We first experienced problems after 'Softonic' became our homepage all by its self.
We got rid of this, via the tools menu on Firefox. We googled Softonic and realised it is not a download application in is Malware (or something).
I ran MalwareBytes and after a scan it removed two Trojan.Banker, two Stolen.Data a Trojan.Dropper and Hijack.userInit. This was what was named in the MalwareBytes scan results.
We are now not convinced everything is removed because in the small loading bar that appears at the bottom left of our browser (Firefox) the names of XXX porn sites appear. We have never been on such sites.
We hope you can help, with kind regards,
Sam and Sibylle
Please see the OTL log below, I also have a Malware Bytes removal log but will not post until instructed to. Thank you again in advance.
OTL logfile created on: 26/05/2011 19:08:26 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Dokumente und Einstellungen\sibylle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy
1014.42 Mb Total Physical Memory | 416.61 Mb Available Physical Memory | 41.07% Memory free
2.38 Gb Paging File | 1.84 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46.87 Gb Total Space | 23.07 Gb Free Space | 49.21% Space Free | Partition Type: FAT32
Drive D: | 44.31 Gb Total Space | 39.72 Gb Free Space | 89.63% Space Free | Partition Type: FAT32
Computer Name: BENQ-EJB366RLAF | User Name: sibylle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/26 19:07:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sibylle\Desktop\OTL.exe
PRC - [2011/04/28 19:17:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/26 20:24:36 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/04/14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 16:14:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/05 09:08:24 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/05 10:06:40 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/04/14 04:22:58 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regsvr32.exe
PRC - [2008/04/14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/04 13:30:42 | 000,155,648 | ---- | M] (BenQ Corp.) -- C:\Programme\BenQ\QPower\QPower.exe
PRC - [2005/03/22 10:21:46 | 000,131,072 | ---- | M] (BenQ Corp.) -- C:\Programme\BenQ\Q-HotkeyMgr\HotkeySensor.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/17 14:11:14 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/06 16:48:52 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/08/06 16:48:34 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/08/06 16:44:12 | 000,241,664 | ---- | M] (Intel) -- C:\Programme\Intel\Wireless\Bin\1XConfig.exe
========== Modules (SafeList) ==========
MOD - [2011/05/26 19:07:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sibylle\Desktop\OTL.exe
MOD - [2010/08/23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/08/17 14:11:10 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/28 19:17:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:14:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/05 10:06:40 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2011/03/29 19:45:02 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 18:19:22 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/15 21:36:08 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010/01/05 10:06:40 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/05/11 11:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 20:36:34 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smbbatt.sys -- (SMBBATT)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/24 15:23:26 | 000,347,520 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/01/24 15:22:36 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/20 08:55:44 | 000,003,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\BenQ\QPower\QPowerHw.dll -- (QPowerHw.dll)
DRV - [2004/12/15 17:39:56 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\BenQ\BenQ Surround\QSrsHw.dll -- (QSrsHw.dll)
DRV - [2004/12/15 13:07:58 | 000,003,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\BenQ\QPresentation\QPresentHw.dll -- (QPresentHw.dll)
DRV - [2004/12/13 15:05:22 | 000,002,688 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\BenQ\Q-HotkeyMgr\jbmhmr.dll -- (jbmhmr.dll)
DRV - [2004/12/09 09:36:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/11/17 10:30:40 | 000,147,840 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/04 18:29:38 | 000,155,392 | ---- | M] (Inprocomm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i2220ntx.sys -- (IPN2220)
DRV - [2004/10/15 14:52:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/07 18:51:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/06 16:44:14 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/04 13:32:30 | 000,205,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/08/04 13:29:52 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 13:29:04 | 001,036,544 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 13:57:56 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smbhc.sys -- (SMBHC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WWW.BenQ.COM/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://taz.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25444
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-Germany Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010/06/15 09:09:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/04/09 09:55:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/04/09 09:55:34 | 000,000,000 | ---D | M]
[2010/04/09 09:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\Mozilla\Extensions
[2010/04/09 09:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\Mozilla\Firefox\Profiles\fao5t7yt.default\extensions
[2010/10/31 11:43:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\Mozilla\Firefox\Profiles\fao5t7yt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/16 19:33:00 | 000,000,000 | ---D | M] (Zotero) -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\Mozilla\Firefox\Profiles\fao5t7yt.default\extensions\[email protected]
[2011/01/08 11:23:32 | 000,000,935 | ---- | M] () -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\Mozilla\Firefox\Profiles\fao5t7yt.default\searchplugins\conduit.xml
[2010/07/26 23:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/04/11 13:24:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/30 16:56:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2010/05/30 16:56:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 18:40:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010/05/30 16:56:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011/05/15 14:24:00 | 000,003,090 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 78.46.178.164 www.google.com
O1 - Hosts: 178.17.165.3 www.google.com
O1 - Hosts: 78.46.178.164 www.google.com.au
O1 - Hosts: 178.17.165.3 www.google.com.au
O1 - Hosts: 78.46.178.164 www.google.be
O1 - Hosts: 178.17.165.3 www.google.be
O1 - Hosts: 78.46.178.164 www.google.com.br
O1 - Hosts: 178.17.165.3 www.google.com.br
O1 - Hosts: 78.46.178.164 www.google.ca
O1 - Hosts: 178.17.165.3 www.google.ca
O1 - Hosts: 78.46.178.164 www.google.ch
O1 - Hosts: 178.17.165.3 www.google.ch
O1 - Hosts: 78.46.178.164 www.google.de
O1 - Hosts: 178.17.165.3 www.google.de
O1 - Hosts: 78.46.178.164 www.google.dk
O1 - Hosts: 178.17.165.3 www.google.dk
O1 - Hosts: 78.46.178.164 www.google.fr
O1 - Hosts: 178.17.165.3 www.google.fr
O1 - Hosts: 78.46.178.164 www.google.ie
O1 - Hosts: 178.17.165.3 www.google.ie
O1 - Hosts: 78.46.178.164 www.google.it
O1 - Hosts: 178.17.165.3 www.google.it
O1 - Hosts: 78.46.178.164 www.google.co.jp
O1 - Hosts: 178.17.165.3 www.google.co.jp
O1 - Hosts: 30 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Q-HotkeyMgr] C:\Programme\BenQ\Q-HotkeyMgr\HotkeySensor.exe (BenQ Corp.)
O4 - HKLM..\Run: [QPower] C:\Programme\BenQ\QPower\QPower.exe (BenQ Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Programme\Intel\Wireless\Bin\LgNotify.dll - C:\Programme\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\sibylle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\sibylle\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/21 08:46:26 | 000,001,850 | ---- | M] () - D:\AutoscriptProlog.wwd -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/26 19:07:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sibylle\Desktop\OTL.exe
[2011/05/25 16:48:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2011/05/15 14:05:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\sibylle\Recent
[2011/05/15 13:52:08 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PSQMFEELHNG
[2011/05/15 13:51:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\243d09
[2011/04/30 10:37:52 | 001,141,755 | ---- | C] (Goldshell Digital Media) -- C:\WINDOWS\TEC_Bildschirmschoner.scr
[2010/12/02 18:49:52 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\msacc8.olb
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\sibylle\*.tmp files -> C:\Dokumente und Einstellungen\sibylle\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/26 19:07:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sibylle\Desktop\OTL.exe
[2011/05/26 18:29:02 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 18:15:28 | 000,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2011/05/26 16:23:22 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 16:18:54 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 16:18:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 21:34:34 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/05/23 17:25:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/17 21:10:40 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2011/05/15 18:22:48 | 001,262,364 | ---- | M] () -- C:\Dokumente und Einstellungen\sibylle\Desktop\DSC00405.JPG
[2011/05/15 15:45:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/03 20:22:58 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/30 10:38:06 | 001,141,755 | ---- | M] (Goldshell Digital Media) -- C:\WINDOWS\TEC_Bildschirmschoner.scr
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\sibylle\*.tmp files -> C:\Dokumente und Einstellungen\sibylle\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/15 20:01:13 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2011/05/15 18:22:44 | 001,262,364 | ---- | C] () -- C:\Dokumente und Einstellungen\sibylle\Desktop\DSC00405.JPG
[2011/05/03 20:22:56 | 000,000,606 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2011/04/30 10:54:01 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2011/02/25 14:05:19 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/02/25 14:05:19 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/02/25 14:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/02/25 14:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2011/02/25 14:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2011/02/25 14:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2010/12/12 17:15:50 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/02 18:50:00 | 000,005,848 | ---- | C] () -- C:\WINDOWS\Tischler3D.INI
[2010/08/02 14:29:23 | 000,003,107 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/07/26 23:09:09 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/07/11 13:26:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2010/07/11 13:26:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2010/07/11 13:26:34 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2010/07/11 00:55:35 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/07/11 00:55:35 | 000,000,340 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/06/15 21:36:17 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/06/15 21:20:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\EndNoteX.ini
[2010/06/13 20:48:55 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/06/01 20:39:35 | 000,068,712 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2010/06/01 20:39:35 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/06/01 19:45:01 | 000,102,657 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/06/01 19:45:01 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/05/13 13:20:10 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2010/04/11 13:31:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/09 09:55:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/09 09:52:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/09 09:52:30 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\sibylle\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/09 17:23:13 | 000,048,352 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
[2005/01/11 17:23:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/11 15:43:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/11 15:40:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/01/11 15:35:56 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/11 15:34:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/11 15:30:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/11 15:30:06 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/01/13 18:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,450,556 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1980/01/01 00:00:00 | 000,434,032 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,081,178 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1980/01/01 00:00:00 | 000,068,318 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\SMARTDEL.EXE
[1980/01/01 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 00:00:00 | 000,004,491 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1980/01/01 00:00:00 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1980/01/01 00:00:00 | 000,000,183 | ---- | C] () -- C:\WINDOWS\BOOT.INI
========== LOP Check ==========
[2005/01/11 15:49:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2010/04/06 18:23:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OfficeRecovery
[2010/04/07 19:19:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010/04/11 12:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/28 11:06:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2010/06/01 18:22:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2010/06/13 20:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010/07/11 00:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010/07/11 13:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2011/03/13 15:26:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2011/05/15 13:51:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\243d09
[2011/05/15 13:52:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PSQMFEELHNG
[2010/04/09 14:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\OfficeRecovery
[2010/05/13 13:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\Ulead Systems
[2010/06/15 21:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\EndNote
[2010/07/05 19:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\Uniblue
[2010/07/31 14:03:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\MAGIX
[2010/12/02 18:50:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\Tischler 3D
[2010/12/30 12:14:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\ProtectDisc
[2011/01/04 09:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sibylle\Anwendungsdaten\AliceHilfe
========== Purity Check ==========
< End of report >