yesterday -by clicking on a malicious link- my PC got infected with the Win-Antivirus-Junk.
After that i`ve tried Combofix but it did not start, MBAM could not update and SuperAntiSpyware
.....
Today everything seems running very well, but i`m not sure if the comp is realy clean (even no
file has been deleted).
Would you please take a look at the OTL-Logfile below and advise me how to go on?
Thx for all your help!
OTL logfile created on: 23.06.2012 14:37:25 - Run 3
OTL by OldTimer - Version 3.2.52.0 Folder = H:\Dokumente und Einstellungen\Alex\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 79,87% Memory free
7,09 Gb Paging File | 6,37 Gb Available in Paging File | 89,88% Paging File free
Paging file location(s): H:\pagefile.sys 4092 6092 [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Programme
Drive H: | 127,99 Gb Total Space | 88,97 Gb Free Space | 69,51% Space Free | Partition Type: NTFS
Computer Name: BUERO | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.23 14:35:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.04.19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- H:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011.12.18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- H:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.11.03 16:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- H:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.01.16 05:11:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- H:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- H:\WINDOWS\system32\hasplms.exe
PRC - [2008.04.14 08:52:54 | 000,060,416 | ---- | M] (Microsoft Corporation) -- H:\Programme\Outlook Express\msimn.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [1999.12.23 20:09:48 | 000,020,480 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numplus.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.13 08:09:16 | 011,817,472 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.13 07:58:58 | 012,433,920 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.13 07:58:50 | 001,592,320 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.13 07:57:54 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.06.04 08:29:54 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.06.04 08:29:50 | 000,025,600 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.06.04 00:15:02 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.06.04 00:14:00 | 007,953,408 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.06.04 00:13:53 | 011,492,352 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.06.03 19:20:05 | 008,797,856 | ---- | M] () -- H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011.01.26 18:38:42 | 000,270,336 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.16 13:22:12 | 000,014,848 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010.01.16 05:11:49 | 001,014,232 | ---- | M] () -- H:\Programme\Mozilla Firefox\js3250.dll
MOD - [2001.11.16 13:32:52 | 000,008,192 | ---- | M] () -- H:\WINDOWS\system32\XLMON.DLL
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- H:\WINDOWS\system32\pdfcmnnt.dll
MOD - [1999.12.23 20:09:48 | 000,020,480 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numplus.exe
MOD - [1999.12.23 20:09:48 | 000,015,872 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numlib32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.03 19:20:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- H:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Disabled | Stopped] -- H:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2009.04.21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- H:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2008.06.24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\pavboot.sys -- (pavboot)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOKUME~1\Alex\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.12.18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- H:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- H:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.01.27 01:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- H:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009.11.11 11:44:50 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- H:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.11.11 11:44:48 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.11.11 11:44:46 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.09.22 21:07:12 | 005,915,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.07.09 15:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.06.22 11:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.01.16 13:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.02 09:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.04.14 01:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007.04.20 21:27:42 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2006.01.07 05:32:08 | 000,041,600 | R--- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- H:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2006.01.04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.05.30 00:00:00 | 000,004,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2002.08.30 06:35:32 | 000,516,635 | ---- | M] (Digital Camera) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ca100v.sys -- (Ca100v)
DRV - [2002.07.26 02:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Bulk100.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2001.09.18 13:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- H:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2613550
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/s...erms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2613550
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: H:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: H:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Programme\AVG\AVG2012\Firefox4\ [2012.06.12 09:32:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: H:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.05.19 16:42:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: H:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.07 13:28:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: H:\Programme\Mozilla Firefox\components [2011.01.06 13:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: H:\Programme\Mozilla Firefox\plugins [2012.06.02 20:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: H:\Programme\Mozilla Thunderbird\components [2009.10.30 15:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: H:\Programme\Mozilla Thunderbird\plugins [2012.06.02 20:27:03 | 000,000,000 | ---D | M]
[2009.10.15 18:29:58 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Extensions
[2012.06.23 13:59:55 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions
[2010.06.01 22:57:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.19 16:24:32 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.10.24 11:15:20 | 000,000,943 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\conduit.xml
[2012.06.22 08:42:13 | 000,000,944 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\icqplugin.xml
[2012.06.23 13:59:55 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions
[2011.01.22 10:37:55 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.12 20:19:40 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.27 22:49:38 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.11.09 13:53:49 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.13 20:17:56 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.22 12:56:28 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.09 22:21:37 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.21 20:08:19 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.06.07 13:28:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- H:\PROGRAMME\AVG\AVG2012\FIREFOX\DONOTTRACK
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- H:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2009.08.03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- H:\Programme\mozilla firefox\plugins\npOGAPlugin.dll
[2010.06.07 11:07:22 | 000,165,656 | ---- | M] (Tracker Software Products Ltd.) -- H:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.03.26 08:31:27 | 000,000,027 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICustomerCare] H:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] H:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] H:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NBKeyScan] H:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] H:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] H:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NUMPLUS.lnk = H:\CAD.Programme\Version.2011\strauti\numplus.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1294313601890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Microsoft XML Parser for Java file://H:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AEF5B26-11B9-4D14-8D55-7C496C33689F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (H:\Programme\SUPERAntiSpyware\SASWINLO.dll) - H:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.13 14:21:35 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.06.23 14:35:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2012.06.23 04:57:56 | 000,000,000 | --SD | C] -- H:\ComboFix
[2012.06.22 13:42:54 | 000,000,000 | --SD | C] -- H:\ComboFix(2)
[2012.06.12 09:32:10 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2012.06.11 14:01:58 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Alex\Desktop\2012-06-11
[2012.06.03 19:19:41 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Alex\Desktop\Vario-Pics
[2012.06.03 15:13:13 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2012.06.02 20:28:37 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.23 14:35:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2012.06.23 14:20:00 | 000,000,884 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.23 13:37:24 | 100,659,868 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.06.23 13:35:58 | 000,445,390 | ---- | M] () -- H:\WINDOWS\System32\perfh007.dat
[2012.06.23 13:35:58 | 000,429,316 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2012.06.23 13:35:58 | 000,079,554 | ---- | M] () -- H:\WINDOWS\System32\perfc007.dat
[2012.06.23 13:35:58 | 000,066,894 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2012.06.23 13:31:42 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2012.06.22 14:18:32 | 000,012,598 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2012.06.21 18:30:50 | 000,194,480 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.06.14 18:43:20 | 000,212,223 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Desktop\Rastatt2.pdf
[2012.06.14 18:06:59 | 000,183,801 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Desktop\Rastatt.pdf
[2012.06.13 08:01:05 | 000,228,000 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 07:55:23 | 000,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2012.06.06 07:30:13 | 000,415,916 | ---- | M] () -- H:\WINDOWS\System32\vsconfig.xml
[2012.06.05 07:49:00 | 000,000,208 | ---- | M] () -- H:\WINDOWS\ccolwiz.ini
[2012.06.03 19:17:39 | 000,094,370 | ---- | M] () -- H:\IMAGE0004.JPG
[2012.06.03 19:17:39 | 000,093,827 | ---- | M] () -- H:\IMAGE0005.JPG
[2012.06.03 19:17:38 | 000,093,558 | ---- | M] () -- H:\IMAGE0003.JPG
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.14 18:10:10 | 000,212,223 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Desktop\Rastatt2.pdf
[2012.06.14 18:06:58 | 000,183,801 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Desktop\Rastatt.pdf
[2012.06.04 00:11:08 | 000,001,374 | ---- | C] () -- H:\WINDOWS\imsins.BAK
[2012.06.03 19:17:39 | 000,094,370 | ---- | C] () -- H:\IMAGE0004.JPG
[2012.06.03 19:17:39 | 000,093,827 | ---- | C] () -- H:\IMAGE0005.JPG
[2012.06.03 19:17:38 | 000,093,558 | ---- | C] () -- H:\IMAGE0003.JPG
[2012.04.05 17:15:52 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2012.04.05 17:15:52 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2012.04.05 17:15:52 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2012.04.05 17:15:52 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2012.04.05 17:15:52 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2012.02.16 12:06:25 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll
[2011.11.03 16:01:37 | 000,601,536 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0874_000.pdf
[2011.10.26 17:12:23 | 000,225,783 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0855_000 (1).pdf
[2011.10.26 17:10:10 | 000,791,746 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\111025_Spannbetondecke (1).pdf
[2011.10.26 11:43:37 | 000,225,783 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0855_000.pdf
[2011.10.26 11:43:18 | 001,650,759 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0854_000.pdf
[2011.10.26 11:36:30 | 000,791,746 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\111025_Spannbetondecke.pdf
[2011.03.22 16:47:44 | 000,116,224 | ---- | C] () -- H:\WINDOWS\System32\pdfcmnnt.dll
[2011.01.11 13:02:13 | 004,245,008 | ---- | C] () -- H:\WINDOWS\System32\qtp-mt334.dll
[2011.01.11 13:02:13 | 000,247,824 | ---- | C] () -- H:\WINDOWS\System32\prgiso.dll
[2011.01.11 13:02:13 | 000,013,840 | ---- | C] () -- H:\WINDOWS\System32\wnaspi32.dll
[2010.09.05 13:41:41 | 000,000,056 | -H-- | C] () -- H:\WINDOWS\System32\ezsidmv.dat
[2010.08.05 14:47:07 | 003,539,294 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\grds.DXF
[2010.08.05 14:46:21 | 000,495,475 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\grds.plt
[2010.02.14 20:01:52 | 000,012,800 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.27 20:33:25 | 000,000,015 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\settings.dat
[2009.10.31 14:48:49 | 000,000,797 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Eudora.lnk
[2009.10.16 20:07:27 | 000,000,141 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\default.pls
[2009.10.16 18:08:52 | 000,001,024 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\.rnd
========== LOP Check ==========
[2010.03.25 21:23:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Auslogics
[2012.01.27 14:54:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\AVG2012
[2012.02.17 11:28:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\BGW_Sandwichanker
[2010.07.14 18:44:17 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Canon
[2010.04.21 19:26:54 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\CheckPoint
[2010.10.02 23:08:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009.10.16 19:42:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\DICAD_Systeme_GmbH
[2011.11.17 22:10:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ElevatedDiagnostics
[2012.04.10 08:27:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\elsterformular
[2010.11.07 20:09:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\FileZilla
[2010.02.17 14:26:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Foxit
[2012.05.12 14:27:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\GHISLER
[2010.01.05 15:09:05 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ICQ
[2009.12.27 15:04:09 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ICQ(2)
[2012.01.10 18:08:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ImgBurn
[2010.04.19 18:51:31 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\OnlineArmor
[2009.10.17 16:30:53 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\OpenOffice.org
[2011.09.29 15:54:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Opera
[2009.10.31 14:48:49 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Qualcomm
[2012.03.21 17:17:47 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\TeamViewer
[2009.10.30 15:01:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Thunderbird
[2010.09.23 20:52:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.01.06 18:49:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2012.01.27 15:09:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2010.12.25 14:08:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.11.18 16:27:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2010.12.25 14:30:02 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.04.10 08:33:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2012.02.07 14:32:56 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Halfen
[2009.12.18 10:19:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.03.09 18:44:57 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions
[2012.06.23 13:37:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.04.19 18:51:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OnlineArmor
[2009.10.18 15:33:21 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.03.30 09:22:51 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.09.20 14:26:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2012.02.07 14:32:15 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{87008DBF-3612-43A9-B3F9-0E4ADAAF479E}
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- H:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- H:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- H:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: SERVICES >
[2001.08.18 14:00:00 | 000,007,111 | ---- | M] () MD5=FDA6D81BABFB01A4504B66080EADF975 -- H:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES._ >
[2001.08.18 14:00:00 | 000,001,997 | ---- | M] () MD5=4D1A7B8B52F0E87B54EB55A819AB68A0 -- H:\StartCD\XPCD\WXHOEM_DE (D)\I386\SERVICES._
[2001.08.18 14:00:00 | 000,001,997 | ---- | M] () MD5=4D1A7B8B52F0E87B54EB55A819AB68A0 -- H:\XPCD\WXHOEM_DE (D)\I386\SERVICES._
< MD5 for: SERVICES.EX_ >
[2004.08.04 01:58:12 | 000,050,047 | ---- | M] () MD5=661E1AD65FFB3931FF802D77ABCE5E31 -- H:\StartCD\XPSP2\i386\services.ex_
[2004.08.04 01:58:12 | 000,050,047 | ---- | M] () MD5=661E1AD65FFB3931FF802D77ABCE5E31 -- H:\XPSP2\i386\services.ex_
[2001.08.18 14:00:00 | 000,048,137 | ---- | M] () MD5=983CDCA70060419ABF7FC1A0E2512F89 -- H:\StartCD\XPCD\WXHOEM_DE (D)\I386\SERVICES.EX_
[2001.08.18 14:00:00 | 000,048,137 | ---- | M] () MD5=983CDCA70060419ABF7FC1A0E2512F89 -- H:\XPCD\WXHOEM_DE (D)\I386\SERVICES.EX_
< MD5 for: SERVICES.EXE >
[2008.04.14 08:53:00 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=4BB6A83640F1D1792AD21CE767B621C6 -- H:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 08:53:00 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=4BB6A83640F1D1792AD21CE767B621C6 -- H:\WINDOWS\ServicePackFiles\i386\services.exe
[2008.04.14 04:22:59 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=4BB6A83640F1D1792AD21CE767B621C6 -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\services.exe
[2009.02.09 12:04:47 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=65F6B774819BD727358157CEDEA67B8E -- H:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 11:48:30 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A07CA23EA361A01E627D911CF139B950 -- H:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- H:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- H:\WINDOWS\ERDNT\cache\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- H:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- H:\WINDOWS\system32\services.exe
[2004.08.04 00:58:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDB6B81761BD60F32F740BBC40AFB676 -- H:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009.02.09 13:14:22 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=F0A7D59AF279326528715B206669B86C -- H:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
< MD5 for: SERVICES.EXE.000 >
[2004.08.04 00:58:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDB6B81761BD60F32F740BBC40AFB676 -- H:\WINDOWS\$NtServicePackUninstall$\services.exe.000
< MD5 for: SERVICES.EXE-2F433351.PF >
[2012.06.23 13:32:33 | 000,028,794 | ---- | M] () MD5=8A8E448DA4A8ECEF66FF93B64905E784 -- H:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf
< MD5 for: SERVICES.MS_ >
[2001.08.18 14:00:00 | 000,003,627 | ---- | M] () MD5=479A7B30DFF548B2AFCC79E4BEB12F02 -- H:\StartCD\XPCD\WXHOEM_DE (D)\I386\SERVICES.MS_
[2001.08.18 14:00:00 | 000,003,627 | ---- | M] () MD5=479A7B30DFF548B2AFCC79E4BEB12F02 -- H:\XPCD\WXHOEM_DE (D)\I386\SERVICES.MS_
< MD5 for: SERVICES.MSC >
[2001.08.18 14:00:00 | 000,033,068 | ---- | M] () MD5=D5B861FD9DC5A781FEB11F12C6E87238 -- H:\WINDOWS\system32\services.msc
< MD5 for: SERVICES.RDB >
[2011.01.17 18:58:56 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- H:\Programme\OpenOffice.org 3\URE\misc\services.rdb
[2011.01.17 18:57:28 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- H:\Programme\OpenOffice.org 3\Basis\program\services.rdb
< MD5 for: SVCHOST.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- H:\Programme\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 08:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\svchost.exe
[2008.04.14 08:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\system32\svchost.exe
[2004.08.04 00:58:16 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=65A819B121EB6FDAB4400EA42BDFFE64 -- H:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- H:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- H:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\system32\winlogon.exe
< End of report >
EDIT:
Another scan with MBAM comes out clean
"no infected files found"
Right now
Edited by Common1, 23 June 2012 - 07:34 AM.