[dietr]

A few days ago, I noticed some strange behavior of my computer (tons of fake system error messages: disk unreadable, RAM temperature exceeds limit, rotational speed of harddisk 20% below normal etc.) I was advised by a friend to replace my old virus checker by Avast!. After I ran Avast!, the initial symptoms disappeared, but Avast! requested a startup scan to be performed after rebooting the system. During that startup scan, after only a second or two, Avast! displayed the error message "MBR 0 infected by MBR:Alureon-K [Rtk]."

Since that happened, I re-built the whole system twice and tried all the tools I could get hold of - to no avail.

1) Recovery console. Since my computer is a netbook without CD-drive (and, consequently, I did not receive an installation CD from Lenovo), I could not boot from the setup CD to run the recovery console to fix the MBR. (I wish Microsoft would come up with a reasonable USB-stick-based solution for accessing the recovery console on a netbook.)

2) I tried wintoflash.exe to create a bootable USB stick (to use the recovery console), but wintoflash did not like the Windows XP installation CD I offered it, so I ended up without the bootable USB stick.

3) I tried Kaspersky "TDSSkiller.exe", but that program wouldn't even start when I clicked on it. (I noticed on the internet that there are quite a few users who experienced that same problem.)

4) I tried the Microsoft malicious program remover "kb890830-v4.2". It scanned my system for more than 2 hours only to find no malicious software at all. (The virus was still there, of course.)

I would appreciate if somebody could point out to me a CLEAR and METHODICAL approach how I can get rid of that nasty trojan.

I am attaching a log of an OTM run (if that is of any use).

Thanks for your support.

Attached Files

•  OTMLog.rtf   2.16KB   182 downloads

[Advertisements]

Welcome to GTG. Let's help you out with your malware issue(s).

Before we start, make sure you carefully read what I have to say. Don't skip anything. You may even want to have this all printed out in case you're forced to exit this window.

Also, from now on, please paste the contents of any requested logs directly into your posts instead of attaching the logs themselves to your posts. And don't run anything on your system for now unless I tell you to.


Step 1

• Download aswMBR.exe to your desktop.
  
• Double click the aswMBR.exe to run it
  
• Click the [Scan] button to start scan
  
• On completion of the scan click [Save log], save it to your desktop and post in your next reply

Step 2

Run OTL.

• Click the Quick Scan button at the top.
• Make sure you post the log it produces in your next reply.

Edited by Amlak, 26 November 2011 - 02:59 AM.

[Amlak]

Welcome to GTG. Let's help you out with your malware issue(s).

Before we start, make sure you carefully read what I have to say. Don't skip anything. You may even want to have this all printed out in case you're forced to exit this window.

Also, from now on, please paste the contents of any requested logs directly into your posts instead of attaching the logs themselves to your posts. And don't run anything on your system for now unless I tell you to.


Step 1

• Download aswMBR.exe to your desktop.
  
• Double click the aswMBR.exe to run it
  
• Click the [Scan] button to start scan
  
• On completion of the scan click [Save log], save it to your desktop and post in your next reply

Step 2

Run OTL.

• Click the Quick Scan button at the top.
• Make sure you post the log it produces in your next reply.

Edited by Amlak, 26 November 2011 - 02:59 AM.

[dietr]

Thank you very much for responding so quickly.

In the meantime, I was lucky to bump into someone (I am travelling South East Asia these days) that helped me remove that [bleep]. I did several scans, restarts etc to be sure that I killed it for good and everything seems to be ok now.

I really appreciate your forum a lot and I will recommend it to anybody having trouble with a virus or trojan.
This theme can be closed now.

Rgds, dietr

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[Essexboy]

User returned

[Amlak]

Welcome back.

Ok, in addition to the above set of instructions, please also do the following:

Start -> Run (if you're using Vista/7, press and hold the Windows key on your keyboard and then press R to access Run):
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. You can take a screenshot by pressing the PrintScreen/PrtScrn button loacted somewhere at the top of your keyboard and using Paste in the Paint program to paste the copied screenshot.

[dietr]

I apologize for appearing a bit chaotic. I just thought everything would be ok now. From now on I will not run any programs without your explicit instruction. But I should mention that in the session I had with an IT expert earlier today, we tried all kind of things, basically following the material on your website. It seemed to have worked, but the virus returned after a couple of hours.

Just to illustrate the on-off-behaviour of the virus, I am including the Avast! log file. At this moment, Avast does NOT show the virus in the startup scan.(It is in German, but I am sure you'll get the message.)

**********************************************************************************************

11/23/2011 22:21 <VIRUS>
Scan aller lokalen Laufwerke

Datei MBR 0 ist infiziert von MBR:Alureon-K [Rtk]
File MBR 0 is infected by MBR:Alureon-K [Rtk]

Prüfung abgebrochen
Anzahl durchsuchter Ordner: 5
Anzahl der geprüften Dateien: 43826
Anzahl infizierter Dateien: 1

----------------------------------------
11/25/2011 18:38 <VIRUS>
Scan aller lokalen Laufwerke

Datei MBR 0 ist infiziert von MBR:Alureon-K [Rtk]
Datei C:\hiberfil.sys ist infiziert von Suela-1042, In Container verschieben: Fehler 0xC000007F {Ein Vorgang wurde wegen zu wenig Speicherplatz auf dem Datenträger nicht ausgeführt.}
Datei C:\WINDOWS\SoftwareDistribution\Download\11c5f2d626247d5b36dc00c50021cb8a\BIT4.tmp|>NDP20SP2-KB976765.msp|>GDRGDR.cab|>System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\WINDOWS\SoftwareDistribution\Download\11c5f2d626247d5b36dc00c50021cb8a\BIT4.tmp|>NDP20SP2-KB976765.msp|>GDRGDR.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei C:\WINDOWS\SoftwareDistribution\Download\11c5f2d626247d5b36dc00c50021cb8a\BIT4.tmp|>NDP20SP2-KB976765.msp Fehler 42127 {CAB-Archiv ist beschädigt.}

Prüfung abgebrochen
Anzahl durchsuchter Ordner: 5622
Anzahl der geprüften Dateien: 542328
Anzahl infizierter Dateien: 2

----------------------------------------
11/27/2011 12:29 <NO VIRUS>
Scan von C:

Anzahl durchsuchter Ordner: 6212
Anzahl der geprüften Dateien: 500742
Anzahl infizierter Dateien: 0
Number of infected files: 0

----------------------------------------
11/27/2011 13:27 <NO VIRUS>
Scan von C:

Scan von *STARTUP

Anzahl durchsuchter Ordner: 6213
Anzahl der geprüften Dateien: 501343
Anzahl infizierter Dateien: 0

----------------------------------------
11/27/2011 18:00 <VIRUS>
Scan aller lokalen Laufwerke

Datei MBR 0 ist infiziert von MBR:Alureon-K [Rtk]

Prüfung abgebrochen
Anzahl durchsuchter Ordner: 13
Anzahl der geprüften Dateien: 31
Anzahl infizierter Dateien: 1

----------------------------------------
11/27/2011 18:08 <VIRUS>
Scan aller lokalen Laufwerke

Datei MBR 0 ist infiziert von MBR:Alureon-K [Rtk]

Prüfung abgebrochen
Anzahl durchsuchter Ordner: 13
Anzahl der geprüften Dateien: 31
Anzahl infizierter Dateien: 1

----------------------------------------
11/27/2011 20:38 <VIRUS>
Scan aller lokalen Laufwerke

Datei MBR 0 ist infiziert von MBR:Alureon-K [Rtk]

Prüfung abgebrochen

----------------------------------------
11/27/2011 20:57 <VIRUS>
Scan aller lokalen Laufwerke

Datei MBR 0 ist infiziert von MBR:Alureon-K [Rtk]

Prüfung abgebrochen
Anzahl durchsuchter Ordner: 13
Anzahl der geprüften Dateien: 2050
Anzahl infizierter Dateien: 1

----------------------------------------
11/27/2011 22:37 <NO VIRUS>
Scan von C:

Scan von *STARTUP


Prüfung abgebrochen
Anzahl durchsuchter Ordner: 13
Anzahl der geprüften Dateien: 2132
Anzahl infizierter Dateien: 0

----------------------------------------
11/27/2011 22:48 <NO VIRUS>
Scan von C:

Scan von *STARTUP


Prüfung abgebrochen
Anzahl durchsuchter Ordner: 13
Anzahl der geprüften Dateien: 2665
Anzahl infizierter Dateien: 0
**********************************************************************************************



Now here is my feedback to your three requests:

1) diskmgmt.msc
Screenprint attached.

2) aswMBR.exe
I downloaded it to the desktop. On clicking I get a security warning, but the program does not start.

3) OTL
I downloaded and ran OTL. Here is what the OTL Quick Scan came up with:

**********************************************************************************************

OTL logfile created on: 27.11.2011 23:20:44 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\db\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013,88 Mb Total Physical Memory | 460,25 Mb Available Physical Memory | 45,39% Memory free
2,38 Gb Paging File | 1,98 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 105,10 Gb Total Space | 83,80 Gb Free Space | 79,73% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 12,12 Gb Free Space | 41,51% Space Free | Partition Type: NTFS

Computer Name: LENOVO-A6F13EA5 | User Name: db | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\db\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Windows NT\Zubehör\wordpad.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\AVAST Software\Avast\defs\11112601\algo.dll ()
MOD - C:\Programme\AVAST Software\Avast\defs\11112601\aswRep.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Facev.dll ()
MOD - C:\WINDOWS\system32\FunFrm.dll ()
MOD - C:\WINDOWS\system32\IcnOvrly.dll ()
MOD - C:\WINDOWS\system32\SetDev.dll ()
MOD - C:\WINDOWS\system32\FaceVerify.dll ()
MOD - C:\WINDOWS\system32\MainOp.dll ()
MOD - C:\WINDOWS\system32\VideoOp.dll ()
MOD - C:\WINDOWS\system32\PicNotify.dll ()
MOD - C:\WINDOWS\system32\Apblend.dll ()
MOD - C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
MOD - C:\WINDOWS\system32\Momo.dll ()
MOD - C:\WINDOWS\system32\image.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Program Files\Lenovo\OneKey App\System Repair\LenovoAPI.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (usbsmi) -- C:\WINDOWS\system32\drivers\SMIksdrv.sys (SMI)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (WSVD) -- C:\WINDOWS\system32\drivers\WSVD.sys (CyberLink)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "file:///C:/DB/DB/DBHome.HTM"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programme\AVAST Software\Avast\WebRep\FF [2011.11.23 19:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.23 19:39:32 | 000,000,000 | ---D | M]

[2011.11.23 19:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Mozilla\Extensions
[2011.11.23 22:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.23 22:10:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.11.21 12:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.11.21 09:17:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 09:09:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.11.21 09:17:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 09:17:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 09:17:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 09:17:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 20:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\db\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22756AF0-7CAA-4C93-9DFE-E9584776F665}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - (PicNotify.dll) - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.03 16:42:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.27 22:06:08 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\db\Desktop\aswMBR.exe
[2011.11.27 21:51:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\db\Desktop\OTL.exe
[2011.11.27 19:50:14 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.11.27 14:57:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.26 21:25:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Alawar
[2011.11.26 21:17:39 | 000,000,000 | ---D | C] -- C:\Programme\MyPlayCity.com
[2011.11.26 14:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.11.26 08:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011.11.26 02:33:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.25 23:05:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\OpenOffice.org
[2011.11.25 22:19:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Malwarebytes
[2011.11.25 22:18:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.25 14:13:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2011.11.25 08:10:44 | 000,000,000 | ---D | C] -- C:\0a5a5e88d06bbaa581e069
[2011.11.25 00:40:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Startmenü\Programme\Verwaltung
[2011.11.24 11:46:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011.11.24 02:16:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011.11.23 23:01:09 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Microsoft
[2011.11.23 23:01:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\db\SendTo
[2011.11.23 23:01:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\db\Recent
[2011.11.23 23:01:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Startmenü
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Favoriten
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\Eigene Musik
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\Eigene Bilder
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Startmenü\Programme\Autostart
[2011.11.23 23:01:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\db\Cookies
[2011.11.23 23:01:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\db\Vorlagen
[2011.11.23 23:01:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\db\Netzwerkumgebung
[2011.11.23 23:01:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen
[2011.11.23 23:01:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\db\Druckumgebung
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Seven Zip
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\InstallShield
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Identities
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Identities
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Desktop
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011.11.23 22:11:13 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2011.11.23 22:10:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.11.23 22:10:52 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.11.23 22:10:09 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.11.23 22:09:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Sun
[2011.11.23 22:06:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011.11.23 22:06:45 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader
[2011.11.23 21:04:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Macromedia
[2011.11.23 21:03:14 | 000,000,000 | ---D | C] -- C:\Programme\FLV
[2011.11.23 20:57:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2011.11.23 20:49:58 | 000,000,000 | ---D | C] -- C:\Programme\Eusing Free Registry Cleaner
[2011.11.23 20:41:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\foobar2000
[2011.11.23 20:41:26 | 000,000,000 | ---D | C] -- C:\Programme\foobar2000
[2011.11.23 20:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\.gimp-2.6
[2011.11.23 20:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\gegl-0.0
[2011.11.23 20:29:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\My Kindle Content
[2011.11.23 20:29:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Amazon
[2011.11.23 20:29:09 | 000,000,000 | ---D | C] -- C:\Programme\Amazon
[2011.11.23 20:26:25 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2011.11.23 20:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\FileZilla
[2011.11.23 20:01:44 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2011.11.23 19:56:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TOOLS - Editoren & Grafik
[2011.11.23 19:42:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\Downloads
[2011.11.23 19:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011.11.23 19:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Mozilla
[2011.11.23 19:39:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.11.23 19:38:34 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.11.23 19:38:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.11.23 19:21:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TOOLS - Medien
[2011.11.23 19:21:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TOOLS - Systemprogramme
[2011.11.23 19:16:44 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.11.23 19:16:44 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.11.23 19:16:42 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.11.23 19:16:42 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.11.23 19:16:42 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.11.23 19:16:42 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.11.23 19:16:42 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.11.23 19:16:42 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.11.23 19:16:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.11.23 19:16:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.11.23 19:16:11 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.11.23 19:16:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.11.23 16:39:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Adobe
[2011.11.23 16:07:35 | 000,000,000 | ---D | C] -- C:\DB
[2011.11.23 16:05:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Live Toolbar
[2011.11.23 16:04:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.27 23:29:52 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.11.27 23:18:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011.11.27 22:49:16 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011.11.27 22:49:05 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.27 22:05:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\db\Desktop\aswMBR.exe
[2011.11.27 20:43:34 | 000,506,460 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.27 20:43:34 | 000,479,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.27 20:43:34 | 000,104,278 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.27 20:43:34 | 000,085,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.27 18:26:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\db\Desktop\OTL.exe
[2011.11.27 16:54:28 | 000,001,885 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\OneKey Recovery.lnk
[2011.11.26 14:12:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.26 13:46:35 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Eigene Dateien\spider.sav
[2011.11.25 23:06:44 | 000,000,845 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk
[2011.11.25 14:25:23 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.25 09:18:14 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.11.23 23:00:54 | 000,037,007 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011.11.23 23:00:45 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.23 22:58:42 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011.11.23 21:06:24 | 000,000,627 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\Outlook Express.lnk
[2011.11.23 20:41:29 | 000,000,678 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\foobar2000.lnk
[2011.11.23 20:29:28 | 000,001,599 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\Kindle.lnk
[2011.11.23 20:26:57 | 000,000,780 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk
[2011.11.23 20:06:19 | 000,001,310 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\DB-eBusiness.lnk
[2011.11.23 20:05:43 | 000,001,254 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\DB.lnk
[2011.11.23 20:01:47 | 000,000,755 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\FileZilla.lnk
[2011.11.23 19:39:34 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.11.23 19:16:45 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2011.11.23 19:16:42 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.26 13:46:35 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Eigene Dateien\spider.sav
[2011.11.25 23:06:43 | 000,000,845 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk
[2011.11.23 23:01:11 | 000,001,885 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\OneKey Recovery.lnk
[2011.11.23 21:06:24 | 000,000,627 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\Outlook Express.lnk
[2011.11.23 20:41:29 | 000,000,678 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\foobar2000.lnk
[2011.11.23 20:29:28 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\Kindle.lnk
[2011.11.23 20:26:57 | 000,000,780 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk
[2011.11.23 20:07:04 | 000,000,755 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\FileZilla.lnk
[2011.11.23 20:05:09 | 000,001,254 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\DB.lnk
[2011.11.23 20:05:00 | 000,001,310 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\DB-eBusiness.lnk
[2011.11.23 19:39:34 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.11.23 19:16:45 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2010.03.12 07:02:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.03.12 06:52:43 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2010.03.12 06:52:43 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2010.03.12 06:52:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2010.03.12 06:52:41 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2010.03.12 06:52:41 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2010.03.12 06:52:41 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2010.03.12 06:52:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2010.03.12 06:52:40 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2010.03.12 06:52:40 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2010.03.12 06:52:40 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2010.03.12 06:52:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2010.03.12 06:52:39 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2010.03.12 06:52:39 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2010.03.12 06:52:39 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2010.03.12 06:52:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2010.03.12 06:52:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2010.03.12 06:52:35 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2010.03.12 06:50:12 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SM37XCoInst.dll
[2009.09.26 18:39:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.09.26 17:39:03 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008.11.08 00:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.07.22 10:30:37 | 000,001,650 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.03 17:34:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.03 17:33:08 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.03 16:44:15 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.03 16:39:50 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 20:00:00 | 000,506,460 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 20:00:00 | 000,479,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 20:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 20:00:00 | 000,104,278 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 20:00:00 | 000,085,614 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 20:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.10.10 15:36:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.10 15:35:30 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011.11.26 21:25:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Alawar
[2011.11.23 20:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\FileZilla
[2011.11.27 17:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\foobar2000
[2011.11.25 23:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\OpenOffice.org
[2011.11.23 19:16:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2010.03.12 06:52:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeriFace
[2011.11.26 21:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2009.09.26 18:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011.11.27 23:18:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job

========== Purity Check ==========



< End of report >

**********************************************************************************************

Thanks for your help.

Attached Thumbnails

• 

[Amlak]

Step 1

Download the latest version of ComboFix from here. Make sure you have it saved to the Desktop.

As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Having said the above, follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once it's installed, click Yes to continue.

When ComboFix is done with scanning for malware (and deleting accordingly), paste the contents of the resultant log in your next reply.


Step 2

• Download TDSSKiller and save it to your Desktop.
• Unxip the folder (Right Click > Extract to your Desktop).
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.


Step 3


Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Step 4

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  msconfig
  safebootminimal
  safebootnetwork
  activex
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\*.*
  %systemroot%\Tasks\*.job
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
• Post the contents of the log here.

[dietr]

Thanks for your help and your precise instructions. I went through all 4 steps. I was not able to start tdsskiller.exe from my desktop. I downloaded it to my desktop, unzipped it, but when I clicked on the .exe file, nothing happened.



*******************************
* (1/4) Combofix *
*******************************

ComboFix 11-11-28.02 - db 29.11.2011 10:38:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.413 [GMT 8:00]
ausgeführt von:: c:\dokumente und einstellungen\db\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-28 bis 2011-11-29 ))))))))))))))))))))))))))))))
.
.
2011-11-28 15:12 . 2011-11-28 15:12 -------- d-----w- C:\_OTM
2011-11-27 11:50 . 2011-11-28 09:05 -------- d-----w- c:\programme\ERUNT
2011-11-27 06:57 . 2011-11-27 06:57 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-27 06:57 . 2011-11-27 08:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-11-26 13:17 . 2011-11-26 13:17 -------- d-----w- c:\programme\MyPlayCity.com
2011-11-26 00:51 . 2011-11-26 00:51 -------- d-----w- c:\windows\Sun
2011-11-25 14:18 . 2011-11-25 14:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-11-25 00:10 . 2011-11-25 00:11 -------- d-----w- C:\0a5a5e88d06bbaa581e069
2011-11-24 03:50 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-11-24 02:18 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-11-24 02:18 . 2008-06-14 17:32 273024 ------w- c:\windows\system32\drivers\bthport.sys
2011-11-24 00:44 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-11-23 15:01 . 2011-11-28 09:13 -------- d-----w- c:\dokumente und einstellungen\db
2011-11-23 15:00 . 2009-09-26 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Seven Zip
2011-11-23 15:00 . 2009-09-26 10:04 -------- d-----w- c:\windows\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
2011-11-23 15:00 . 2009-09-26 10:01 -------- d-----r- c:\windows\system32\config\systemprofile\Eigene Dateien
2011-11-23 15:00 . 2009-09-26 10:00 -------- d-----w- c:\windows\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Adobe
2011-11-23 15:00 . 2009-09-26 09:44 -------- d-----w- c:\windows\system32\config\systemprofile\Anwendungsdaten\InstallShield
2011-11-23 15:00 . 2008-07-03 08:51 -------- d-----w- c:\windows\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Identities
2011-11-23 15:00 . 2009-09-26 10:01 -------- d-----r- c:\dokumente und einstellungen\Default User\Eigene Dateien
2011-11-23 14:11 . 2011-11-23 14:11 -------- d-----w- c:\programme\OpenOffice.org 3
2011-11-23 14:10 . 2011-11-23 14:10 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2011-11-23 14:10 . 2011-11-23 14:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-23 14:10 . 2011-11-23 14:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 14:10 . 2011-11-23 14:10 -------- d-----w- c:\programme\Java
2011-11-23 14:06 . 2011-11-26 13:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\YouTube Downloader
2011-11-23 14:06 . 2011-11-23 14:06 -------- d-----w- c:\programme\YouTube Downloader
2011-11-23 14:04 . 2011-11-23 14:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:03 . 2011-11-23 13:03 -------- d-----w- c:\programme\FLV
2011-11-23 12:57 . 2011-11-23 12:57 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
2011-11-23 12:49 . 2011-11-23 12:50 -------- d-----w- c:\programme\Eusing Free Registry Cleaner
2011-11-23 12:41 . 2011-11-23 12:41 -------- d-----w- c:\programme\foobar2000
2011-11-23 12:29 . 2011-11-23 12:29 -------- d-----w- c:\programme\Amazon
2011-11-23 12:26 . 2011-11-23 12:26 -------- d-----w- c:\programme\GIMP-2.0
2011-11-23 12:01 . 2011-11-23 12:12 -------- d-----w- c:\programme\FileZilla FTP Client
2011-11-23 11:38 . 2011-11-24 14:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-11-23 11:38 . 2011-11-24 14:00 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-11-23 11:16 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-23 11:16 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-23 11:16 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-23 11:16 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-23 11:16 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-23 11:16 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-23 11:16 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-23 11:16 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-23 11:16 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-23 11:16 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-23 11:16 . 2011-11-23 11:16 -------- d-----w- c:\programme\AVAST Software
2011-11-23 11:16 . 2011-11-23 11:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVAST Software
2011-11-23 08:07 . 2011-11-28 06:07 -------- d-----w- C:\DB
2011-11-23 08:05 . 2011-11-23 08:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Windows Live Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2008-07-03 08:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 03:41 . 2008-04-14 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 03:41 . 2006-10-20 19:29 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:10 . 2008-04-14 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 04:21 . 2011-11-23 11:39 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-03-11 22:52 241752 ----a-w- c:\windows\system32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"VeriFaceManager"="c:\programme\Lenovo\VeriFaceIII\PManage.exe" [2010-03-11 323584]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-01-04 4462464]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-12-26 1277952]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\db\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2010-03-11 22:52 1167360 ----a-w- c:\windows\system32\PicNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.11.2011 19:16 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.11.2011 19:16 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.11.2011 19:16 20568]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [26.03.2009 16:20 315392]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [26.09.2009 17:44 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [26.09.2009 17:44 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [12.03.2010 06:56 9472]
R3 usbsmi;Lenovo EasyCamera;c:\windows\system32\drivers\SMIksdrv.sys [12.03.2010 06:50 166144]
S2 Norton Internet Security;Norton Internet Security; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.09.2009 17:38 1684736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [26.09.2009 17:43 81192]
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-29 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.live.com/
uInternet Connection Wizard,ShellNext = hxxp://www.countrastel.com/ac5.php?aid=543&sid=direc40
IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\db\Anwendungsdaten\Mozilla\Firefox\Profiles\wkrt9hdc.default\
FF - prefs.js: browser.startup.homepage - file:///C:/DB/DB/DBHome.HTM
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-29 11:16
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
.
- - - - - - - > 'explorer.exe'(4048)
c:\windows\system32\IcnOvrly.dll
.
Zeit der Fertigstellung: 2011-11-29 11:36:18
ComboFix-quarantined-files.txt 2011-11-29 03:35
.
Vor Suchlauf: 12 Verzeichnis(se), 88.800.604.160 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 88.955.322.368 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 823E149CD742A79CF2EFB8ACCCBE258E



*******************************
* (2/4) TDSSkiller *
*******************************
(Program did not start)



*******************************
* (3/4) MBRcheck *
*******************************

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 119):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7AEE000 \WINDOWS\system32\KDCOM.DLL
0xF79FE000 \WINDOWS\system32\BOOTVID.dll
0xF74BE000 ACPI.sys
0xF7AF0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74AD000 pci.sys
0xF75EE000 isapnp.sys
0xF75FE000 ohci1394.sys
0xF760E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A02000 compbatt.sys
0xF7A06000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BB6000 pciide.sys
0xF786E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF761E000 MountMgr.sys
0xF748E000 ftdisk.sys
0xF7A0A000 ACPIEC.sys
0xF7BB7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7876000 PartMgr.sys
0xF762E000 VolSnap.sys
0xF7476000 atapi.sys
0xF739C000 iaStor.sys
0xF763E000 disk.sys
0xF764E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF737C000 fltMgr.sys
0xF736A000 sr.sys
0xF7353000 KSecDD.sys
0xF72C6000 Ntfs.sys
0xF7299000 NDIS.sys
0xF727F000 Mup.sys
0xF77BE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5C5C000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5C48000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5C20000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5AAD000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF78BE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5A89000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78C6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7211000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF720D000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78CE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5A57000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B10000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77DE000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF59DB000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF78D6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7209000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF59C4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF780E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78DE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF59B3000 \SystemRoot\system32\DRIVERS\psched.sys
0xF781E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78EE000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6282000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B12000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5990000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5932000 \SystemRoot\system32\DRIVERS\update.sys
0xF71FD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF784E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF778E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA90CB000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA90A7000 \SystemRoot\system32\drivers\portcls.sys
0xF779E000 \SystemRoot\system32\drivers\drmk.sys
0xA12F6000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA5678000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA2D1E000 \SystemRoot\System32\Drivers\Null.SYS
0xA5676000 \SystemRoot\System32\Drivers\Beep.SYS
0xA47CA000 \SystemRoot\System32\drivers\vga.sys
0xA5674000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA5672000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA47C2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA47BA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA0BF1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA04F2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA0499000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA5536000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA0473000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA044B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA297E000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA0429000 \SystemRoot\System32\drivers\afd.sys
0xA5526000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA03FE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA038E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA4D07000 \SystemRoot\System32\Drivers\Fips.SYS
0xA0365000 \SystemRoot\system32\DRIVERS\SMIksdrv.sys
0xA00FA000 \SystemRoot\system32\DRIVERS\SMIEXP.SYS
0xA00AD000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA003D000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xA2966000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0x99A3D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x98B6B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA780C000 \SystemRoot\System32\drivers\Dxapi.sys
0x98E98000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D04000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBF47A000 \SystemRoot\System32\ATMFD.DLL
0xA732B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF76EE000 \SystemRoot\system32\DRIVERS\tvtumon.sys
0x9DC8A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98381000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x97993000 \SystemRoot\system32\drivers\wdmaud.sys
0xA77BB000 \SystemRoot\system32\drivers\sysaudio.sys
0x97758000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x97610000 \SystemRoot\system32\DRIVERS\srv.sys
0x973C7000 \SystemRoot\System32\Drivers\HTTP.sys
0x997AE000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF789E000 \??\C:\DOKUME~1\db\LOKALE~1\Temp\catchme.sys
0x95CCE000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0x954D2000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
840 C:\WINDOWS\system32\smss.exe
896 csrss.exe
920 C:\WINDOWS\system32\winlogon.exe
964 C:\WINDOWS\system32\services.exe
976 C:\WINDOWS\system32\lsass.exe
1136 C:\WINDOWS\system32\svchost.exe
1240 svchost.exe
1280 C:\WINDOWS\system32\svchost.exe
1396 svchost.exe
1488 svchost.exe
1752 C:\Programme\AVAST Software\Avast\AvastSvc.exe
284 C:\WINDOWS\RTHDCPL.EXE
296 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
380 C:\WINDOWS\system32\igfxtray.exe
388 C:\WINDOWS\system32\hkcmd.exe
396 C:\WINDOWS\system32\igfxpers.exe
412 C:\Program Files\Lenovo\Energy Management\utility.exe
420 C:\Program Files\Lenovo\Energy Management\Energy Management.exe
428 C:\Programme\AVAST Software\Avast\AvastUI.exe
552 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
572 C:\WINDOWS\system32\ctfmon.exe
1100 C:\WINDOWS\system32\igfxsrvc.exe
1432 C:\Programme\OpenOffice.org 3\program\soffice.exe
188 C:\Programme\OpenOffice.org 3\program\soffice.bin
792 C:\WINDOWS\system32\spoolsv.exe
2564 C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2584 C:\QSTART.SYS\config\DVMExportService.exe
2680 C:\Programme\Java\jre6\bin\jqs.exe
2736 C:\WINDOWS\system32\svchost.exe
2908 C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
3916 alg.exe
1652 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2456 C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
1420 C:\WINDOWS\system32\wuauclt.exe
2660 C:\Programme\Internet Explorer\iexplore.exe
4048 C:\WINDOWS\explorer.exe
168 C:\Programme\Mozilla Firefox\firefox.exe
3436 C:\WINDOWS\system32\wscntfy.exe
2196 C:\Dokumente und Einstellungen\db\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`46a00000 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS545016B9A300, Rev: PBBZC61H

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: E6B138A7100736F4A3D235B18893EA762D56A784


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!



*******************************
* (4/4) OTL *
*******************************


OTL logfile created on: 29.11.2011 11:56:49 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\db\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013,88 Mb Total Physical Memory | 460,11 Mb Available Physical Memory | 45,38% Memory free
2,38 Gb Paging File | 2,03 Gb Available in Paging File | 85,27% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 105,10 Gb Total Space | 82,87 Gb Free Space | 78,85% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 12,31 Gb Free Space | 42,18% Space Free | Partition Type: NTFS

Computer Name: LENOVO-A6F13EA5 | User Name: db | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\db\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\AVAST Software\Avast\defs\11112802\algo.dll ()
MOD - C:\Programme\AVAST Software\Avast\defs\11112802\aswRep.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\WINDOWS\system32\Facev.dll ()
MOD - C:\WINDOWS\system32\FunFrm.dll ()
MOD - C:\WINDOWS\system32\SimpleExt.dll ()
MOD - C:\WINDOWS\system32\IcnOvrly.dll ()
MOD - C:\WINDOWS\system32\SetDev.dll ()
MOD - C:\WINDOWS\system32\FaceVerify.dll ()
MOD - C:\WINDOWS\system32\MainOp.dll ()
MOD - C:\WINDOWS\system32\VideoOp.dll ()
MOD - C:\WINDOWS\system32\PicNotify.dll ()
MOD - C:\WINDOWS\system32\Apblend.dll ()
MOD - C:\WINDOWS\system32\Momo.dll ()
MOD - C:\WINDOWS\system32\image.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Program Files\Lenovo\OneKey App\System Repair\LenovoAPI.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\HookLib.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (usbsmi) -- C:\WINDOWS\system32\drivers\SMIksdrv.sys (SMI)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (WSVD) -- C:\WINDOWS\system32\drivers\WSVD.sys (CyberLink)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-21-3546808174-3052335317-1451346575-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
IE - HKU\S-1-5-21-3546808174-3052335317-1451346575-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "file:///C:/DB/DB/DBHome.HTM"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programme\AVAST Software\Avast\WebRep\FF [2011.11.23 19:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.23 19:39:32 | 000,000,000 | ---D | M]

[2011.11.23 19:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Mozilla\Extensions
[2011.11.23 22:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.23 22:10:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.11.21 12:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.11.21 09:17:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 09:09:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.11.21 09:17:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 09:17:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 09:17:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 09:17:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.11.28 23:12:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3546808174-3052335317-1451346575-1008\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\db\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3546808174-3052335317-1451346575-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3546808174-3052335317-1451346575-1008\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3546808174-3052335317-1451346575-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3546808174-3052335317-1451346575-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3546808174-3052335317-1451346575-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22756AF0-7CAA-4C93-9DFE-E9584776F665}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - (PicNotify.dll) - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.03 16:42:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.29 11:17:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.11.29 10:31:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.11.29 10:29:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Desktop\tdsskiller
[2011.11.29 10:25:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.11.29 10:25:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.11.29 10:25:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.11.29 10:25:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.11.29 10:23:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.11.29 10:22:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.29 10:21:04 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\Eigene Videos
[2011.11.29 10:21:04 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2011.11.29 10:18:16 | 004,310,219 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\db\Desktop\ComboFix.exe
[2011.11.28 23:12:14 | 000,000,000 | ---D | C] -- C:\_OTM
[2011.11.27 22:06:08 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\db\Desktop\aswMBR.exe
[2011.11.27 21:51:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\db\Desktop\OTL.exe
[2011.11.27 19:50:14 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.11.27 14:57:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.26 21:25:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Alawar
[2011.11.26 21:17:39 | 000,000,000 | ---D | C] -- C:\Programme\MyPlayCity.com
[2011.11.26 14:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.11.26 08:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011.11.26 02:33:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.11.25 23:05:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\OpenOffice.org
[2011.11.25 22:19:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Malwarebytes
[2011.11.25 22:18:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.25 14:13:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2011.11.25 08:10:44 | 000,000,000 | ---D | C] -- C:\0a5a5e88d06bbaa581e069
[2011.11.25 00:40:49 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Startmenü\Programme\Verwaltung
[2011.11.24 11:46:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011.11.24 02:16:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011.11.23 23:01:09 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Microsoft
[2011.11.23 23:01:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\db\SendTo
[2011.11.23 23:01:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\db\Recent
[2011.11.23 23:01:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Startmenü
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Favoriten
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\Eigene Musik
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\Eigene Bilder
[2011.11.23 23:01:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\db\Startmenü\Programme\Autostart
[2011.11.23 23:01:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\db\Cookies
[2011.11.23 23:01:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\db\Vorlagen
[2011.11.23 23:01:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\db\Netzwerkumgebung
[2011.11.23 23:01:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen
[2011.11.23 23:01:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\db\Druckumgebung
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Seven Zip
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\InstallShield
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Identities
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Identities
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Desktop
[2011.11.23 23:01:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011.11.23 22:11:13 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2011.11.23 22:10:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.11.23 22:10:52 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.11.23 22:10:09 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.11.23 22:09:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Sun
[2011.11.23 22:06:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2011.11.23 22:06:45 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader
[2011.11.23 21:04:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Macromedia
[2011.11.23 21:03:14 | 000,000,000 | ---D | C] -- C:\Programme\FLV
[2011.11.23 20:57:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2011.11.23 20:49:58 | 000,000,000 | ---D | C] -- C:\Programme\Eusing Free Registry Cleaner
[2011.11.23 20:41:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\foobar2000
[2011.11.23 20:41:26 | 000,000,000 | ---D | C] -- C:\Programme\foobar2000
[2011.11.23 20:36:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\.gimp-2.6
[2011.11.23 20:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\gegl-0.0
[2011.11.23 20:29:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\My Kindle Content
[2011.11.23 20:29:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Amazon
[2011.11.23 20:29:09 | 000,000,000 | ---D | C] -- C:\Programme\Amazon
[2011.11.23 20:26:25 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2011.11.23 20:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\FileZilla
[2011.11.23 20:01:44 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2011.11.23 19:56:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TOOLS - Editoren & Grafik
[2011.11.23 19:42:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Eigene Dateien\Downloads
[2011.11.23 19:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011.11.23 19:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Mozilla
[2011.11.23 19:39:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.11.23 19:38:34 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.11.23 19:38:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.11.23 19:21:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TOOLS - Medien
[2011.11.23 19:21:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TOOLS - Systemprogramme
[2011.11.23 19:16:44 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.11.23 19:16:44 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.11.23 19:16:42 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.11.23 19:16:42 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.11.23 19:16:42 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.11.23 19:16:42 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.11.23 19:16:42 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.11.23 19:16:42 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.11.23 19:16:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.11.23 19:16:26 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.11.23 19:16:11 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.11.23 19:16:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.11.23 16:39:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Adobe
[2011.11.23 16:07:35 | 000,000,000 | ---D | C] -- C:\DB
[2011.11.23 16:05:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Live Toolbar
[2011.11.23 16:04:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011.11.29 11:53:33 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.11.29 11:48:39 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\MBRCheck.exe
[2011.11.29 10:32:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.11.29 10:18:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011.11.29 10:17:25 | 004,310,219 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\db\Desktop\ComboFix.exe
[2011.11.29 10:12:16 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011.11.29 10:11:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.28 23:12:20 | 000,506,460 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.28 23:12:20 | 000,479,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.28 23:12:20 | 000,104,278 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.28 23:12:20 | 000,085,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.28 23:12:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.11.27 22:05:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\db\Desktop\aswMBR.exe
[2011.11.27 18:26:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\db\Desktop\OTL.exe
[2011.11.27 16:54:28 | 000,001,885 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\OneKey Recovery.lnk
[2011.11.26 14:12:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.26 13:46:35 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Eigene Dateien\spider.sav
[2011.11.25 23:06:44 | 000,000,845 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk
[2011.11.25 14:25:23 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.25 09:18:14 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.11.23 23:00:54 | 000,037,007 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011.11.23 23:00:45 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011.11.23 22:58:42 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011.11.23 21:06:24 | 000,000,627 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\Outlook Express.lnk
[2011.11.23 20:41:29 | 000,000,678 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\foobar2000.lnk
[2011.11.23 20:29:28 | 000,001,599 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\Kindle.lnk
[2011.11.23 20:26:57 | 000,000,780 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk
[2011.11.23 20:06:19 | 000,001,310 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\DB-eBusiness.lnk
[2011.11.23 20:05:43 | 000,001,254 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\DB.lnk
[2011.11.23 20:01:47 | 000,000,755 | ---- | M] () -- C:\Dokumente und Einstellungen\db\Desktop\FileZilla.lnk
[2011.11.23 19:39:34 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.11.23 19:16:45 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2011.11.23 19:16:42 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2011.11.29 11:50:47 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\MBRCheck.exe
[2011.11.29 10:32:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.11.29 10:32:11 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2011.11.29 10:25:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.11.29 10:25:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.11.29 10:25:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.11.29 10:25:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.11.29 10:25:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.11.26 13:46:35 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Eigene Dateien\spider.sav
[2011.11.25 23:06:43 | 000,000,845 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk
[2011.11.23 23:01:11 | 000,001,885 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\OneKey Recovery.lnk
[2011.11.23 21:06:24 | 000,000,627 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\Outlook Express.lnk
[2011.11.23 20:41:29 | 000,000,678 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\foobar2000.lnk
[2011.11.23 20:29:28 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\Kindle.lnk
[2011.11.23 20:26:57 | 000,000,780 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk
[2011.11.23 20:07:04 | 000,000,755 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\FileZilla.lnk
[2011.11.23 20:05:09 | 000,001,254 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\DB.lnk
[2011.11.23 20:05:00 | 000,001,310 | ---- | C] () -- C:\Dokumente und Einstellungen\db\Desktop\DB-eBusiness.lnk
[2011.11.23 19:39:34 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.11.23 19:16:45 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2010.03.12 07:02:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.03.12 06:52:43 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2010.03.12 06:52:43 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2010.03.12 06:52:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2010.03.12 06:52:41 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2010.03.12 06:52:41 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2010.03.12 06:52:41 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2010.03.12 06:52:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2010.03.12 06:52:40 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2010.03.12 06:52:40 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2010.03.12 06:52:40 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2010.03.12 06:52:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2010.03.12 06:52:39 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2010.03.12 06:52:39 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2010.03.12 06:52:39 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2010.03.12 06:52:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2010.03.12 06:52:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2010.03.12 06:52:35 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2010.03.12 06:50:12 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SM37XCoInst.dll
[2009.09.26 18:39:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.09.26 17:39:03 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008.11.08 00:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.07.22 10:30:37 | 000,001,650 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.03 17:34:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.03 17:33:08 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.03 16:44:15 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.03 16:39:50 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 20:00:00 | 000,506,460 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 20:00:00 | 000,479,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 20:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 20:00:00 | 000,104,278 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 20:00:00 | 000,085,614 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 20:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.10.10 15:36:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.10 15:35:30 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011.11.23 19:16:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2010.03.12 06:52:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeriFace
[2011.11.26 21:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2009.09.26 18:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011.11.26 21:25:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\Alawar
[2011.11.23 20:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\FileZilla
[2011.11.29 10:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\foobar2000
[2011.11.25 23:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\OpenOffice.org
[2011.11.29 10:18:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008.07.03 16:42:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011.11.23 23:00:45 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011.11.29 10:32:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2008.04.14 20:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2004.08.03 23:00:10 | 000,262,448 | RHS- | M] () -- C:\cmldr
[2011.11.29 11:36:36 | 000,012,502 | ---- | M] () -- C:\ComboFix.txt
[2008.07.03 16:42:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011.11.29 11:53:33 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.11.29 11:31:59 | 000,370,376 | ---- | M] () -- C:\HeadNotify.log
[2008.07.03 16:42:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.07.03 16:42:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.14 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 20:00:00 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011.11.29 10:11:40 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009.09.26 17:38:47 | 000,001,839 | ---- | M] () -- C:\RHDSetup.log
[2009.09.26 18:24:29 | 000,000,061 | ---- | M] () -- C:\splash.idx
[2011.11.29 11:23:59 | 000,283,924 | ---- | M] () -- C:\sysiclog.txt
[2009.04.13 23:07:04 | 000,016,592 | -H-- | M] () -- C:\version
[2011.11.29 10:12:16 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo

< %PROGRAMFILES%\*.* >

< %APPDATA%\*.* >
[2008.07.03 17:33:47 | 000,000,062 | -HS- | M] () -- C:\Dokumente und Einstellungen\db\Anwendungsdaten\desktop.ini

< %systemroot%\Tasks\*.job >
[2011.11.29 10:18:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job

< End of report >

[Amlak]

Step 1

Restart your computer (if it's on) and press one of the arrow keys on your keyboard the moment the Recovery Console menu screen appears in order to halt the screen.

Highlight the Recovery Console option and press Enter to select it.

You'll enter the Recovery Console mode.

Type in the appropriate number for your Windows installation (most likely 1) and press Enter.

You should now have C:\WINDOWS as the start of the last line.

Type after it the following:

fixmbr

and press Enter.

When asked for confirmation, type Y and press Enter.

Hopefully, your MBR should be fixed.

To restart your computer, type exit and press Enter.

Back in Windows, do the following:


Step 2

Run MBRCheck again.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A newer report will be produced on the desktop. Post that report in your next reply.


Step 3

Please download GetPartitions from the link below. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will produce C:\DiskReport.txt log please post results from that log here to me.

[dietr]

Thanks again for your support and your patience.

Unfortunately, when I tried to run the 'fixmbr' command via the recovery console, I ran straight into the next problem. When I rebooted the computer, I looked at the booting options and found (as expected)
- 'Microsoft Windows Recovery Console'
- a debug option 'do not select this'
- 'Windows XP Home Edition'

I clicked on the first option, the recovery console. Just a moment later, the message "A DISK READ ERROR OCCURRED" was shown,
before I even had a chance to see any recovery console text or provide my own input.

In an attempt to fix that, I ran the first part of 'Combofix' again. I got the 'congratulation' message after re-installation of the recovery console and exited Combofix by entering 'no' to the prompt if I wanted to go on with the scan. Then I tried to reboot the recovery console, but got exactly the same behaviour and error massage as before.

Meanwhile, the behaviour of the Windows XP system appears to be quite normal (except some disturbing Firefox redirects and occasional seemingly unmotivated disconnects of my Internet connections).

What can I do to get rid of that (fake?) 'disk read error' message and get that recovery console running?

[Amlak]

In case we might want to boot from something else (since you don't have a CD/DVD drive), do you have a spare USB stick with no important data in it and that's at least 512 MB in size?

[dietr]

Yes, I do have a 1GB USB stick which I could use to boot from. But there would have to be a way to download the proper content in the proper format from the net.

What I don't have is a proper Windows XP installation CD. (I never got one with my Lenovo netbook. Last week I bought one on the grey market and borrowed a computer with a CD drive. But the CD didn't seem have the proper format to create a bootable USB stick using the 'wintoflash' program.)

Alternatively (if that would help somehow) I could use the OneKey Recovery system on my Lenovo to a) reformat the C: partition and b) restore Windows XP from the D: partition and c) clean up MBR 0 somehow. My problem is not data loss (I do have backups of all essential data), but the uncertainty if and how I could get rid of the virus that way at all. This type of restore seems to work (I have used it twice during the last 10 days to get a fresh Windows XP system), but it did not get rid of the virus, as it doesn't fix MBR 0.

So please advise if there is a way to create a bootable USB stick from the net.

[Amlak]

Yes, we may be able to get your USB/flash drive to be bootable with certain software. Just waiting for my proposed fix to be approved (as I'm still in training), and when it does, I'll submit it as soon as I can.

Sounds like OneKey Recovery system is ineffective in countering MBR infections/corruptions. A real format of the whole drive would definitely do the trick but is not really necessary and can be more time and energy-consuming as you'd have to reinstall all the needed drivers and programs and such. And your OneKey Recovery system might have to go.

If, however, all other options to get rid of the MBR infection have been exhausted, then we'll help you out with the formatting bit.

Edited by Amlak, 30 November 2011 - 09:13 PM.

[dietr]

Thanks. I will wait for you to come up with the USB/flash solution you mentioned. This would clearly be my preferred solution.

If that approach fails, I was wondering if I could bring the system to a repair shop and have them boot Windows XP from an external CD-drive, and then start the recovery console from there. Would that be feasible? Even if it costs me some money, I would prefer that to the radical solution of reformatting the physical harddisk (and losing my OneKey Recovery System).