PDA

View Full Version : Help: Is my computer ok again???



katkat76
2011-11-22, 19:06
Hi everyone,

I had malware for the first time including SpyBank stuff, which wasn´t funny.
After using Avira and Spybot several times and deleting stuff it looks like this:
Avira doesn´t find anything anymore, Spybot does. I will post the log here and would be happy if someone could tell me if the stuff found by spybot is still dangerous or ok.
I am a total greenhorn.
Can I be sure everything is ok or should I let my computer get checked by an expert???

Kat from Germany
Thanks and here´s the log:

Search results from Spybot - Search & Destroy

22.11.2011 17:33:33
Scan took 00:19:24.

Win32.Bancos: [SBI $F87FE2A9] Settings (Registry Value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh\prh

Win32.Bancos: [SBI $4F9718A1] Settings (Registry Value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prd

Common Dialogs: [SBI $7F76510F] History (4 files) (Registry Key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: [SBI $7F76510F] Activity: SchedLgU.Txt (File, nothing done)
C:\WINDOWS\SchedLgU.Txt
Properties.size=3318
Properties.md5=500242ACC3DF296620AAE08D76F90C2D
Properties.filedate=1321974734
Properties.filedatetext=2011-11-22 16:12:14

Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\wbemcore.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Properties.size=7948
Properties.md5=2859A246A5F9F685C92BFD8812A67E3C
Properties.filedate=1321979602
Properties.filedatetext=2011-11-22 17:33:21

Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\wbemess.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Properties.size=11499
Properties.md5=CA3A0B8377B6C0ABD272A15777B1641F
Properties.filedate=1321977485
Properties.filedatetext=2011-11-22 16:58:05

Log: [SBI $7F76510F] Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Properties.size=480
Properties.md5=F23A3188DE5C041E09811D719A8EBE2A
Properties.filedate=1321975320
Properties.filedatetext=2011-11-22 16:21:59

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1466191087-3403002025-1082195210-1007\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1466191087-3403002025-1082195210-1007\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1466191087-3403002025-1082195210-1007\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1466191087-3403002025-1082195210-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1466191087-3403002025-1082195210-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1466191087-3403002025-1082195210-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (1) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (170) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.0.6.131 DLL (build: 20111005) ---

2011-10-05 blindman.exe (2.0.6.151)
2011-10-05 explorer.exe (2.0.6.170)
2003-04-18 ntrights.exe
2011-10-05 SDBootCD.exe (2.0.6.108)
2011-10-05 SDCleaner.exe (2.0.6.106)
2011-10-05 SDDelFile.exe (2.0.6.94)
2011-10-05 SDFiles.exe (2.0.6.127)
2011-10-05 SDFSSvc.exe (2.0.6.196)
2011-10-05 SDHookHelper.exe (2.0.6.1)
2011-10-05 SDHookInst32.exe (2.0.6.1)
2011-10-05 SDHookSvc.exe (2.0.6.1)
2011-10-05 SDImmunize.exe (2.0.6.125)
2011-10-05 SDLogReport.exe (2.0.6.104)
2011-10-05 SDMain.exe (2.0.6.92)
2011-10-05 SDPhoneScan.exe (2.0.6.27)
2011-10-05 SDPrepPos.exe (2.0.6.10)
2011-10-05 SDQuarantine.exe (2.0.6.102)
2011-10-05 SDRootAlyzer.exe (2.0.6.114)
2011-10-05 SDScan.exe (2.0.6.170)
2011-10-05 SDSettings.exe (2.0.6.112)
2011-10-05 SDShred.exe (2.0.6.104)
2011-10-05 SDSysRepair.exe (2.0.6.101)
2011-10-05 SDTools.exe (2.0.6.141)
2011-10-05 SDTray.exe (2.0.6.122)
2011-10-05 SDUpdate.exe (2.0.6.84)
2011-10-05 SDUpdSvc.exe (2.0.6.76)
2011-10-05 SDWelcome.exe (2.0.6.119)
2011-11-07 unins000.exe (51.52.0.0)
1999-12-02 xcacls.exe
2007-04-02 aports.dll (2.1.0.0)
2006-03-03 borlndmm.dll (10.0.2288.42451)
2010-09-06 DelZip190.dll (1.9.0.87)
2009-10-01 pcrelib.dll
2011-10-05 SDAdvancedCheckLibrary.dll (2.0.6.98)
2011-10-05 SDDialogs.dll (2.0.6.13)
2011-10-05 SDECon32.dll (2.0.6.113)
2011-10-05 SDEvents.dll (2.0.6.2)
2011-10-05 SDHelper.dll (2.0.6.88)
2011-10-05 SDHook32.dll (2.0.6.1)
2011-10-05 SDImmunizeLibrary.dll (2.0.6.1)
2011-10-05 sdinsTasks.dll (1.0.0.10)
2011-10-05 SDLists.dll (2.0.6.4)
2011-10-05 SDResources.dll (2.0.6.1)
2011-10-05 SDScanLibrary.dll (2.0.6.131)
2011-10-05 SDWinLogon.dll (2.0.6.0)
2011-04-20 sqlite3.dll
2011-10-05 Tools.dll (2.0.6.36)
2011-10-05 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-05-09 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-10 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2010-12-28 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-05-11 Includes\TrojansC-04.sbi (*)
2011-05-11 Includes\TrojansC-05.sbi (*)
2011-05-11 Includes\TrojansC.sbi (*)

jeffce
2011-11-22, 21:29
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

Please download DDS from one of the following links and save it to your desktop.

DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr)
DDS.pif (http://download.bleepingcomputer.com/sUBs/dds.com)

Disable any script blocking protection (How to Disable your Security Programs (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html))
Double click DDS icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.
---------------------------------------------------
Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

----------

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png )
Click the image to enlarge it
----------

GMER

Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

In your next reply please post both of the logs created by DDS and the logs created by aswMBR.exe and GMER. :)

katkat76
2011-11-22, 22:59
Hi Jeff and thanks for your offer to help.
I started to follow your instructions, but already have the first problem. I inaktivated Avira and Spybot, afterwards started DDS...but it takes ages, already more than fiveminutes and nothing happens.
What could be the problem? Any ideas?

O continues with the next steps and wait with DDS later, hope that is okay?

Katrin

jeffce
2011-11-23, 00:07
Hi katkat76,

Finish up running aswMBR and GMER and post those logs.

Forget about DDS for the time being. Just do the following:


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.



In your next reply please post the logs created by aswMBR, GMER and OTL. :)

katkat76
2011-11-23, 14:48
Thanx so far and here are the wanted scans, etc...:

OTL Extras logfile created on: 23.11.2011 13:41:37 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Katrin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014,11 Mb Total Physical Memory | 435,65 Mb Available Physical Memory | 42,96% Memory free
2,38 Gb Paging File | 1,84 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 32,53 Gb Free Space | 29,10% Space Free | Partition Type: NTFS

Computer Name: MUELLERIN | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3689:TCP" = 3689:TCP:*:Disabled:cruel memory
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Disabled:LimeWire
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule
"C:\Programme\Blubster\Blubster.exe" = C:\Programme\Blubster\Blubster.exe:*:Disabled:Blubster
"C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{93683974-181F-4A8D-883E-D0EDE32F4900}" = HebRech HebRechw
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E7DA9B23-5715-45D8-965E-E76688A2B948}" = OpenOffice.org 2.2
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Updater" = Google Updater
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.79 Full
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Mozilla Thunderbird (3.1.12)" = Mozilla Thunderbird (3.1.12)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NVEContent!UninstallKey" = NeroVision Express Content
"PhotoScape" = PhotoScape
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"TIPP10_is1" = TIPP10 Version 2.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.10.2011 15:08:18 | Computer Name = MUELLERIN | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -1734604888.

Error - 28.10.2011 07:08:03 | Computer Name = MUELLERIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 6.0.0.4240, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 01.11.2011 16:41:13 | Computer Name = MUELLERIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung HebRech1.exe, Version 12.37.1.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 07.11.2011 04:20:21 | Computer Name = MUELLERIN | Source = MsiInstaller | ID = 11905
Description = Product: Adobe Flash Player 9 ActiveX -- Error 1905.Module c:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 16.11.2011 18:47:25 | Computer Name = MUELLERIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 6.0.0.4240, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 16.11.2011 18:49:02 | Computer Name = MUELLERIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 6.0.0.4240, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 21.11.2011 12:11:54 | Computer Name = MUELLERIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 21.11.2011 12:43:35 | Computer Name = MUELLERIN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SDFiles.exe, Version 2.0.6.127, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 21.11.2011 15:25:42 | Computer Name = MUELLERIN | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Premium -- Fehler 1706. Es wurde keine
gültige Quelle für das Produkt "Microsoft Office 2000 Premium" gefunden. Die Installation
kann nicht fortgesetzt werden.

Error - 21.11.2011 15:25:46 | Computer Name = MUELLERIN | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft Office 2000 Premium -- Fehler 1706. Es wurde keine
gültige Quelle für das Produkt "Microsoft Office 2000 Premium" gefunden. Die Installation
kann nicht fortgesetzt werden.

[ System Events ]
Error - 23.11.2011 06:00:00 | Computer Name = MUELLERIN | Source = Schedule | ID = 7901
Description = Der Befehl "At36.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 23.11.2011 06:00:00 | Computer Name = MUELLERIN | Source = Schedule | ID = 7901
Description = Der Befehl "At60.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 23.11.2011 06:19:51 | Computer Name = MUELLERIN | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/Wireless 3945ABG Network Connection" (PCI\VEN_8086&DEV_4222&SUBSYS_10018086&REV_02\4&2803e7c1&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 23.11.2011 06:20:21 | Computer Name = MUELLERIN | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Intel(R) PRO/Wireless 3945ABG Network Connection" (PCI\VEN_8086&DEV_4222&SUBSYS_10018086&REV_02\4&2803e7c1&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error - 23.11.2011 07:00:00 | Computer Name = MUELLERIN | Source = Schedule | ID = 7901
Description = Der Befehl "At13.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 23.11.2011 07:00:00 | Computer Name = MUELLERIN | Source = Schedule | ID = 7901
Description = Der Befehl "At37.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 23.11.2011 07:00:00 | Computer Name = MUELLERIN | Source = Schedule | ID = 7901
Description = Der Befehl "At61.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 23.11.2011 08:00:00 | Computer Name = MUELLERIN | Source = Schedule | ID = 7901
Description = Der Befehl "At14.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 23.11.2011 08:00:00 | Computer Name = MUELLERIN | Source = Schedule | ID = 7901
Description = Der Befehl "At38.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402

Error - 23.11.2011 08:00:00 | Computer Name = MUELLERIN | Source = Schedule | ID = 7901
Description = Der Befehl "At62.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942402


< End of report >
-------------------------------------------------------------------------

OTL logfile created on: 23.11.2011 13:41:37 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Katrin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014,11 Mb Total Physical Memory | 435,65 Mb Available Physical Memory | 42,96% Memory free
2,38 Gb Paging File | 1,84 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 32,53 Gb Free Space | 29,10% Space Free | Partition Type: NTFS

Computer Name: MUELLERIN | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDHookHelper.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\o2flash.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\5047\components\AcroFF047.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\o2flash.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (FirebirdServerMAGIXInstance) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (SDHookService) -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SDHookDriver) -- C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (O2SDRDR) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://umlu.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.umlu.de"
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5048 [2011.11.23 11:14:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.17 20:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.17 20:08:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.01.04 11:57:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5048 [2011.11.23 11:14:18 | 000,000,000 | ---D | M]

[2010.07.20 11:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions
[2010.07.20 11:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.09 20:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011.08.16 22:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions
[2009.12.08 18:46:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.09 23:09:52 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2008.09.08 17:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Sunbird\Profiles\e4ayedvv.default\extensions
[2010.10.14 09:06:57 | 000,002,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\searchplugins\umlu.xml
[2011.08.17 20:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.23 11:14:18 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5048
[2011.08.12 07:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.08.12 05:19:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.08.12 05:19:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 05:19:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 05:19:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011.11.20 01:53:42 | 000,436,287 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15018 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - C:\WINDOWS\system32\AcroIEHelpe049.dll (Adobe Systems, Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09706C6F-3E7A-4C48-A732-8260EE66205D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) -C:\WINDOWS\system32\appconf32.exe ()
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 () - http://www.amazed-tour.de/galerie0011/bilder/Img_0238.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.13 16:49:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\Shell\AutoRun\command - "" = E:\Autorun.exe /run
O33 - MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\Shell\Shell00\Command - "" = E:\Autorun.exe /run
O33 - MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\Shell\Shell01\Command - "" = E:\Autorun.exe /action
O33 - MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\Shell\Shell02\Command - "" = E:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\Katrin\Desktop\ylva und ihre jungs...
[2011.11.23 12:14:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe
[2011.11.23 11:14:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5048
[2011.11.22 22:00:01 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Katrin\Desktop\aswMBR.exe
[2011.11.22 21:35:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2011.11.22 16:20:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5047
[2011.11.22 16:19:49 | 000,244,688 | ---- | C] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe049.dll
[2011.11.21 14:46:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.20 21:05:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5044
[2011.11.19 11:15:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.17 10:47:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5042
[2011.11.16 20:56:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5041
[2011.11.16 20:55:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2011.11.16 20:55:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2011.11.08 20:40:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Katrin\Desktop\Stillen, Beikost
[2011.11.07 09:35:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2011.11.07 09:35:47 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011.11.07 09:35:40 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2011.11.07 09:25:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\Katrin\Desktop\ylva und ihre jungs...
[2011.11.23 13:39:31 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.23 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2011.11.23 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011.11.23 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011.11.23 12:58:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.23 12:14:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe
[2011.11.23 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2011.11.23 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011.11.23 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011.11.23 11:58:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.23 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2011.11.23 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011.11.23 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011.11.23 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2011.11.23 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011.11.23 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011.11.23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2011.11.23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011.11.23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011.11.23 08:54:46 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.23 08:54:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.23 08:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.23 08:53:08 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.23 00:46:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011.11.23 00:35:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2011.11.22 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2011.11.22 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011.11.22 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011.11.22 22:02:03 | 000,294,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\gmer.zip
[2011.11.22 22:01:23 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\MBR.dat
[2011.11.22 22:00:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Katrin\Desktop\aswMBR.exe
[2011.11.22 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2011.11.22 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011.11.22 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011.11.22 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2011.11.22 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011.11.22 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011.11.22 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2011.11.22 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011.11.22 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011.11.22 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2011.11.22 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011.11.22 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011.11.22 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2011.11.22 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011.11.22 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011.11.22 17:35:22 | 000,000,319 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.11.22 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2011.11.22 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011.11.22 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011.11.22 16:19:49 | 000,244,688 | ---- | M] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe049.dll
[2011.11.21 17:50:37 | 000,027,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Eigene Dateien\cc_20111121_175011.reg
[2011.11.21 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2011.11.21 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011.11.21 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011.11.21 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2011.11.21 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011.11.21 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011.11.20 01:53:42 | 000,436,287 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.11.20 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2011.11.20 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011.11.20 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011.11.20 00:57:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011.11.18 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2011.11.18 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011.11.18 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011.11.09 14:28:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.09 14:27:25 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011.11.08 20:41:21 | 000,464,856 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.08 20:41:21 | 000,446,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.08 20:41:21 | 000,087,060 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.08 20:41:21 | 000,073,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.07 09:36:11 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.07 09:36:11 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 09:36:10 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 09:35:55 | 000,001,800 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011.11.07 09:25:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.11.07 09:08:33 | 000,012,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.rhk
[2011.11.07 09:08:32 | 006,852,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\ntuser.rhk
[2011.11.07 08:53:43 | 001,405,463 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\rückenschule.pdf
[2011.11.04 21:11:52 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.11.01 22:42:38 | 000,046,080 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.31 23:11:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.22 22:02:02 | 000,294,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\gmer.zip
[2011.11.22 22:01:23 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\MBR.dat
[2011.11.21 17:50:15 | 000,027,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Eigene Dateien\cc_20111121_175011.reg
[2011.11.16 20:55:40 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.07 09:36:08 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.07 09:36:08 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 09:36:08 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 09:35:55 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2011.11.07 09:35:55 | 000,001,800 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011.11.07 09:08:33 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.rhk
[2011.11.07 08:53:43 | 001,405,463 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\rückenschule.pdf
[2011.01.29 21:24:21 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat
[2010.05.07 18:38:40 | 000,555,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\mdbu.bin
[2010.02.03 16:19:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC64Euro.ini
[2009.12.27 12:11:11 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7320.DAT
[2009.09.06 23:00:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2009.08.13 20:10:46 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.12.09 16:23:13 | 000,050,240 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
[2008.12.06 18:40:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\oR5cOsdL.exe.a_a
[2008.05.18 01:28:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.03.14 17:15:58 | 000,000,319 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.04.12 13:34:23 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007.04.12 13:34:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2007.04.03 19:32:58 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wTRTv.ini
[2006.11.19 16:14:32 | 001,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.11.19 16:14:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.19 16:14:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.11.19 16:14:30 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006.10.01 19:14:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.10.01 19:14:53 | 000,046,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.01 11:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.10.01 11:51:40 | 000,006,082 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006.10.01 11:50:45 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.09.30 18:55:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006.09.29 12:43:39 | 000,049,421 | ---- | C] () -- C:\WINDOWS\System32\compare.dat
[2006.09.29 12:42:43 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.09.13 19:15:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2006.09.13 19:14:53 | 000,464,856 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.09.13 19:14:53 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.09.13 19:14:53 | 000,087,060 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.09.13 19:14:53 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.09.13 19:14:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.09.13 19:14:46 | 000,446,152 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.09.13 19:14:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.09.13 19:14:46 | 000,073,358 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.09.13 19:14:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.09.13 19:14:46 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.09.13 19:14:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.09.13 19:14:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.09.13 19:14:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.09.13 19:14:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.09.13 19:14:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.09.13 19:14:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.09.13 18:07:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.13 17:50:17 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.13 17:45:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.09.13 17:44:42 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.09.13 17:42:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.09.13 17:39:42 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.09.13 17:39:07 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.09.13 17:31:37 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.09.13 16:51:49 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.09.13 16:50:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.09.13 16:47:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.09.13 16:47:14 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.01.27 16:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe
[2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004.08.09 08:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2001.09.04 03:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2000.09.14 00:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1999.01.22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011.03.16 19:44:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.07.19 17:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.07.19 17:25:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.05.07 18:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rossmann Fotoservice
[2011.11.20 00:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solt Lake Software
[2011.01.25 12:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinMaximizer
[2009.08.29 14:48:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.08.04 22:36:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Leadertech
[2006.09.29 15:53:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\MAGIX
[2007.10.18 13:48:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\MSNInstaller
[2010.07.19 17:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Nokia
[2010.07.19 17:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\PC Suite
[2010.07.20 11:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\PhotoScape
[2010.09.30 22:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Thunderbird
[2011.01.25 12:16:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Uniblue
[2011.11.23 00:46:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011.11.23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011.11.23 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011.11.23 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011.11.23 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011.11.23 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011.11.18 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011.11.21 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011.11.21 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011.11.22 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011.11.22 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011.11.20 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011.11.22 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011.11.22 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011.11.22 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011.11.22 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011.11.22 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011.11.20 00:57:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011.11.20 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010.10.02 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010.10.02 02:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010.01.11 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010.10.02 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2009.04.21 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2009.04.21 05:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010.07.11 06:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011.07.05 07:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011.11.23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011.11.23 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011.11.23 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011.11.23 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011.11.23 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011.11.18 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010.10.02 02:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011.11.21 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011.11.21 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011.11.22 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011.11.22 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011.11.22 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011.11.22 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011.11.22 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011.11.22 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011.11.22 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011.11.23 00:35:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010.01.11 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011.11.20 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010.10.02 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010.10.02 02:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010.01.11 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2009.04.21 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2009.04.21 05:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010.07.11 06:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2011.07.05 07:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2011.11.23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2011.11.23 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2009.04.21 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011.11.23 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2011.11.23 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2011.11.23 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2011.11.18 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2011.11.21 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2011.11.21 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2011.11.22 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2011.11.22 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2011.11.22 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011.11.22 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2009.04.21 05:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011.11.22 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2011.11.22 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2011.11.22 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010.07.11 06:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011.07.05 07:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011.11.07 09:36:10 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 09:36:11 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 09:36:11 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2011.09.08 19:37:10 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\WinMaximizer-Katrin-Startup.job

========== Purity Check ==========



< End of report >

jeffce
2011-11-23, 15:25
Hi katkat76,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:dir
C:\WINDOWS\System32\5045 /s
C:\WINDOWS\System32\5044 /s
C:\WINDOWS\System32\5043 /s
C:\WINDOWS\System32\5042 /s
C:\WINDOWS\System32\5041 /s
C:\WINDOWS\System32\xmldm /s
C:\WINDOWS\System32\kock /s


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
----------------

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

In your next reply please post the logs created by SystemLook and ComboFix. :)

katkat76
2011-11-23, 20:33
Hi Jeff,

I followed your instructions.
Systemlook was easy, by Combofix I am not sure if it worked. When I double clicked on it on my Desktop a small window opened and it seemed to start scanning immediately. When it finished the window closed automatically and I don´t know where the log is? It also never asked for "Microsoft Windows Recovery Console"...
When I searched for "combofix" afterwards it showed me more than 20 times this:
COMBOFIX.EXE-362DCCDC.pf ????

What is wrong?

Katrin

jeffce
2011-11-23, 21:57
Hi katkat76,

Do you recognize this ===> C:\Dokumente und Einstellungen\Katrin\Eigene Dateien\cc_20111121_175011.reg
------------------

Please download and run ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:Services

:OTL
O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - C:\WINDOWS\system32\AcroIEHelpe049.dll (Adobe Systems, Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) -C:\WINDOWS\system32\appconf32.exe ()
O33 - MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\Shell\AutoRun\command - "" = E:\Autorun.exe /run
O33 - MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\Shell\Shell00\Command - "" = E:\Autorun.exe /run
O33 - MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\Shell\Shell01\Command - "" = E:\Autorun.exe /action
O33 - MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\Shell\Shell02\Command - "" = E:\Autorun.exe /uninstall
[2011.11.16 20:55:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2011.11.16 20:55:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011.11.23 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2011.11.23 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011.11.23 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011.11.23 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2011.11.23 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011.11.23 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011.11.23 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2011.11.23 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011.11.23 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011.11.23 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2011.11.23 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011.11.23 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011.11.23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2011.11.23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011.11.23 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011.11.23 00:46:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011.11.23 00:35:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2011.11.22 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2011.11.22 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011.11.22 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011.11.22 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2011.11.22 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011.11.22 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011.11.22 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2011.11.22 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011.11.22 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011.11.22 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2011.11.22 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011.11.22 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011.11.22 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2011.11.22 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011.11.22 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011.11.22 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2011.11.22 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011.11.22 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011.11.22 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2011.11.22 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011.11.22 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011.11.21 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2011.11.21 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011.11.21 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011.11.21 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2011.11.21 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011.11.21 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011.11.20 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2011.11.20 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011.11.20 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011.11.20 00:57:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011.11.18 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2011.11.18 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011.11.18 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2006.10.01 19:14:53 | 000,046,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 21:24:21 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat
[2008.12.09 16:23:13 | 000,050,240 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
[2008.12.06 18:40:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\oR5cOsdL.exe.a_a

:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[clearallrestorepoints]
[emptyflash]
[emptyjava]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

katkat76
2011-11-24, 00:30
Hi Jeff,

sorry, but what do you mean be "Do you recognize this ===> C:\Dokumente und Einstellungen\Katrin\Eigene Dateien\cc_20111121_175011.reg"???

Is this something important? Should I do something "with it?"

I don´t know what it is...

Katrin

katkat76
2011-11-24, 01:01
here are the two logs you asked for:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632}\ deleted successfully.
C:\WINDOWS\system32\AcroIEHelpe049.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\appconf32.exe deleted successfully.
File \WINDOWS\system32\appconf32.exe) -C:\WINDOWS\system32\appconf32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fce64af0-4c39-11dc-81f1-001302cabfe0}\ not found.
File E:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fce64af0-4c39-11dc-81f1-001302cabfe0}\ not found.
File E:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fce64af0-4c39-11dc-81f1-001302cabfe0}\ not found.
File E:\Autorun.exe /action not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fce64af0-4c39-11dc-81f1-001302cabfe0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fce64af0-4c39-11dc-81f1-001302cabfe0}\ not found.
File E:\Autorun.exe /uninstall not found.
C:\WINDOWS\System32\xmldm folder moved successfully.
C:\WINDOWS\System32\kock folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET93.tmp deleted successfully.
C:\WINDOWS\System32\SET9F.tmp deleted successfully.
C:\WINDOWS\System32\srvblck2.tmp deleted successfully.
C:\WINDOWS\002814_.tmp deleted successfully.
C:\WINDOWS\nsk17.tmp\NSIS_Picasa.dll deleted successfully.
C:\WINDOWS\nsk17.tmp folder deleted successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\system32\edacded0.dat moved successfully.
File move failed. C:\WINDOWS\system32\appconf32.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\oR5cOsdL.exe.a_a moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Katrin\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Katrin\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: Admin
->Flash cache emptied: 648 bytes

User: Administrator
->Flash cache emptied: 540 bytes

User: All Users

User: Application Data

User: Default User
->Flash cache emptied: 540 bytes

User: Gast
->Flash cache emptied: 715 bytes

User: Katrin
->Flash cache emptied: 1506007 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 1,00 mb


[EMPTYJAVA]

User: Admin

User: Administrator

User: All Users

User: Application Data

User: Default User

User: Gast

User: Katrin
->Java cache emptied: 48085524 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 46,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 3826458 bytes
->Temporary Internet Files folder emptied: 460950 bytes
->FireFox cache emptied: 17667406 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 1169864 bytes
->Temporary Internet Files folder emptied: 1292563 bytes
->FireFox cache emptied: 3671566 bytes
->Flash cache emptied: 0 bytes

User: Katrin
->Temp folder emptied: 36302732 bytes
->Temporary Internet Files folder emptied: 220501 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 387665043 bytes
->Google Chrome cache emptied: 5836864 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 2671661 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1449912 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33432 bytes
RecycleBin emptied: 10752 bytes

Total Files Cleaned = 441,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11232011_233824

Files\Folders moved on Reboot...
C:\WINDOWS\system32\appconf32.exe moved successfully.

Registry entries deleted on Reboot...

katkat76
2011-11-24, 01:02
OTL logfile created on: 23.11.2011 23:47:21 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Katrin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014,11 Mb Total Physical Memory | 449,16 Mb Available Physical Memory | 44,29% Memory free
2,38 Gb Paging File | 1,91 Gb Available in Paging File | 80,27% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 34,48 Gb Free Space | 30,84% Space Free | Partition Type: NTFS

Computer Name: MUELLERIN | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\system32\o2flash.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\5048\components\AcroFF0486.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\OpenOffice.org 2.2\program\libxml2.dll ()
MOD - C:\Programme\CyberLink\PowerDVD\hodll.dll ()
MOD - C:\WINDOWS\system32\o2flash.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (FirebirdServerMAGIXInstance) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (SDHookService) -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SDHookDriver) -- C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (O2SDRDR) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://umlu.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.umlu.de"
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5048 [2011.11.23 11:14:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.17 20:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.17 20:08:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.01.04 11:57:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5048 [2011.11.23 11:14:18 | 000,000,000 | ---D | M]

[2010.07.20 11:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions
[2010.07.20 11:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.09 20:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011.08.16 22:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions
[2009.12.08 18:46:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.09 23:09:52 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2008.09.08 17:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Sunbird\Profiles\e4ayedvv.default\extensions
[2010.10.14 09:06:57 | 000,002,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\searchplugins\umlu.xml
[2011.08.17 20:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.23 11:14:18 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5048
[2011.08.12 07:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.08.12 05:19:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.08.12 05:19:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 05:19:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 05:19:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011.11.23 23:40:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Katrin\Startmenü\Programme\Autostart\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09706C6F-3E7A-4C48-A732-8260EE66205D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 () - http://www.amazed-tour.de/galerie0011/bilder/Img_0238.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.13 16:49:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\Katrin\Desktop\ylva und ihre jungs...
[2011.11.23 23:47:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2011.11.23 23:38:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.23 23:37:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.11.23 23:36:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.11.23 23:36:31 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.11.23 23:31:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Katrin\Desktop\erunt-setup.exe
[2011.11.23 19:24:39 | 004,303,750 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Katrin\Desktop\ComboFix.exe
[2011.11.23 19:03:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.23 14:42:29 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011.11.23 14:36:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Katrin\Desktop\heb texte
[2011.11.23 12:14:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe
[2011.11.23 11:14:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5048
[2011.11.22 22:00:01 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Katrin\Desktop\aswMBR.exe
[2011.11.22 21:35:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2011.11.22 16:20:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5047
[2011.11.21 14:46:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.20 21:05:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5044
[2011.11.19 11:15:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.17 10:47:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5042
[2011.11.16 20:56:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5041
[2011.11.08 20:40:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Katrin\Desktop\Stillen, Beikost
[2011.11.07 09:35:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2011.11.07 09:35:47 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011.11.07 09:35:40 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2011.11.07 09:25:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\Katrin\Desktop\ylva und ihre jungs...
[2011.11.23 23:44:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.23 23:44:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.23 23:44:20 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.23 23:40:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.11.23 23:36:32 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\NTREGOPT.lnk
[2011.11.23 23:36:32 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\ERUNT.lnk
[2011.11.23 23:31:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Katrin\Desktop\erunt-setup.exe
[2011.11.23 23:24:27 | 000,000,364 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.11.23 21:58:11 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.23 19:24:41 | 004,303,750 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Katrin\Desktop\ComboFix.exe
[2011.11.23 19:19:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.23 14:45:08 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.23 14:35:43 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\SystemLook.exe
[2011.11.23 12:14:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe
[2011.11.23 11:58:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.22 22:02:03 | 000,294,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\gmer.zip
[2011.11.22 22:01:23 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\MBR.dat
[2011.11.22 22:00:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Katrin\Desktop\aswMBR.exe
[2011.11.21 17:50:37 | 000,027,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Eigene Dateien\cc_20111121_175011.reg
[2011.11.09 14:28:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.09 14:27:25 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011.11.08 20:41:21 | 000,464,856 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.08 20:41:21 | 000,446,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.08 20:41:21 | 000,087,060 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.08 20:41:21 | 000,073,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.07 09:36:11 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.07 09:36:11 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 09:36:10 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 09:35:55 | 000,001,800 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011.11.07 09:25:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.11.07 09:08:33 | 000,012,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.rhk
[2011.11.07 09:08:32 | 006,852,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\ntuser.rhk
[2011.11.07 08:53:43 | 001,405,463 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\rückenschule.pdf
[2011.11.04 21:11:52 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.10.31 23:11:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2011.11.23 23:36:32 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\NTREGOPT.lnk
[2011.11.23 23:36:32 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\ERUNT.lnk
[2011.11.23 19:19:32 | 000,001,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
[2011.11.23 19:19:32 | 000,000,854 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Startmenü\Programme\Autostart\OpenOffice.org 2.2.lnk
[2011.11.23 14:35:43 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\SystemLook.exe
[2011.11.22 22:02:02 | 000,294,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\gmer.zip
[2011.11.22 22:01:23 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\MBR.dat
[2011.11.21 17:50:15 | 000,027,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Eigene Dateien\cc_20111121_175011.reg
[2011.11.16 20:55:40 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.07 09:36:08 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.07 09:36:08 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 09:36:08 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 09:35:55 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2011.11.07 09:35:55 | 000,001,800 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011.11.07 09:08:33 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.rhk
[2011.11.07 08:53:43 | 001,405,463 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\rückenschule.pdf
[2010.05.07 18:38:40 | 000,555,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\mdbu.bin
[2010.02.03 16:19:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC64Euro.ini
[2009.12.27 12:11:11 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7320.DAT
[2009.09.06 23:00:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2009.08.13 20:10:46 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.05.18 01:28:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.03.14 17:15:58 | 000,000,364 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.04.12 13:34:23 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007.04.12 13:34:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2007.04.03 19:32:58 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wTRTv.ini
[2006.11.19 16:14:32 | 001,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.11.19 16:14:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.19 16:14:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.11.19 16:14:30 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006.10.01 19:14:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.10.01 11:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.10.01 11:51:40 | 000,006,082 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006.10.01 11:50:45 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.09.30 18:55:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006.09.29 12:43:39 | 000,049,421 | ---- | C] () -- C:\WINDOWS\System32\compare.dat
[2006.09.29 12:42:43 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.09.13 19:15:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2006.09.13 19:14:53 | 000,464,856 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.09.13 19:14:53 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.09.13 19:14:53 | 000,087,060 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.09.13 19:14:53 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.09.13 19:14:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.09.13 19:14:46 | 000,446,152 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.09.13 19:14:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.09.13 19:14:46 | 000,073,358 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.09.13 19:14:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.09.13 19:14:46 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.09.13 19:14:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.09.13 19:14:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.09.13 19:14:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.09.13 19:14:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.09.13 19:14:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.09.13 19:14:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.09.13 18:07:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.13 17:50:17 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.13 17:45:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.09.13 17:44:42 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.09.13 17:42:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.09.13 17:39:42 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.09.13 17:39:07 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.09.13 17:31:37 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.09.13 16:51:49 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.09.13 16:50:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.09.13 16:47:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.09.13 16:47:14 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.01.27 16:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe
[2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004.08.09 08:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2001.09.04 03:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2000.09.14 00:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1999.01.22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

jeffce
2011-11-24, 03:55
Hi katkat76,

I just wanted to know if you recognized what it was or if you used it yourself. Since you don't seem to recognize it lets move it out of here. :)
----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:Services

:OTL
[2011.11.21 17:50:15 | 000,027,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Eigene Dateien\cc_20111121_175011.reg

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" =-
"2869:TCP" =-
"3689:TCP" =-

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------------

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the Start button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish

http://www.eset.com/onlinescan/
----------

In your next reply let me know if you had any problems with the instructions and post the logs created by OTL, Malwarebytes and ESET online scan. :)

katkat76
2011-11-24, 15:16
fix log attached, see below.
scan log here:

OTL logfile created on: 24.11.2011 14:06:03 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Katrin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014,11 Mb Total Physical Memory | 475,48 Mb Available Physical Memory | 46,89% Memory free
2,38 Gb Paging File | 1,94 Gb Available in Paging File | 81,26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 34,47 Gb Free Space | 30,84% Space Free | Partition Type: NTFS

Computer Name: MUELLERIN | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\system32\o2flash.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\OpenOffice.org 2.2\program\libxml2.dll ()
MOD - C:\Programme\CyberLink\PowerDVD\hodll.dll ()
MOD - C:\WINDOWS\system32\o2flash.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (FirebirdServerMAGIXInstance) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (SDHookService) -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SDHookDriver) -- C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (O2SDRDR) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://umlu.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.umlu.de"
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5048 [2011.11.23 11:14:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.17 20:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.17 20:08:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.01.04 11:57:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5048 [2011.11.23 11:14:18 | 000,000,000 | ---D | M]

[2010.07.20 11:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions
[2010.07.20 11:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.09 20:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011.08.16 22:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions
[2009.12.08 18:46:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.09 23:09:52 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2008.09.08 17:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Sunbird\Profiles\e4ayedvv.default\extensions
[2010.10.14 09:06:57 | 000,002,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\searchplugins\umlu.xml
[2011.08.17 20:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.23 11:14:18 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5048
[2011.08.12 07:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.08.12 05:19:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.08.12 05:19:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 05:19:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 05:19:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011.11.23 23:40:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Katrin\Startmenü\Programme\Autostart\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09706C6F-3E7A-4C48-A732-8260EE66205D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 () - http://www.amazed-tour.de/galerie0011/bilder/Img_0238.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.13 16:49:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\Katrin\Desktop\ylva und ihre jungs...
[2011.11.23 23:47:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2011.11.23 23:38:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.23 23:37:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.11.23 23:36:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.11.23 23:36:31 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.11.23 23:31:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Katrin\Desktop\erunt-setup.exe
[2011.11.23 19:24:39 | 004,303,750 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Katrin\Desktop\ComboFix.exe
[2011.11.23 19:03:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.23 14:42:29 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011.11.23 14:36:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Katrin\Desktop\heb texte
[2011.11.23 12:14:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe
[2011.11.23 11:14:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5048
[2011.11.22 22:00:01 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Katrin\Desktop\aswMBR.exe
[2011.11.22 21:35:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2011.11.22 16:20:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5047
[2011.11.21 14:46:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.20 21:05:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5044
[2011.11.19 11:15:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.17 10:47:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5042
[2011.11.16 20:56:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5041
[2011.11.08 20:40:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Katrin\Desktop\Stillen, Beikost
[2011.11.07 09:35:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2011.11.07 09:35:47 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011.11.07 09:35:40 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2011.11.07 09:25:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\Katrin\Desktop\ylva und ihre jungs...
[2011.11.24 14:03:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.24 14:02:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.24 14:02:46 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.24 13:58:22 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.23 23:40:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.11.23 23:36:32 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\NTREGOPT.lnk
[2011.11.23 23:36:32 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\ERUNT.lnk
[2011.11.23 23:31:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Katrin\Desktop\erunt-setup.exe
[2011.11.23 23:24:27 | 000,000,364 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.11.23 19:24:41 | 004,303,750 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Katrin\Desktop\ComboFix.exe
[2011.11.23 19:19:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.23 14:45:08 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.23 14:35:43 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\SystemLook.exe
[2011.11.23 12:14:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe
[2011.11.23 11:58:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.22 22:02:03 | 000,294,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\gmer.zip
[2011.11.22 22:01:23 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\MBR.dat
[2011.11.22 22:00:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Katrin\Desktop\aswMBR.exe
[2011.11.09 14:28:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.09 14:27:25 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011.11.08 20:41:21 | 000,464,856 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.08 20:41:21 | 000,446,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.08 20:41:21 | 000,087,060 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.08 20:41:21 | 000,073,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.07 09:36:11 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.07 09:36:11 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 09:36:10 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 09:35:55 | 000,001,800 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011.11.07 09:25:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.11.07 09:08:33 | 000,012,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.rhk
[2011.11.07 09:08:32 | 006,852,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\ntuser.rhk
[2011.11.07 08:53:43 | 001,405,463 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\rückenschule.pdf
[2011.11.04 21:11:52 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.10.31 23:11:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2011.11.23 23:36:32 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\NTREGOPT.lnk
[2011.11.23 23:36:32 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\ERUNT.lnk
[2011.11.23 19:19:32 | 000,001,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
[2011.11.23 19:19:32 | 000,000,854 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Startmenü\Programme\Autostart\OpenOffice.org 2.2.lnk
[2011.11.23 14:35:43 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\SystemLook.exe
[2011.11.22 22:02:02 | 000,294,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\gmer.zip
[2011.11.22 22:01:23 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\MBR.dat
[2011.11.16 20:55:40 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.07 09:36:08 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.07 09:36:08 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 09:36:08 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 09:35:55 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2011.11.07 09:35:55 | 000,001,800 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011.11.07 09:08:33 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.rhk
[2011.11.07 08:53:43 | 001,405,463 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\rückenschule.pdf
[2010.05.07 18:38:40 | 000,555,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\mdbu.bin
[2010.02.03 16:19:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC64Euro.ini
[2009.12.27 12:11:11 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7320.DAT
[2009.09.06 23:00:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2009.08.13 20:10:46 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.05.18 01:28:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.03.14 17:15:58 | 000,000,364 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.04.12 13:34:23 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007.04.12 13:34:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2007.04.03 19:32:58 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wTRTv.ini
[2006.11.19 16:14:32 | 001,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.11.19 16:14:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.19 16:14:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.11.19 16:14:30 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006.10.01 19:14:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.10.01 11:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.10.01 11:51:40 | 000,006,082 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006.10.01 11:50:45 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.09.30 18:55:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006.09.29 12:43:39 | 000,049,421 | ---- | C] () -- C:\WINDOWS\System32\compare.dat
[2006.09.29 12:42:43 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.09.13 19:15:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2006.09.13 19:14:53 | 000,464,856 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.09.13 19:14:53 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.09.13 19:14:53 | 000,087,060 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.09.13 19:14:53 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.09.13 19:14:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.09.13 19:14:46 | 000,446,152 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.09.13 19:14:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.09.13 19:14:46 | 000,073,358 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.09.13 19:14:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.09.13 19:14:46 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.09.13 19:14:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.09.13 19:14:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.09.13 19:14:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.09.13 19:14:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.09.13 19:14:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.09.13 19:14:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.09.13 18:07:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.13 17:50:17 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.13 17:45:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.09.13 17:44:42 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.09.13 17:42:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.09.13 17:39:42 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.09.13 17:39:07 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.09.13 17:31:37 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.09.13 16:51:49 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.09.13 16:50:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.09.13 16:47:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.09.13 16:47:14 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.01.27 16:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe
[2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004.08.09 08:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2001.09.04 03:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2000.09.14 00:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1999.01.22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

katkat76
2011-11-24, 15:54
hi jeff,

the mbma log is attached.
But I had problems with eset, when I klick on "Start" it tells me: "can not get update. Is prxy configured?"

What do I have to do???

Katrin

jeffce
2011-11-24, 16:12
Hi katkat76,

Thanks for the OTL and Malwarebytes log.
---------------

Check the proxy settings on Firefox:

Open Firefox
Click on Tools >> Options
Now select Advanced >> Connection Settings tab
Select No proxy
Ok

---------------

Check proxy settings in Internet Explorer:

Open Internet Explorer
Click on Tools >> Internet Options
Now select Connections >> LAN Settings button
De-Select all settings
Ok

--------------

Once you get those checked out try to re-run the ESET scan. :)

katkat76
2011-11-24, 18:21
I could run the eset this time and at it end it said: no threats found, so I also don´t have any report.

Anything next?
ANd do I have to change something on the proxy conf. now again, after I ran eset? Back to the old config????

Katrin

jeffce
2011-11-25, 20:15
Hi katkat76,


ANd do I have to change something on the proxy conf. now again, after I ran eset? Back to the old config????No no...leave those alone. :)
-------------

How is your system running now?

katkat76
2011-11-25, 23:20
Well, it runs ok, I am just not sure if everything really is okay. I never really had problems, just that one incident with my online banking, where I realized that there was something wrong.
I ran another Malware Scan today and got this log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8231

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25.11.2011 18:38:49
mbam-log-2011-11-25 (18-38-49).txt

Scan type: Quick scan
Objects scanned: 266826
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\xmldm\3132_ff_0000000335.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000320.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000321.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000322.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000323.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000324.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000325.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000326.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000327.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000328.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000329.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000330.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000331.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000332.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000333.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000334.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000336.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000337.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000338.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000339.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000340.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000341.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000342.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3132_ff_0000000343.key (Stolen.Data) -> Quarantined and deleted successfully.


What do you think after all this logs I posted. What did they "tell you"? In case you can explain this in a few words to a greenhorn like me ;-)

Katrin

jeffce
2011-11-26, 00:42
Hi katkat76,


What do you think after all this logs I posted. What did they "tell you"?You had some infections on your system that looks like they are removed. Nothing seemingly over-the-top horrible but infections none-the-less :)
--------------


You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)

You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)

In either case you should uninstall Adobe Reader 9.1 first. Be sure to move any PDF documents to another folder first though.
----------

Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own
folder
Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
Java Runtime Environment (JRE) version for your computer.
----------

After you get those completed please run a new scan with OTL and post the results into the next reply. :)

katkat76
2011-11-26, 01:41
hi jeff,

I followed your instructions but chose pdf-xchange viewer instead of foxit.

new otl log:

OTL logfile created on: 26.11.2011 00:30:01 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Katrin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1014,11 Mb Total Physical Memory | 475,20 Mb Available Physical Memory | 46,86% Memory free
2,38 Gb Paging File | 1,87 Gb Available in Paging File | 78,33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 34,32 Gb Free Space | 30,70% Space Free | Partition Type: NTFS

Computer Name: MUELLERIN | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\system32\o2flash.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\OpenOffice.org 2.2\program\libxml2.dll ()
MOD - C:\Programme\CyberLink\PowerDVD\hodll.dll ()
MOD - C:\WINDOWS\system32\o2flash.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (FirebirdServerMAGIXInstance) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (SDHookService) -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SDHookDriver) -- C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (O2SDRDR) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://umlu.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.umlu.de"
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5048 [2011.11.23 11:14:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.17 20:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.26 00:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.01.04 11:57:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5048 [2011.11.23 11:14:18 | 000,000,000 | ---D | M]

[2010.07.20 11:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions
[2010.07.20 11:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.09 20:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011.08.16 22:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions
[2009.12.08 18:46:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.09 23:09:52 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2008.09.08 17:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Sunbird\Profiles\e4ayedvv.default\extensions
[2010.10.14 09:06:57 | 000,002,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\searchplugins\umlu.xml
[2011.11.26 00:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.26 00:26:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011.11.23 11:14:18 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5048
[2011.08.12 07:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.11.26 00:25:53 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.27 20:04:22 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.08.12 05:19:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.08.12 05:19:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 05:19:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 05:19:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011.11.23 23:40:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Katrin\Startmenü\Programme\Autostart\OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09706C6F-3E7A-4C48-A732-8260EE66205D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 () - http://www.amazed-tour.de/galerie0011/bilder/Img_0238.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.13 16:49:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\Katrin\Desktop\ylva und ihre jungs...
[2011.11.26 00:27:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.11.26 00:26:29 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011.11.26 00:26:29 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011.11.26 00:26:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011.11.26 00:26:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011.11.26 00:23:44 | 020,197,256 | ---- | C] (Oracle Corporation) -- C:\Dokumente und Einstellungen\Katrin\Desktop\jre-7u1-windows-i586.exe
[2011.11.26 00:05:18 | 000,000,000 | ---D | C] -- C:\Programme\Tracker Software
[2011.11.24 14:39:10 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Katrin\Desktop\esetsmartinstaller_enu.exe
[2011.11.24 14:21:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\Malwarebytes
[2011.11.24 14:21:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.11.24 14:21:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.24 14:21:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.24 14:21:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.24 14:19:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Katrin\Desktop\LOGS
[2011.11.24 14:18:34 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Katrin\Desktop\mbam-setup-1.51.2.1300.exe
[2011.11.23 23:38:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.23 23:37:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.11.23 23:36:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.11.23 23:36:31 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.11.23 23:31:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Katrin\Desktop\erunt-setup.exe
[2011.11.23 19:24:39 | 004,303,750 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Katrin\Desktop\ComboFix.exe
[2011.11.23 19:03:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.23 14:42:29 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011.11.23 14:36:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Katrin\Desktop\heb texte
[2011.11.23 12:14:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe
[2011.11.23 11:14:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5048
[2011.11.22 22:00:01 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Katrin\Desktop\aswMBR.exe
[2011.11.22 21:35:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2011.11.22 16:20:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5047
[2011.11.21 14:46:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.20 21:05:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5044
[2011.11.19 11:15:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.17 10:47:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5042
[2011.11.16 20:56:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5041
[2011.11.08 20:40:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Katrin\Desktop\Stillen, Beikost
[2011.11.07 09:35:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2011.11.07 09:35:47 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011.11.07 09:35:40 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2011.11.07 09:25:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

File not found -- C:\Dokumente und Einstellungen\Katrin\Desktop\ylva und ihre jungs...
[2011.11.26 00:25:52 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011.11.26 00:25:52 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011.11.26 00:25:51 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011.11.26 00:25:51 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011.11.26 00:25:51 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011.11.26 00:24:41 | 020,197,256 | ---- | M] (Oracle Corporation) -- C:\Dokumente und Einstellungen\Katrin\Desktop\jre-7u1-windows-i586.exe
[2011.11.26 00:06:12 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF-XChange Viewer.lnk
[2011.11.25 23:58:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.25 22:02:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.25 22:00:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.25 22:00:55 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.25 08:08:45 | 000,000,409 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.11.25 08:08:08 | 000,007,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\sb log 25.11
[2011.11.25 05:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011.11.25 05:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2011.11.25 05:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011.11.25 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2011.11.25 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011.11.25 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011.11.25 03:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2011.11.25 03:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011.11.25 03:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011.11.25 02:00:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2011.11.25 02:00:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011.11.25 02:00:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011.11.24 14:39:11 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Katrin\Desktop\esetsmartinstaller_enu.exe
[2011.11.24 14:21:11 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.24 14:18:56 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Katrin\Desktop\mbam-setup-1.51.2.1300.exe
[2011.11.23 23:40:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.11.23 23:36:32 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\NTREGOPT.lnk
[2011.11.23 23:36:32 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\ERUNT.lnk
[2011.11.23 23:31:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Katrin\Desktop\erunt-setup.exe
[2011.11.23 19:24:41 | 004,303,750 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Katrin\Desktop\ComboFix.exe
[2011.11.23 19:19:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.23 14:45:08 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.23 14:35:43 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\SystemLook.exe
[2011.11.23 12:14:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Katrin\Desktop\OTL.exe
[2011.11.23 11:58:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.22 22:02:03 | 000,294,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\gmer.zip
[2011.11.22 22:00:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Katrin\Desktop\aswMBR.exe
[2011.11.09 14:28:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.09 14:27:25 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011.11.08 20:41:21 | 000,464,856 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.08 20:41:21 | 000,446,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.08 20:41:21 | 000,087,060 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.08 20:41:21 | 000,073,358 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.07 09:36:11 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.07 09:36:11 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 09:36:10 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 09:35:55 | 000,001,800 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011.11.07 09:25:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.11.07 09:08:33 | 000,012,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.rhk
[2011.11.07 09:08:32 | 006,852,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\ntuser.rhk
[2011.11.07 08:53:43 | 001,405,463 | ---- | M] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\rückenschule.pdf
[2011.11.04 21:11:52 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.10.31 23:11:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2011.11.26 00:06:12 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF-XChange Viewer.lnk
[2011.11.25 08:08:08 | 000,007,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\sb log 25.11
[2011.11.24 14:21:11 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.23 23:36:32 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\NTREGOPT.lnk
[2011.11.23 23:36:32 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\ERUNT.lnk
[2011.11.23 19:19:32 | 000,001,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
[2011.11.23 19:19:32 | 000,000,854 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Startmenü\Programme\Autostart\OpenOffice.org 2.2.lnk
[2011.11.23 14:35:43 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\SystemLook.exe
[2011.11.22 22:02:02 | 000,294,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\gmer.zip
[2011.11.16 20:55:40 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.07 09:36:08 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.11.07 09:36:08 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.11.07 09:36:08 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.11.07 09:35:55 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2011.11.07 09:35:55 | 000,001,800 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011.11.07 09:08:33 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.rhk
[2011.11.07 08:53:43 | 001,405,463 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Desktop\rückenschule.pdf
[2010.05.07 18:38:40 | 000,555,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Anwendungsdaten\mdbu.bin
[2010.02.03 16:19:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC64Euro.ini
[2009.12.27 12:11:11 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7320.DAT
[2009.09.06 23:00:54 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2009.08.13 20:10:46 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.05.18 01:28:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.03.14 17:15:58 | 000,000,409 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.04.12 13:34:23 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007.04.12 13:34:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2007.04.03 19:32:58 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wTRTv.ini
[2006.11.19 16:14:32 | 001,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.11.19 16:14:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.19 16:14:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.11.19 16:14:30 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006.10.01 19:14:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.10.01 11:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.10.01 11:51:40 | 000,006,082 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006.10.01 11:50:45 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.09.30 18:55:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006.09.29 12:43:39 | 000,049,421 | ---- | C] () -- C:\WINDOWS\System32\compare.dat
[2006.09.29 12:42:43 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.09.13 19:15:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2006.09.13 19:14:53 | 000,464,856 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.09.13 19:14:53 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.09.13 19:14:53 | 000,087,060 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.09.13 19:14:53 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.09.13 19:14:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.09.13 19:14:46 | 000,446,152 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.09.13 19:14:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.09.13 19:14:46 | 000,073,358 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.09.13 19:14:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.09.13 19:14:46 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.09.13 19:14:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.09.13 19:14:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.09.13 19:14:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.09.13 19:14:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.09.13 19:14:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.09.13 19:14:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.09.13 18:07:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.13 17:50:17 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.13 17:45:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.09.13 17:44:42 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.09.13 17:42:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.09.13 17:39:42 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.09.13 17:39:07 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.09.13 17:31:37 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.09.13 16:51:49 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.09.13 16:50:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.09.13 16:47:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.09.13 16:47:14 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.01.27 16:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe
[2005.01.21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004.08.09 08:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2001.09.04 03:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2000.09.14 00:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1999.01.22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

jeffce
2011-11-26, 02:11
Hi katkat76,

Please delete your copy of ComboFix using right-click >> delete and then download a fresh copy from:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

Run ComboFix and then post the log created into your next reply. :)

katkat76
2011-11-26, 16:30
It always tells me that avira antivir personal edition is still active, even though I deactivated it and the little white umbrella is closed...??? So I couldn´t run Combifix.
Any suggestions?

jeffce
2011-11-26, 21:03
Hi,

Go ahead and run it anyway if you are able to do so. It shouldn't cause any problems.

katkat76
2011-11-26, 23:09
ComboFix 11-11-26.04 - Katrin 26.11.2011 21:39:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.548 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Katrin\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD218-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD218-FFA4-00EB-0D24-347CA8A3377C}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Katrin\Recent\Thumbs.db
c:\windows\IsUn0407.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-26 bis 2011-11-26 ))))))))))))))))))))))))))))))
.
.
2011-11-26 12:56 . 2011-11-26 12:56 -------- d-----w- c:\dokumente und einstellungen\Katrin\Lokale Einstellungen\Anwendungsdaten\Sun
2011-11-25 23:26 . 2011-11-25 23:25 611224 ----a-w- c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-25 23:26 . 2011-11-25 23:25 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-25 23:05 . 2011-11-25 23:06 -------- d-----w- c:\programme\Tracker Software
2011-11-24 13:21 . 2011-11-24 13:21 -------- d-----w- c:\dokumente und einstellungen\Katrin\Anwendungsdaten\Malwarebytes
2011-11-24 13:21 . 2011-11-24 13:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-11-24 13:21 . 2011-11-24 13:21 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-11-24 13:21 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 22:38 . 2011-11-23 22:38 -------- d-----w- C:\_OTL
2011-11-23 22:36 . 2011-11-23 22:36 -------- d-----w- c:\programme\ERUNT
2011-11-23 10:14 . 2011-11-23 10:14 -------- d-----w- c:\windows\system32\5048
2011-11-22 15:20 . 2011-11-22 15:20 -------- d-----w- c:\windows\system32\5047
2011-11-21 13:46 . 2011-11-21 13:46 -------- d-----w- c:\windows\system32\5045
2011-11-20 20:05 . 2011-11-20 20:05 -------- d-----w- c:\windows\system32\5044
2011-11-19 10:15 . 2011-11-19 10:15 -------- d-----w- c:\windows\system32\5043
2011-11-17 09:47 . 2011-11-17 09:47 -------- d-----w- c:\windows\system32\5042
2011-11-16 19:56 . 2011-11-16 19:56 -------- d-----w- c:\windows\system32\5041
2011-11-07 08:35 . 2009-01-25 12:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-07 08:35 . 2011-11-07 08:35 -------- d-----w- c:\programme\Spybot - Search & Destroy 2
2011-11-07 08:25 . 2011-11-07 08:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-30 11:23 . 2011-10-30 11:23 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 23:25 . 2007-06-29 11:09 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-10 14:22 . 2006-09-13 15:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-09-13 18:14 604160 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-09-13 18:14 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-09-13 18:14 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2006-09-13 18:14 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:55 . 2006-09-13 18:14 672768 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:55 . 2006-09-13 18:14 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:55 . 2006-09-13 18:14 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 13:54 . 2006-09-13 18:14 371200 ----a-w- c:\windows\system32\html.iec
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
2011-08-12 06:13 . 2011-08-17 19:08 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-05-04 252136]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning"="c:\programme\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-07-13 292128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Katrin\Startmenü\Programme\Autostart\
OpenOffice.org 2.2.lnk - c:\programme\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.02.2006 15:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.02.2006 16:01 29056]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\programme\Spybot - Search & Destroy 2\SDHookDrv32.sys [07.11.2011 09:35 38504]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\programme\Spybot - Search & Destroy 2\SDHookSvc.exe [07.11.2011 09:35 130976]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [22.12.2009 20:07 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [22.12.2009 20:07 135664]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [07.11.2011 09:35 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [07.11.2011 09:35 955816]
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-26 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-07 14:46]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-22 19:06]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-22 19:06]
.
2011-11-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-07 14:46]
.
2011-11-26 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2011-11-07 14:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://umlu.de/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://de.yahoo.com/fsc/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Katrin\Anwendungsdaten\Mozilla\Firefox\Profiles\524sgn8u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.umlu.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 21:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
.
- - - - - - - > 'lsass.exe'(748)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
.
Zeit der Fertigstellung: 2011-11-26 21:49:14
ComboFix-quarantined-files.txt 2011-11-26 20:48
.
Vor Suchlauf: 19 Verzeichnis(se), 36.903.071.744 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 37.015.511.040 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8856073A80DEB37AC6A8C6E36F9A208F

jeffce
2011-11-27, 03:31
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
------------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)

http://i1224.photobucket.com/albums/ee380/jeffce74/CF.jpg
----------

Clean up with OTL:

Right-click and Run as Administrator OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

katkat76
2011-11-27, 12:14
Hi Jeff,

THANK YOU SO MUCH for your help!!! I know that you can´t promise that everything is really gone, but we just hope and of course I change my passwords again.

One more thing: I actually never use Internet Explorer, only firefox.
DO you have some tips to make firefox more secure?

AND: CAn I actually delete IE completely as I don´t use it anyways?

Thanks again for you help and in case you ever come to Berlin, I invite you for dinner ;-)!

Katrin

jeffce
2011-11-27, 23:19
Hi,


THANK YOU SO MUCH for your help!!!You are more than welcome!! :)


One more thing: I actually never use Internet Explorer, only firefox.
DO you have some tips to make firefox more secure?Be sure to keep your Internet Explorer up to date though because that is the browser that Windows uses to perform all of its updates. (BTW...no you can't delete IE). As for Firefox I would download and install these two add-ons to make it more secure >> Ad Block Plus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/?src=search) and No Script (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=search)


in case you ever come to Berlin, I invite you for dinnerThank you LOL!! If you are making anything with kroketten u. a good pils I am there. :D

jeffce
2011-11-28, 14:41
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.