspamdm;SAMSUNG HSPA Modem Drivers;c:\windows\system32\drivers\hspamdm.sys [01.04.2009 17:18 119808]
R3 hspaserd;SAMSUNG HSPA Modem Diagnostic Serial Port (WDM);c:\windows\system32\drivers\hspaserd.sys [01.04.2009 17:18 98560]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [12.02.2009 14:05 238464]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [01.09.2010 14:03 136176]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [01.09.2010 14:03 136176]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [01.08.2006 16:57 19840]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ      HPSLPSVC
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-09-01 12:03]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-09-01 12:03]
.
2011-05-12 c:\windows\Tasks\User_Feed_Synchronization-{56FA0194-8CFD-48C0-8637-0CBD6939D950}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.gmx.net/start_ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nwhhe90k.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-HijackThis - e:\tools\Anti Spyware\HijackThis.exe
AddRemove-Zattoo - c:\programme\Zattoo\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-12 13:11
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2011-05-12  13:14:36
ComboFix-quarantined-files.txt  2011-05-12 11:14
.
Vor Suchlauf: 6 Verzeichnis(se), 32.634.105.856 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 32.725.671.936 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0AA778D925194C4D3328ADA5EFED8D40
Danke im voraus

markusg 12.05.2011 14:34
machst du onlinebanking einkäufe oder sonst was wichtiges (privat oder beruflich)?

Dyna 12.05.2011 18:55
Mich würde die Antwort interessieren für
1) Nein
und
2) Ja
:)

markusg 12.05.2011 19:35
die antwort wäre bei beiden fast gleich, nur das ich dich beim onlinebanking auffordern würde das onlinebanking speren zu lassen, da du nen rootkit hast.
aber formatieren musst du auf jeden fall,
da wir nicht für nen sauberes system garantieren können.
ich würde dir aufzeigen wie du das system absicherst, man kann da viel machen mit einfachen mitteln.

Dyna 12.05.2011 19:48
Zitat:
Zitat von markusg (Beitrag 657145)
ich würde dir aufzeigen wie du das system absicherst
Ok Bitte und Danke nochmal


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:16 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55