Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.06.2011, 10:22   #1
speedrunner
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Frage

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Hallo,

Avira hat auf meinem DELL-Laptop mit Vista 32 Bit den Trojaner TR/Crypt.XPACK.Gen2 in der Datei OART.DLL gefunden.
Hab den auch gleich in Quarantäne verschoben. Danach liefen allerdings Word, Excel und Outlook nicht mehr (da diese Programme diese DLL benötigen)
Hab mir dann diese DLL aus dem Internet neu besorgt und die Programme laufen wieder.

Was ist das für ein Trojaner? Was macht der?
Muss ich mir Sorgen machen (ich mache mit dem Rechner auch Homebanking und Einkäufe)?


Hier mal die Daten von Avira:
Typ: Datei
Quelle: C:\Program Files\Microsoft Office\Office12\OART.DLL
Status: Infiziert
Quarantäne-Objekt: 4a51694e.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.05.20
Virendefinitionsdatei: 7.11.10.12
Meldung: Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
Datum/Uhrzeit: 18.06.2011, 18:09

Hab dann Spyboot Search and Destroy installiert. Das Programm hat aber nichts gefunden.

Hab nach meinem Urlaub gestern dann bei der Suche was dieser Trojaner so anrichten kann dieses tolle Forum hier entdeckt.

Deshalb hab ich auch Malwarebytes runter geladen und das ist das Ergebnis eines vollständigen Scans.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6949

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

26.06.2011 00:38:43
mbam-log-2011-06-26 (00-38-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 346213
Laufzeit: 1 Stunde(n), 46 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\MegaDev\md-trainers\MT-X\mt-experience.exe (Trojan.AVKiller.Gen) -> No action taken.
c:\Users\ms\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\GQDPVB90\OTL[1].exe (Trojan.Dropper.PGen) -> No action taken.

Ich hab bis jetzt bei den zwei Funden noch keine Gegenmaßnahmen eingeleitet.

Hab jetzt über das Forum hier defogger und OTL runtergeladen.

Defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:25 on 26/06/2011 (ms)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Geändert von speedrunner (26.06.2011 um 10:30 Uhr)

Alt 26.06.2011, 12:48   #2
speedrunner
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Beitrag

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.06.2011 12:26:13 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\ms\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 65,61% Memory free
7,18 Gb Paging File | 6,04 Gb Available in Paging File | 84,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 19,66 Gb Free Space | 6,89% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,22 Gb Free Space | 52,19% Space Free | Partition Type: NTFS
 
Computer Name: MS-LAPTOP | User Name: ms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.29 14:53:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.07 22:43:20 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.04.07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.18 10:08:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.04 21:37:31 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.06.03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.07 02:01:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe
PRC - [2009.04.23 14:50:44 | 004,640,445 | ---- | M] () -- C:\Programme\AVSKey-Lock\AVSKey.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.11.06 18:47:50 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.12.03 07:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.09.24 11:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2007.09.24 11:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.09.24 11:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.09.24 11:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2006.11.03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.06.03 19:22:12 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.29 14:53:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.18 10:08:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009.04.23 14:50:44 | 004,640,445 | ---- | M] () [Auto | Running] -- C:\Programme\AVSKey-Lock\AVSKey.EXE -- (AvskeyService)
SRV - [2009.01.30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.06.09 14:07:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.03.18 10:08:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.31 18:49:47 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.11.23 22:54:22 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.22 20:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.07 02:01:00 | 000,440,832 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2009.05.07 02:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.11.05 01:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008.01.02 06:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.12.03 07:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.12.03 07:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.24 11:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.11.27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.08.05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.web.de/hxxp://www.zdf.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2011.06.19 23:00:05 | 000,435,149 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14978 more lines...
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Search Image on TinEye - C:\Users\ms\Documents\TinEye 1.0\TinEye.js ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell - "" = AutoRun
O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 360 Days ==========
 
[2011.06.26 09:31:04 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
[2011.06.25 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\Malwarebytes
[2011.06.25 22:33:09 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.25 22:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.25 22:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.25 22:33:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.25 22:33:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.25 21:20:49 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\balabolka_portable
[2011.06.25 20:54:14 | 000,000,000 | ---D | C] -- C:\Programme\ScanSoft
[2011.06.25 20:35:40 | 000,000,000 | ---D | C] -- C:\Windows\Lhsp
[2011.06.25 20:06:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.06.25 17:08:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.06.25 17:08:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.06.25 17:08:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.06.21 05:06:55 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Kochen
[2011.06.20 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.18 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\QuickScan
[2011.06.18 12:08:28 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2011.06.17 09:50:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.17 09:50:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.06.17 09:50:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.17 09:50:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.17 09:50:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.17 09:50:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.17 09:50:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.17 09:50:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.17 09:50:04 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.06.17 09:50:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.17 09:50:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.06.17 09:50:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.06.17 09:50:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.06.17 09:50:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.06.17 09:50:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.17 09:50:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.17 09:50:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.03 12:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.24 06:37:45 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.15 19:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.05.15 19:29:30 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011.05.15 19:29:30 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011.05.15 19:29:30 | 010,690,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011.05.15 19:29:30 | 006,299,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2011.05.15 19:29:30 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011.05.15 19:29:30 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011.05.15 19:29:30 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011.05.15 19:29:30 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll
[2011.05.15 19:29:30 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll
[2011.05.15 19:29:30 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011.05.15 19:29:30 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011.05.15 19:28:48 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2011.05.08 10:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev
[2011.05.08 10:50:46 | 000,000,000 | ---D | C] -- C:\Programme\MegaDev
[2011.05.07 14:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.04.30 13:47:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.30 13:47:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.30 13:46:50 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.13 09:20:33 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 09:20:33 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 09:20:31 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 09:20:28 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.13 09:20:28 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.13 09:20:18 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 09:20:16 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 09:20:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.07 22:43:36 | 000,580,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll
[2011.04.07 22:43:34 | 002,582,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2011.04.07 22:43:34 | 000,293,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll
[2011.04.07 22:43:34 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2011.04.07 22:43:20 | 003,701,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2011.04.07 22:43:04 | 002,565,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2011.03.27 21:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balton Design
[2011.03.27 21:24:44 | 000,000,000 | ---D | C] -- C:\Programme\BaltonDesign
[2011.03.25 00:29:33 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.25 00:29:33 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.09 13:49:21 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 13:49:21 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 13:49:21 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 13:49:21 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.28 08:36:02 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Geschäft_Zeugnisaffaire
[2011.02.14 00:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2011.02.12 09:32:13 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonMF Uninstaller Information
[2011.02.12 09:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
[2011.02.12 09:30:54 | 000,126,976 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSD11.DLL
[2011.02.12 09:30:54 | 000,114,688 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSI11.DLL
[2011.02.12 09:30:54 | 000,110,592 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLST11.DLL
[2011.02.12 09:30:54 | 000,098,304 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSU11.DLL
[2011.02.12 09:30:54 | 000,077,824 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSC11.DLL
[2011.02.12 09:30:54 | 000,049,152 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCILSC.dll
[2011.02.12 09:30:53 | 000,548,864 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCC3110.DLL
[2011.02.12 09:30:53 | 000,389,180 | ---- | C] (Canon) -- C:\Windows\System32\UCS32P.DLL
[2011.02.12 09:30:53 | 000,090,112 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCI3110.DLL
[2011.02.12 09:30:53 | 000,065,536 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCL3110.DLL
[2011.02.12 09:30:49 | 000,000,000 | ---D | C] -- C:\Programme\Canon
[2011.02.12 08:59:51 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Canon_MF3110
[2011.02.11 18:11:22 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.11 18:11:22 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.11 18:11:13 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.11 18:11:13 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.02.11 18:11:13 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.11 18:11:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.11 18:11:12 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.11 18:11:12 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.11 18:11:12 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.11 18:11:12 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.11 18:11:12 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.02.11 18:11:12 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.02.11 18:11:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.11 18:11:12 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.11 18:11:11 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.02.11 18:11:11 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.11 18:11:11 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.11 18:11:10 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.11 18:11:10 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.02.11 18:11:10 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.02.11 18:11:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.02.11 18:11:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.11 18:11:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.01.20 16:22:36 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2011.01.16 23:10:38 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.16 23:10:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010.12.31 18:50:04 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2010.12.31 18:50:04 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2010.12.31 18:50:04 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2010.12.31 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Local\Deployment
[2010.12.15 19:26:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 19:26:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 19:26:31 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 19:26:31 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 19:26:31 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 19:26:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.01 21:06:29 | 000,108,104 | ---- | C] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys
[2010.11.25 20:29:05 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\Windows\System32\ElbyCDIO.dll
[2010.11.14 12:55:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.10.27 13:55:55 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.10.27 08:24:39 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\vlc
[2010.10.17 21:14:34 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.17 21:14:32 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.17 21:14:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.17 21:14:11 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.17 21:13:52 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.17 21:13:50 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.17 21:13:39 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.09 14:00:48 | 000,000,000 | ---D | C] -- C:\Users\ms\Documents\Firaxis Live Tuner
[2010.09.27 20:13:31 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2010.09.27 19:57:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam
[2010.09.27 19:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2010.09.27 19:57:08 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2010.09.27 19:56:07 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.09.27 19:56:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.09.27 19:56:06 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.09.27 19:56:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.09.27 19:56:06 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.09.27 19:56:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.09.27 19:56:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.09.27 19:56:06 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.09.27 19:56:06 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.09.27 19:56:05 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.09.27 19:56:05 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.09.27 19:56:05 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.09.27 19:56:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.09.27 19:56:05 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.09.27 19:56:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.09.27 19:56:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.09.27 19:56:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.09.27 19:56:04 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.09.27 19:56:04 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.09.27 19:56:04 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.09.27 19:56:04 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.09.27 19:56:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.09.27 19:56:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.09.27 19:56:04 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.09.27 19:56:04 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.09.27 19:56:04 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.09.27 19:56:04 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.09.27 19:56:04 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.09.27 19:56:03 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.09.27 19:56:03 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.09.27 19:56:03 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.09.27 19:56:03 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.09.27 19:56:03 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.09.27 19:56:03 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.09.27 19:56:03 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.09.27 19:56:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.09.27 19:56:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.09.27 19:56:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.09.27 19:56:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.09.27 19:56:02 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.09.27 19:56:02 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.09.27 19:56:02 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.09.27 19:56:02 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.09.27 19:56:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.09.27 19:56:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.09.27 19:56:02 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.09.27 19:56:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.09.27 19:56:01 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.09.27 19:56:01 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.09.19 13:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2010.09.19 13:29:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.19 13:22:24 | 000,000,000 | ---D | C] -- C:\Programme\Windows Installer Clean Up
[2010.08.11 10:54:49 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 10:54:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.07.26 09:22:07 | 000,000,000 | ---D | C] -- C:\DGQ
[2010.07.07 06:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BILDmobil
[2010.07.07 06:55:09 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010.07.07 06:55:09 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010.07.07 06:55:09 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010.07.07 06:55:09 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010.07.07 06:54:52 | 000,000,000 | ---D | C] -- C:\Programme\BILDmobil
[2010.07.03 06:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardcopy - Bildschirmausdruck
[2010.07.03 06:24:22 | 000,000,000 | ---D | C] -- C:\Programme\Hardcopy
[2010.07.03 06:23:41 | 000,501,760 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2011.06.26 12:22:12 | 007,602,176 | -HS- | M] () -- C:\Users\ms\ntuser.dat
[2011.06.26 12:06:28 | 001,453,716 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011.06.26 12:06:28 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.26 12:06:28 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.26 12:06:28 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.26 12:06:28 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.26 12:00:10 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.26 11:59:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.26 11:59:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.26 11:59:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011.06.26 11:59:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.26 11:59:40 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.26 11:51:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.06.26 11:51:04 | 000,524,288 | -HS- | M] () -- C:\Users\ms\ntuser.dat{41437b0d-f040-11de-995a-001c4afdc29c}.TMContainer00000000000000000001.regtrans-ms
[2011.06.26 11:51:04 | 000,065,536 | -HS- | M] () -- C:\Users\ms\ntuser.dat{41437b0d-f040-11de-995a-001c4afdc29c}.TM.blf
[2011.06.26 11:38:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.26 11:31:34 | 004,407,909 | -H-- | M] () -- C:\Users\ms\AppData\Local\IconCache.db
[2011.06.26 11:11:00 | 000,256,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.26 10:25:46 | 000,000,000 | ---- | M] () -- C:\Users\ms\defogger_reenable
[2011.06.26 10:24:40 | 000,050,477 | ---- | M] () -- C:\Users\ms\Desktop\Defogger.exe
[2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
[2011.06.26 08:09:35 | 000,055,944 | ---- | M] () -- C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT
[2011.06.25 21:20:43 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job
[2011.06.25 20:06:36 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.06.21 06:48:39 | 000,000,141 | ---- | M] () -- C:\Users\ms\Desktop\index.html.url
[2011.06.21 05:34:44 | 000,240,128 | ---- | M] () -- C:\Users\ms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.19 23:00:05 | 000,435,149 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.06.08 07:58:11 | 002,657,713 | ---- | M] () -- C:\Users\ms\Desktop\Maus_Lasik_Broschüre.pdf
[2011.06.08 07:08:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.06.05 11:37:40 | 000,762,687 | ---- | M] () -- C:\Users\ms\Desktop\32pfl8404h_12_fin_deu.pdf
[2011.06.04 11:50:08 | 000,380,140 | ---- | M] () -- C:\Users\ms\Desktop\FOCUS_Augen_Aerzteliste_2010.pdf
[2011.06.04 11:12:03 | 000,020,291 | ---- | M] () -- C:\Users\ms\Desktop\Anreise_CityLasik_Stuttgart.pdf
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.28 08:05:27 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.05.28 08:04:56 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.28 08:04:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.28 08:04:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.28 08:04:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.28 08:04:17 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.28 08:04:03 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.28 08:04:03 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.28 08:04:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.28 08:04:02 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.28 08:04:02 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.28 08:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.28 07:10:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.28 06:33:03 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.28 06:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.28 06:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.28 06:31:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.05.23 18:18:02 | 000,000,680 | ---- | M] () -- C:\Users\ms\AppData\Local\d3d9caps.dat
[2011.05.15 17:59:30 | 000,319,354 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.15 17:59:30 | 000,319,354 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.15 13:13:45 | 000,353,548 | ---- | M] () -- C:\Users\ms\Desktop\t200108088_Leistenbruch.pdf
[2011.05.08 10:50:52 | 000,001,973 | ---- | M] () -- C:\Users\ms\Desktop\MegaTrainer eXperience.lnk
[2011.05.08 10:44:22 | 000,015,779 | ---- | M] () -- C:\Users\ms\Desktop\Cheatuebersicht~Civilization~V~Version~1_0_1_275-p-detail.pdf.html
[2011.05.04 04:52:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.04 04:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.04 04:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.04 04:52:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.04.08 07:14:00 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011.04.08 07:14:00 | 013,007,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011.04.08 07:14:00 | 010,071,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011.04.08 07:14:00 | 006,299,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2011.04.08 07:14:00 | 005,180,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011.04.08 07:14:00 | 002,765,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011.04.08 07:14:00 | 002,074,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011.04.08 07:14:00 | 002,034,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2011.04.08 07:14:00 | 000,944,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll
[2011.04.08 07:14:00 | 000,855,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll
[2011.04.08 07:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011.04.08 07:14:00 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011.04.08 07:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011.04.07 22:43:36 | 000,580,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll
[2011.04.07 22:43:34 | 002,582,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2011.04.07 22:43:34 | 000,293,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll
[2011.04.07 22:43:34 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2011.04.07 22:43:20 | 003,701,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2011.04.07 22:43:04 | 002,565,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2011.03.27 21:24:56 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Balton Design.lnk
[2011.03.27 21:24:20 | 008,250,802 | ---- | M] () -- C:\Users\ms\Desktop\configura_installer.exe
[2011.03.27 11:39:45 | 388,758,941 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.26 16:38:17 | 003,563,000 | ---- | M] () -- C:\Users\ms\Desktop\balton_broschuere.pdf
[2011.03.18 10:08:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.12 23:55:52 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.03.10 19:03:51 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.03.10 19:03:51 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.03.09 10:32:07 | 000,058,874 | ---- | M] () -- C:\Users\ms\Documents\verbrauchsStrom_2004-2011.do.pdf
[2011.03.03 17:40:13 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.03.03 15:35:36 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.03.03 15:25:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.03.01 20:00:30 | 000,009,365 | ---- | M] () -- C:\Users\ms\Documents\balton.om
[2011.03.01 16:41:58 | 000,504,948 | ---- | M] () -- C:\Users\ms\Desktop\BIII-Preisliste.pdf
[2011.02.22 16:13:01 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.22 15:33:12 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.17 08:23:50 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.17 08:19:43 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.16 18:16:37 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.16 16:02:23 | 000,292,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.14 00:42:12 | 006,669,808 | ---- | M] () -- C:\Users\ms\Desktop\AnyDVD_HD_v6.7.8.0_Final_Multi_Incl_Key.rar
[2011.02.12 09:34:54 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2011.02.11 15:14:56 | 000,183,370 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ.Box Fon WLAN 7390 (UI) 84.04.90_11.02.11_1415.export
[2011.02.11 09:40:50 | 000,005,755 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ.Box_Telefonbuch_11.02.11_0840.xml
[2011.02.11 09:39:59 | 000,216,353 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ.Box Fon WLAN 7270 v2 (UI) 54.04.88_11.02.11_0839.export
[2011.02.10 10:52:10 | 000,349,669 | ---- | M] () -- C:\Users\ms\Documents\Stromwechsel_Vattenfall_Onlineabschluss_Easy_Privatstrom_12474622.pdf
[2011.02.05 11:52:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2011.02.05 10:24:19 | 001,272,848 | ---- | M] () -- C:\Users\ms\Desktop\Xperia_X1__UG_DE_1218_2861_3.pdf
[2011.01.20 20:23:17 | 012,182,117 | ---- | M] () -- C:\Users\ms\Desktop\AVM_DSL_DE.pdf
[2011.01.20 18:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.01.20 18:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.01.20 18:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.20 18:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.01.20 18:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.20 18:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.20 18:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.01.20 18:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.01.20 18:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.01.20 18:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.01.20 16:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.01.20 16:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.01.20 16:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.01.20 16:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.20 16:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.01.20 16:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.01.20 16:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.01.20 16:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.20 16:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.20 16:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.01.20 15:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.02 12:26:05 | 000,000,000 | -H-- | M] () -- C:\Users\ms\Documents\Default.rdp
[2011.01.01 21:37:42 | 003,539,737 | ---- | M] () -- C:\Users\ms\Desktop\MANUAL_MM-HDRTV.pdf
[2010.12.31 18:49:47 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys
[2010.12.31 18:49:46 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll
[2010.12.31 12:06:00 | 000,000,408 | ---- | M] () -- C:\Users\ms\Documents\Downloads - Verknüpfung.lnk
[2010.12.29 21:25:19 | 000,046,721 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ. WLAN Repeater N_G (UI) 68.04.84_29.12.10_2025.export
[2010.12.29 20:28:45 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2010.12.29 20:28:45 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2010.12.29 20:28:28 | 000,429,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.12.29 20:26:47 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.12.29 10:28:50 | 000,000,402 | ---- | M] () -- C:\Users\ms\Documents\Kontakte - Verknüpfung.lnk
[2010.12.28 17:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010.12.28 12:41:39 | 016,390,204 | ---- | M] () -- C:\Users\ms\Desktop\Firmware_FANTEC_MM-HDRTV_Rev06_BETA.zip
[2010.12.27 20:58:08 | 000,005,755 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ.Box_Telefonbuch_27.12.10_1958.xml
[2010.12.18 22:51:10 | 000,098,776 | ---- | M] () -- C:\Users\ms\Documents\Kündigung Mobilfunk-Option 1und1.pdf
[2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010.12.07 22:55:39 | 000,000,510 | ---- | M] () -- C:\Users\ms\Desktop\Öffentliche Videos - Verknüpfung.lnk
[2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys
[2010.11.25 20:29:05 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\ElbyCDIO.dll
[2010.11.23 22:54:22 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.04 20:56:07 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.11.04 20:55:38 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.11.04 20:55:38 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.10.28 15:20:12 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.10.18 15:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.10.15 16:08:12 | 003,602,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.10.15 16:08:12 | 003,550,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.10.03 14:12:04 | 000,000,215 | ---- | M] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V SDK.url
[2010.09.27 20:22:22 | 000,001,275 | ---- | M] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V (DirectX 11).lnk
[2010.09.27 20:13:31 | 000,000,214 | ---- | M] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V.url
[2010.09.27 20:02:05 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.09.13 15:56:41 | 008,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.09.06 18:19:06 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.08.31 17:46:37 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.08.31 17:46:37 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.08.26 18:37:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.08.26 18:34:50 | 001,696,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.08.20 18:05:07 | 000,867,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.07.20 20:46:52 | 000,020,645 | ---- | M] () -- C:\Users\ms\Desktop\Segway.jpg
[2010.07.20 20:46:15 | 000,011,371 | ---- | M] () -- C:\Users\ms\Desktop\Poweriser.jpg
[2010.07.07 06:55:14 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\BILDmobil.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.26 10:25:46 | 000,000,000 | ---- | C] () -- C:\Users\ms\defogger_reenable
[2011.06.26 10:24:40 | 000,050,477 | ---- | C] () -- C:\Users\ms\Desktop\Defogger.exe
[2011.06.25 20:06:36 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.06.21 06:48:39 | 000,000,141 | ---- | C] () -- C:\Users\ms\Desktop\index.html.url
[2011.06.08 07:58:11 | 002,657,713 | ---- | C] () -- C:\Users\ms\Desktop\Maus_Lasik_Broschüre.pdf
[2011.06.05 11:37:37 | 000,762,687 | ---- | C] () -- C:\Users\ms\Desktop\32pfl8404h_12_fin_deu.pdf
[2011.06.04 11:50:08 | 000,380,140 | ---- | C] () -- C:\Users\ms\Desktop\FOCUS_Augen_Aerzteliste_2010.pdf
[2011.06.04 11:12:03 | 000,020,291 | ---- | C] () -- C:\Users\ms\Desktop\Anreise_CityLasik_Stuttgart.pdf
[2011.05.15 19:29:30 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011.05.15 13:13:42 | 000,353,548 | ---- | C] () -- C:\Users\ms\Desktop\t200108088_Leistenbruch.pdf
[2011.05.08 10:50:52 | 000,001,973 | ---- | C] () -- C:\Users\ms\Desktop\MegaTrainer eXperience.lnk
[2011.05.08 10:44:22 | 000,015,779 | ---- | C] () -- C:\Users\ms\Desktop\Cheatuebersicht~Civilization~V~Version~1_0_1_275-p-detail.pdf.html
[2011.03.27 21:24:56 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Balton Design.lnk
[2011.03.27 21:24:13 | 008,250,802 | ---- | C] () -- C:\Users\ms\Desktop\configura_installer.exe
[2011.03.26 16:38:16 | 003,563,000 | ---- | C] () -- C:\Users\ms\Desktop\balton_broschuere.pdf
[2011.03.09 10:32:07 | 000,058,874 | ---- | C] () -- C:\Users\ms\Documents\verbrauchsStrom_2004-2011.do.pdf
[2011.03.01 16:41:58 | 000,504,948 | ---- | C] () -- C:\Users\ms\Desktop\BIII-Preisliste.pdf
[2011.02.14 00:42:07 | 006,669,808 | ---- | C] () -- C:\Users\ms\Desktop\AnyDVD_HD_v6.7.8.0_Final_Multi_Incl_Key.rar
[2011.02.12 09:34:54 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2011.02.12 09:30:53 | 000,000,281 | ---- | C] () -- C:\Windows\System32\CNCMFP11.INI
[2011.02.11 15:14:56 | 000,183,370 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ.Box Fon WLAN 7390 (UI) 84.04.90_11.02.11_1415.export
[2011.02.11 09:40:50 | 000,005,755 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ.Box_Telefonbuch_11.02.11_0840.xml
[2011.02.11 09:39:59 | 000,216,353 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ.Box Fon WLAN 7270 v2 (UI) 54.04.88_11.02.11_0839.export
[2011.02.10 10:52:09 | 000,349,669 | ---- | C] () -- C:\Users\ms\Documents\Stromwechsel_Vattenfall_Onlineabschluss_Easy_Privatstrom_12474622.pdf
[2011.02.05 11:52:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2011.02.05 10:24:18 | 001,272,848 | ---- | C] () -- C:\Users\ms\Desktop\Xperia_X1__UG_DE_1218_2861_3.pdf
[2011.01.20 20:22:34 | 012,182,117 | ---- | C] () -- C:\Users\ms\Desktop\AVM_DSL_DE.pdf
[2011.01.20 16:23:29 | 000,002,539 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011.01.02 12:26:05 | 000,000,000 | -H-- | C] () -- C:\Users\ms\Documents\Default.rdp
[2011.01.01 21:37:40 | 003,539,737 | ---- | C] () -- C:\Users\ms\Desktop\MANUAL_MM-HDRTV.pdf
[2010.12.31 12:06:00 | 000,000,408 | ---- | C] () -- C:\Users\ms\Documents\Downloads - Verknüpfung.lnk
[2010.12.29 21:25:18 | 000,046,721 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ. WLAN Repeater N_G (UI) 68.04.84_29.12.10_2025.export
[2010.12.29 10:28:50 | 000,000,402 | ---- | C] () -- C:\Users\ms\Documents\Kontakte - Verknüpfung.lnk
[2010.12.28 12:40:41 | 016,390,204 | ---- | C] () -- C:\Users\ms\Desktop\Firmware_FANTEC_MM-HDRTV_Rev06_BETA.zip
[2010.12.27 20:58:07 | 000,005,755 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ.Box_Telefonbuch_27.12.10_1958.xml
[2010.12.18 22:50:03 | 000,098,776 | ---- | C] () -- C:\Users\ms\Documents\Kündigung Mobilfunk-Option 1und1.pdf
[2010.12.07 22:55:39 | 000,000,510 | ---- | C] () -- C:\Users\ms\Desktop\Öffentliche Videos - Verknüpfung.lnk
[2010.10.03 14:12:04 | 000,000,215 | ---- | C] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V SDK.url
[2010.09.27 20:22:22 | 000,001,275 | ---- | C] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V (DirectX 11).lnk
[2010.09.27 20:13:31 | 000,000,214 | ---- | C] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V.url
[2010.09.27 19:57:11 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.09.19 13:22:24 | 000,001,858 | ---- | C] () -- C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2010.08.28 08:10:37 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job
[2010.07.20 20:51:17 | 000,011,371 | ---- | C] () -- C:\Users\ms\Desktop\Poweriser.jpg
[2010.07.20 20:50:15 | 000,020,645 | ---- | C] () -- C:\Users\ms\Desktop\Segway.jpg
[2010.07.07 06:55:14 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\BILDmobil.lnk
[2010.06.29 05:50:47 | 004,407,909 | -H-- | C] () -- C:\Users\ms\AppData\Local\IconCache.db
[2010.06.11 06:02:50 | 000,008,828 | ---- | C] () -- C:\Users\ms\AppData\Local\de.ini
[2009.12.24 06:32:03 | 000,000,680 | ---- | C] () -- C:\Users\ms\AppData\Local\d3d9caps.dat
[2009.08.04 11:11:31 | 000,319,354 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.04 11:11:31 | 000,319,354 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.04 10:29:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.04 10:29:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.04 10:29:05 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.05.07 02:01:00 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2009.04.18 10:33:48 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.03.23 01:27:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.14 19:27:45 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009.03.13 20:55:49 | 000,240,128 | ---- | C] () -- C:\Users\ms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.13 20:42:06 | 000,027,050 | ---- | C] () -- C:\Users\ms\AppData\Roaming\nvModes.001
[2009.03.13 18:47:54 | 000,027,050 | ---- | C] () -- C:\Users\ms\AppData\Roaming\nvModes.dat
[2009.03.13 17:15:39 | 000,055,944 | ---- | C] () -- C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.06.09 21:30:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.06.09 13:55:14 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008.06.09 13:38:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 17:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,256,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 001,453,716 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006.11.02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006.11.02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006.11.02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006.11.02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006.11.02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006.11.02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006.11.02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006.11.02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006.11.02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006.11.02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006.11.02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006.11.02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006.11.02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006.11.02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006.11.02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006.11.02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006.11.02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006.11.02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006.11.02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006.11.02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006.11.02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006.11.02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006.11.02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006.11.02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006.11.02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006.11.02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006.11.02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006.11.02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006.11.02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006.11.02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006.11.02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.06.18 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\QuickScan
[2010.10.09 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\SYNCING.NET
[2009.03.13 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\tmp
[2009.03.21 09:43:32 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\UBitMenu
[2011.06.26 11:51:05 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.25 21:20:43 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
__________________


Alt 26.06.2011, 12:56   #3
speedrunner
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Beitrag

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Extras.txtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.06.2011 12:26:13 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\ms\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 65,61% Memory free
7,18 Gb Paging File | 6,04 Gb Available in Paging File | 84,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 19,66 Gb Free Space | 6,89% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,22 Gb Free Space | 52,19% Space Free | Partition Type: NTFS
 
Computer Name: MS-LAPTOP | User Name: ms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 360 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1289FECB-4BE5-48BD-966F-6884D365762A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{25767E52-D726-400E-835C-AACB6D3B10BC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2D18C054-5CA9-4854-BC8D-A21550C04FE4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4366F99F-33AA-4F3E-84F9-81353B4F82B8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4FD021FC-138C-4DC7-9AB4-16259729D5D5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5D22A296-AE90-4576-8A61-5437DF494F55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60F74495-1F03-4CDE-B07B-3E69B44A4C1F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6776B484-AD18-4425-BAA2-9E1DA32E23C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{67A1E885-DF4C-434E-BFCA-751784A98024}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{69AF0CD8-0574-47B5-8ECF-8C887075D1CD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{72DDF50C-9E77-4D80-B678-C977C2E26F83}" = lport=138 | protocol=17 | dir=in | app=system | 
"{738D6DCB-326B-4BDE-A61B-078D0851DBE1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{765D5A35-713B-4D61-BA96-29EF8F39BD15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{795200F5-B3E0-4B0D-BD22-3BB68967DCA6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{80229CC1-AFE0-4975-BC6A-91F7E24A6DD5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{889B2D86-F0FF-4294-BFC6-1284CFBA2AE8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8A2F3806-67C9-4414-909E-E1CA5995A378}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8EE18C5A-E95E-43D6-8A60-CEB2C611D5D5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{99E47868-5F3B-464E-B077-7D745B134D83}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A8704C79-4ED2-44CF-89C8-AB8137E45A17}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B4F3BDDB-1B98-4336-AC99-2FC11AE68611}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BD70C133-DBF7-4251-B0E4-771237A8621E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C6B8709A-EC49-4C11-AB89-A8D894DEA783}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C72515DC-38FD-42E8-A33B-13461E8952E8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CDF04C66-6311-404A-9430-9EAC9BB5CAF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D86056C5-2CC2-46A9-AFB4-40D7F232DCFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D9A00F65-A7A0-4D99-AE0C-9AB447DA6D18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E9EBBE00-D9BC-4A89-B1D1-56C267F34188}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EEAF2989-C007-4109-AB19-6650BC760484}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F702BF32-5DDE-4531-94CB-35B290665146}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DCC713-0912-48A0-95D8-546F37B39735}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{09EDFF2D-06D2-4468-A3E1-639EBA1EDF5D}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe | 
"{0A1D34D7-792A-46C3-90EE-F5614D2D8B9E}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{0D838566-C879-42AC-B5E5-4924722DFFB1}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{12C73333-A532-47B1-B5D2-DCDD7807908D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{160BA720-9A9B-4B3B-808E-80F20E9D5CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{203069F4-B2EE-4EC5-BFEC-5E150421F106}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30572048-5610-4EBE-9DBF-B82FC8BC7047}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{34F7935F-7EC4-4B10-B112-1981BEB31535}" = protocol=6 | dir=out | app=system | 
"{432784E8-A43A-4CC6-96D1-AE9E9B237CD0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{45911C6B-54A4-4138-B563-C0691B697D90}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{45CF406F-EC9F-417C-8AD7-74346B8E9683}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe | 
"{47EF45B1-3A87-441D-BBFF-5F1291C009C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50115472-F2EC-4103-B92B-5CF7BF88E31B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5723F2F3-1934-4270-B4C2-4CC216517D2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6110B96E-0CF8-45DA-B5A2-F2F4FFF05F81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6744E8E0-A2B0-4277-A1D9-386068354675}" = protocol=6 | dir=in | app=c:\users\ms\appdata\local\apps\2.0\5yyp6c1m.ddt\ojowgd11.xqn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{7215E26D-7B15-4046-B3A8-7F918DD73CFC}" = protocol=17 | dir=in | app=c:\users\ms\appdata\local\apps\2.0\5yyp6c1m.ddt\ojowgd11.xqn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{7BAC4219-F7D5-4447-890A-ABB9DE3B44C5}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{8747C935-C677-4362-BA0C-57098E6ABEB4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{896B4B04-8084-4065-B1E4-A9D0FBAEE663}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8D4164C1-BEA1-49CA-8B1D-AB60CB8F46BA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8EC24D1E-C399-4415-B4AB-BC5A25E9541B}" = protocol=17 | dir=in | app=c:\users\ms\appdata\local\apps\2.0\5yyp6c1m.ddt\ojowgd11.xqn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{8EEC820F-C8F8-4EC5-AD49-8B51AE2B95B3}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{98177A8E-D187-445C-965D-5A69FF220EDC}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{99CD44CE-F624-4D6A-BFEE-34DFC7FB3D12}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{9B11E34C-F053-4A0A-9F65-CFC445E618AC}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{9CFE704A-E7B3-4BB8-BF8D-5ACF663F7C2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0065EA5-9F8B-465F-961B-6F43166164A6}" = protocol=6 | dir=in | app=c:\users\ms\appdata\local\apps\2.0\5yyp6c1m.ddt\ojowgd11.xqn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{AFBD7F37-5FFA-44DD-848A-0671D14128B8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{B30C3CCC-2A11-4289-BEBE-F1A657E512B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{B6583FF9-5775-469D-8A5A-E2A24152F30B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B7CECDBC-DE8B-4261-A960-239ABC67AD92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B80C01DE-285A-4D97-A00A-A0FAB7BECDEC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{B8B0FE07-8877-4C15-8340-78838D26D784}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{C18BFBE6-71FF-4C9C-8EF8-21460393D84E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C462DA0F-5800-4B31-9458-4BAD085AEAAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C82B7A4F-3639-4FA2-9581-A1695DAE2BD6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD06360F-CFA6-401D-B6D2-52C670E84F00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3C26FE9-2EAD-439E-A796-54D1679F01A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC4AEAEB-58E9-4539-90C2-A48FED239677}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{DC4FDC0A-2583-4B18-91FE-DD41A8DA3A52}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{DDD9045B-9EC3-43C9-A481-B8FA8CB95AA8}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{DECE562C-827E-46D7-829E-D7364B7EAD30}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{FB7C6678-4969-42C2-9E36-9EE866776EE7}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{FCE28334-E6FF-4379-990A-CE657CD01140}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{1B8E80AD-CC72-48C3-B753-84A4DB808CD9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{4DD278FD-6BEC-4B39-B94D-CD0212C51325}G:\opera10\operausb1051\opera.exe" = protocol=6 | dir=in | app=g:\opera10\operausb1051\opera.exe | 
"TCP Query User{691B9960-F4CB-4F41-9595-D01752946929}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{841AD731-AF5A-4EA0-8D3D-140DA591FE92}C:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe" = protocol=6 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe | 
"TCP Query User{941DC9E6-10EA-4D87-99DD-9B7CA8079C71}C:\laptop\sicherung 8gb usb\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=c:\laptop\sicherung 8gb usb\portableapps\freecivportable\app\freeciv\freeciv-server.exe | 
"TCP Query User{9421CBA5-EB1E-4828-A5E2-35D883C389B9}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{964FDB82-3BFA-4954-8CD2-04B9440077C4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C3C6784D-6FC8-4522-8C4F-181C8E0D0AC3}C:\program files\fritz!box\addon (ie)\upnpbroker.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box\addon (ie)\upnpbroker.exe | 
"TCP Query User{DCBDBCCB-977B-4503-BBC3-3D77901B01CA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{DD7909FE-63E4-4D2D-A132-C461188FFE40}C:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe" = protocol=6 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe | 
"TCP Query User{E9EE9E8D-E156-4417-8BEA-071E3534F1C4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{0986BCB4-CFB9-4B41-95D9-76E21F363F40}C:\laptop\sicherung 8gb usb\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=c:\laptop\sicherung 8gb usb\portableapps\freecivportable\app\freeciv\freeciv-server.exe | 
"UDP Query User{0C78FC08-E755-4D59-9567-6760FADE72BD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0D9EFEC5-1128-4C73-A0FD-25E8FBBC9A81}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{0EBFA376-058C-4E7D-BF21-C7FAAD320072}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1E5BF38F-2438-460F-8FC8-984A1708042D}G:\opera10\operausb1051\opera.exe" = protocol=17 | dir=in | app=g:\opera10\operausb1051\opera.exe | 
"UDP Query User{2124D1C0-7857-46F8-B58C-A972CE496B9E}C:\program files\fritz!box\addon (ie)\upnpbroker.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box\addon (ie)\upnpbroker.exe | 
"UDP Query User{2F2A315B-94D1-4844-AE62-47F43E3BA8BE}C:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe" = protocol=17 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe | 
"UDP Query User{593DE7A2-23B1-4F1E-B3CA-EF05A5798F4A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{5B124443-6F81-4AF5-B178-6F4D8BF335FA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{72EE6A07-1E3F-46F1-A486-E6D397BE9DB4}C:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe" = protocol=17 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe | 
"UDP Query User{A2A2E955-E89A-42DA-B894-F3F7B7906208}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_BASICR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_BASICR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96F51932-0944-4D62-945F-E6837E510462}" = AVM FRITZ!Box AddOn (IE)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B8ACEA2-BA21-4A91-A950-144FED3ED133}" = TinEye Internet Explorer plugin 1.0
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6411A0B-EA6A-4cf7-8A31-94A2C187D662}" = Canon MF3110-Serie
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVSKey-Lock_is1" = AVSKey-Lock 1.08
"Balton Design.EXE" = Balton Design
"BASICR" = Microsoft Office Basic 2007
"BILDmobil" = BILDmobil
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)  
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"GoToAssist" = GoToAssist 8.0.0.514
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.4.6
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MuVo Series Media Explorer" = MuVo Series Media Explorer
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 8930" = Sid Meier's Civilization V
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________

Alt 04.07.2011, 15:43   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Standard

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Hast du keinen OTL-CustomScan gemacht?
Wenn nicht nachholen, Anleitung unten. Da der letzte Scan mit Malwarebytes auch länger her, am besten auch noch einen neuen Vollscan mit aktuellen Signaturen machen.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.07.2011, 05:07   #5
speedrunner
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Beitrag

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Hallo cosinus,

anbei der gewünschten Scan. OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.07.2011 04:23:21 - Run 2
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\ms\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 66,25% Memory free
7,18 Gb Paging File | 5,98 Gb Available in Paging File | 83,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 39,00 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,22 Gb Free Space | 52,19% Space Free | Partition Type: NTFS
 
Computer Name: MS-LAPTOP | User Name: ms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.04 21:19:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.02 11:37:45 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.28 08:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.04.29 14:53:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.07 22:43:20 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.04.07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.04 21:37:31 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.06.03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.07 02:01:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe
PRC - [2009.04.23 14:50:44 | 004,640,445 | ---- | M] () -- C:\Programme\AVSKey-Lock\AVSKey.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.11.06 18:47:50 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.12.03 07:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.09.24 11:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2007.09.24 11:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.09.24 11:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.09.24 11:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2006.11.03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.04 21:19:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.03 19:22:12 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.29 14:53:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009.04.23 14:50:44 | 004,640,445 | ---- | M] () [Auto | Running] -- C:\Programme\AVSKey-Lock\AVSKey.EXE -- (AvskeyService)
SRV - [2009.01.30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.06.09 14:07:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.04 21:19:30 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 21:19:29 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.31 18:49:47 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.06.22 20:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.07 02:01:00 | 000,440,832 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2009.05.07 02:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.11.05 01:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008.01.02 06:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.12.03 07:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.12.03 07:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.24 11:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.11.27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.08.05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.web.de/hxxp://www.zdf.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2011.06.19 23:00:05 | 000,435,149 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14978 more lines...
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Search Image on TinEye - C:\Users\ms\Documents\TinEye 1.0\TinEye.js ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell - "" = AutoRun
O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.03 08:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.06.27 15:04:42 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\krank-Dateien
[2011.06.26 09:31:04 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
[2011.06.25 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\Malwarebytes
[2011.06.25 22:33:09 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.25 22:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.25 22:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.25 22:33:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.25 22:33:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.25 21:20:49 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\balabolka_portable
[2011.06.25 20:54:14 | 000,000,000 | ---D | C] -- C:\Programme\ScanSoft
[2011.06.25 20:35:40 | 000,000,000 | ---D | C] -- C:\Windows\Lhsp
[2011.06.21 05:06:55 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Kochen
[2011.06.20 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.18 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\QuickScan
[2011.06.18 12:08:28 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.06 03:52:58 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.06 03:52:58 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.06 03:52:58 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.06 03:52:58 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.06 03:47:39 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.06 03:46:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.06 03:46:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.06 03:46:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.06 03:46:14 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.05 23:53:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.07.05 23:38:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.05 20:24:56 | 000,245,248 | ---- | M] () -- C:\Users\ms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 13:41:10 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job
[2011.07.04 21:19:30 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.04 21:19:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.04 06:52:03 | 000,028,784 | ---- | M] () -- C:\Users\ms\Desktop\Angesicht_Verbrechens_DVD1-xfakbdlrue0k.dlc
[2011.07.03 12:41:21 | 000,023,192 | ---- | M] () -- C:\Users\ms\Desktop\Angesicht_Verbrechens_DVD1-q8llbdl4j924s.dlc
[2011.07.03 08:17:00 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.07.02 17:40:16 | 000,256,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.27 21:42:38 | 000,849,509 | ---- | M] () -- C:\Users\ms\Desktop\Münchenvlp11stadt.pdf
[2011.06.27 15:04:42 | 000,200,011 | ---- | M] () -- C:\Users\ms\Desktop\krank.htm
[2011.06.26 22:25:27 | 134,918,069 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.06.26 13:01:01 | 000,302,592 | ---- | M] () -- C:\Users\ms\Desktop\h5jwz35c.exe
[2011.06.26 10:25:46 | 000,000,000 | ---- | M] () -- C:\Users\ms\defogger_reenable
[2011.06.26 10:24:40 | 000,050,477 | ---- | M] () -- C:\Users\ms\Desktop\Defogger.exe
[2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe
[2011.06.25 20:06:36 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.06.21 06:48:39 | 000,000,141 | ---- | M] () -- C:\Users\ms\Desktop\index.html.url
[2011.06.19 23:00:05 | 000,435,149 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.06.08 07:58:11 | 002,657,713 | ---- | M] () -- C:\Users\ms\Desktop\Maus_Lasik_Broschüre.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.04 06:52:03 | 000,028,784 | ---- | C] () -- C:\Users\ms\Desktop\Angesicht_Verbrechens_DVD1-xfakbdlrue0k.dlc
[2011.07.03 12:41:20 | 000,023,192 | ---- | C] () -- C:\Users\ms\Desktop\Angesicht_Verbrechens_DVD1-q8llbdl4j924s.dlc
[2011.07.03 08:17:00 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.06.27 21:42:38 | 000,849,509 | ---- | C] () -- C:\Users\ms\Desktop\Münchenvlp11stadt.pdf
[2011.06.27 15:04:42 | 000,200,011 | ---- | C] () -- C:\Users\ms\Desktop\krank.htm
[2011.06.26 22:25:29 | 3756,044,288 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.26 13:01:00 | 000,302,592 | ---- | C] () -- C:\Users\ms\Desktop\h5jwz35c.exe
[2011.06.26 10:25:46 | 000,000,000 | ---- | C] () -- C:\Users\ms\defogger_reenable
[2011.06.26 10:24:40 | 000,050,477 | ---- | C] () -- C:\Users\ms\Desktop\Defogger.exe
[2011.06.25 20:06:36 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.06.21 06:48:39 | 000,000,141 | ---- | C] () -- C:\Users\ms\Desktop\index.html.url
[2011.06.08 07:58:11 | 002,657,713 | ---- | C] () -- C:\Users\ms\Desktop\Maus_Lasik_Broschüre.pdf
[2011.02.12 09:30:53 | 000,000,281 | ---- | C] () -- C:\Windows\System32\CNCMFP11.INI
[2010.06.11 06:02:50 | 000,008,828 | ---- | C] () -- C:\Users\ms\AppData\Local\de.ini
[2009.12.24 06:32:03 | 000,000,680 | ---- | C] () -- C:\Users\ms\AppData\Local\d3d9caps.dat
[2009.08.04 11:11:31 | 000,319,354 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.04 11:11:31 | 000,319,354 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.04 10:29:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.04 10:29:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.05.07 02:01:00 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2009.04.18 10:33:48 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.03.23 01:27:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.13 20:55:49 | 000,245,248 | ---- | C] () -- C:\Users\ms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.13 20:42:06 | 000,027,050 | ---- | C] () -- C:\Users\ms\AppData\Roaming\nvModes.001
[2009.03.13 18:47:54 | 000,027,050 | ---- | C] () -- C:\Users\ms\AppData\Roaming\nvModes.dat
[2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.06.09 21:30:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.06.09 13:55:14 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008.06.09 13:38:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 17:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,256,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.06.18 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\QuickScan
[2010.10.09 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\SYNCING.NET
[2009.03.13 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\tmp
[2009.03.21 09:43:32 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\UBitMenu
[2011.07.05 23:53:34 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.07.05 13:41:10 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.03.13 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Adobe
[2010.04.18 11:23:08 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Avira
[2009.03.13 22:18:44 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Creative
[2009.03.13 20:54:02 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\CyberLink
[2011.06.18 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\dvdcss
[2009.03.13 17:34:44 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Google
[2009.03.13 17:15:22 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Identities
[2009.03.13 20:53:12 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\InstallShield
[2009.03.13 17:19:30 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Intel
[2009.03.13 22:04:35 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Macromedia
[2011.06.25 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Malwarebytes
[2009.03.13 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Media Center Programs
[2010.09.19 13:22:27 | 000,000,000 | --SD | M] -- C:\Users\ms\AppData\Roaming\Microsoft
[2011.06.18 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\QuickScan
[2009.03.13 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Reallusion
[2011.07.06 04:18:46 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Skype
[2010.10.09 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\SYNCING.NET
[2009.03.13 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\tmp
[2009.03.21 09:43:32 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\UBitMenu
[2011.07.03 08:12:13 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\vlc
[2010.06.10 06:23:04 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.04.04 23:16:33 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\ms\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.09.19 13:22:27 | 000,003,584 | R--- | M] () -- C:\Users\ms\AppData\Roaming\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe
[2009.03.21 09:43:10 | 000,696,341 | ---- | M] () -- C:\Users\ms\AppData\Roaming\UBitMenu\unins000.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.06.09 21:14:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008.06.09 21:14:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008.06.09 21:14:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008.06.09 21:14:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.06.09 21:14:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys
[2008.06.09 21:14:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.06.09 21:14:28 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008.06.09 21:30:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008.06.09 21:30:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008.06.09 21:30:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008.06.09 21:30:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008.06.09 21:13:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008.06.09 21:13:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008.06.09 21:14:28 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008.06.09 21:14:28 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008.06.09 21:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.06.09 21:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.06.09 21:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.06.09 21:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007.02.12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.02.12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007.02.12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.06.09 21:24:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2008.06.09 21:24:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


Alt 06.07.2011, 08:02   #6
speedrunner
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Beitrag

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



und hier der aktuelle Malwarebytes-Bericht:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7030

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

06.07.2011 06:55:51
mbam-log-2011-07-06 (06-55-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 360478
Laufzeit: 1 Stunde(n), 43 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\MegaDev\md-trainers\MT-X\mt-experience.exe (Trojan.AVKiller.Gen) -> No action taken.

Alt 06.07.2011, 13:24   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Standard

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell - "" = AutoRun
O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.07.2011, 10:14   #8
speedrunner
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Beitrag

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Hallo Cosinus,

hab alles ausgeführt.
Hier noch folgende Infos zu meinem System:
C ist dies Systempartition und Speicher ca. 285 GB
D ist die Wiederherstellungspartition von Dell ca. 10 GB
E ist das DVD Laufwerk
F,G,H, usw sind USB Sticks und Festplatten welche ich ab und an anstöpsele.

========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18baba85-6f1d-11e0-b00b-001e101f9843}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18baba85-6f1d-11e0-b00b-001e101f9843}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55b14f1b-11df-11de-92f7-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55b14f1b-11df-11de-92f7-806e6f6e6963}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f910be-8980-11df-b18a-001c4afdc29c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f910be-8980-11df-b18a-001c4afdc29c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f910c2-8980-11df-b18a-001e101f82a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f910c2-8980-11df-b18a-001e101f82a7}\ not found.
File G:\AutoRun.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.1 log created on 07072011_100656

Alt 07.07.2011, 10:56   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Standard

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.07.2011, 09:04   #10
speedrunner
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Beitrag

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Hallo Cosinus,

hab nun mal alle Festplatten die ich habe angesteckt und dieses Tool laufen lassen. Kein Fund.

2011/07/08 09:00:16.0626 4856 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/08 09:00:16.0852 4856 ================================================================================
2011/07/08 09:00:16.0853 4856 SystemInfo:
2011/07/08 09:00:16.0853 4856
2011/07/08 09:00:16.0853 4856 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/08 09:00:16.0853 4856 Product type: Workstation
2011/07/08 09:00:16.0853 4856 ComputerName: MS-LAPTOP
2011/07/08 09:00:16.0853 4856 UserName: ms
2011/07/08 09:00:16.0853 4856 Windows directory: C:\Windows
2011/07/08 09:00:16.0853 4856 System windows directory: C:\Windows
2011/07/08 09:00:16.0853 4856 Processor architecture: Intel x86
2011/07/08 09:00:16.0853 4856 Number of processors: 2
2011/07/08 09:00:16.0853 4856 Page size: 0x1000
2011/07/08 09:00:16.0853 4856 Boot type: Normal boot
2011/07/08 09:00:16.0853 4856 ================================================================================
2011/07/08 09:00:18.0434 4856 Initialize success
2011/07/08 09:00:21.0757 5648 ================================================================================
2011/07/08 09:00:21.0757 5648 Scan started
2011/07/08 09:00:21.0757 5648 Mode: Manual;
2011/07/08 09:00:21.0757 5648 ================================================================================
2011/07/08 09:00:22.0642 5648 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/08 09:00:22.0750 5648 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/08 09:00:22.0818 5648 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/08 09:00:22.0854 5648 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/08 09:00:22.0890 5648 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/08 09:00:23.0133 5648 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/08 09:00:23.0227 5648 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/07/08 09:00:23.0274 5648 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/08 09:00:23.0358 5648 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
2011/07/08 09:00:23.0472 5648 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/07/08 09:00:23.0516 5648 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
2011/07/08 09:00:23.0581 5648 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/08 09:00:23.0616 5648 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/08 09:00:23.0762 5648 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\Windows\system32\Drivers\AnyDVD.sys
2011/07/08 09:00:23.0813 5648 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/08 09:00:23.0876 5648 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/08 09:00:23.0938 5648 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/08 09:00:24.0006 5648 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/08 09:00:24.0063 5648 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/08 09:00:24.0181 5648 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/08 09:00:24.0243 5648 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/08 09:00:24.0337 5648 avmaudio (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
2011/07/08 09:00:24.0386 5648 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
2011/07/08 09:00:24.0475 5648 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/07/08 09:00:24.0538 5648 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/08 09:00:24.0675 5648 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/08 09:00:24.0736 5648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/08 09:00:24.0790 5648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/08 09:00:24.0852 5648 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/08 09:00:24.0890 5648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/08 09:00:24.0921 5648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/08 09:00:24.0962 5648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/08 09:00:25.0039 5648 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/08 09:00:25.0116 5648 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/08 09:00:25.0202 5648 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/08 09:00:25.0310 5648 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/07/08 09:00:25.0362 5648 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/08 09:00:25.0423 5648 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2011/07/08 09:00:25.0487 5648 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2011/07/08 09:00:25.0532 5648 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/08 09:00:25.0585 5648 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/08 09:00:25.0648 5648 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/08 09:00:25.0735 5648 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/08 09:00:25.0854 5648 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/08 09:00:25.0992 5648 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/08 09:00:26.0065 5648 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
2011/07/08 09:00:26.0101 5648 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/08 09:00:26.0141 5648 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/08 09:00:26.0197 5648 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/08 09:00:26.0413 5648 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/08 09:00:26.0652 5648 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/08 09:00:26.0753 5648 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/08 09:00:26.0818 5648 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/08 09:00:26.0903 5648 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/07/08 09:00:26.0964 5648 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/08 09:00:27.0054 5648 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/08 09:00:27.0152 5648 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/07/08 09:00:27.0230 5648 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/08 09:00:27.0465 5648 ewusbnet (82e7eb9f12321052cd9a904b13724ee2) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/07/08 09:00:27.0528 5648 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/08 09:00:27.0610 5648 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/08 09:00:27.0674 5648 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/08 09:00:27.0764 5648 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/08 09:00:27.0805 5648 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/08 09:00:27.0883 5648 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/08 09:00:27.0948 5648 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/08 09:00:28.0035 5648 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/08 09:00:28.0102 5648 fwlanusbn (161f20685595eddc06c0ea1f1d7bc92b) C:\Windows\system32\DRIVERS\fwlanusbn.sys
2011/07/08 09:00:28.0143 5648 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/08 09:00:28.0255 5648 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/08 09:00:28.0300 5648 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/08 09:00:28.0391 5648 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/08 09:00:28.0497 5648 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/08 09:00:28.0590 5648 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/08 09:00:28.0704 5648 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/08 09:00:28.0743 5648 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/08 09:00:28.0885 5648 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/08 09:00:29.0005 5648 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/08 09:00:29.0087 5648 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/07/08 09:00:29.0196 5648 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/08 09:00:29.0278 5648 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/08 09:00:29.0348 5648 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2011/07/08 09:00:29.0402 5648 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/08 09:00:29.0460 5648 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/08 09:00:29.0571 5648 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/08 09:00:29.0697 5648 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/08 09:00:29.0781 5648 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/08 09:00:29.0916 5648 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/08 09:00:29.0984 5648 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/08 09:00:30.0044 5648 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/08 09:00:30.0157 5648 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/07/08 09:00:30.0242 5648 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/08 09:00:30.0283 5648 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/08 09:00:30.0359 5648 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/08 09:00:30.0434 5648 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/08 09:00:30.0497 5648 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/08 09:00:30.0587 5648 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/08 09:00:30.0647 5648 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/08 09:00:30.0745 5648 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/08 09:00:30.0804 5648 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/08 09:00:30.0892 5648 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/08 09:00:30.0960 5648 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/08 09:00:31.0018 5648 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/08 09:00:31.0111 5648 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/08 09:00:31.0179 5648 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/08 09:00:31.0256 5648 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/08 09:00:31.0389 5648 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/08 09:00:31.0438 5648 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/08 09:00:31.0494 5648 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/08 09:00:31.0566 5648 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/08 09:00:31.0608 5648 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/08 09:00:31.0662 5648 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/08 09:00:31.0720 5648 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/08 09:00:31.0780 5648 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/08 09:00:31.0866 5648 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/08 09:00:31.0923 5648 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/08 09:00:32.0023 5648 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/08 09:00:32.0091 5648 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/07/08 09:00:32.0152 5648 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/08 09:00:32.0233 5648 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/08 09:00:32.0353 5648 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/08 09:00:32.0415 5648 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/08 09:00:32.0463 5648 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/08 09:00:32.0527 5648 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/08 09:00:32.0600 5648 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/08 09:00:32.0688 5648 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/08 09:00:32.0736 5648 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/08 09:00:32.0777 5648 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/08 09:00:32.0889 5648 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/08 09:00:33.0031 5648 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/08 09:00:33.0111 5648 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/08 09:00:33.0165 5648 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/08 09:00:33.0231 5648 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/08 09:00:33.0294 5648 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/08 09:00:33.0388 5648 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/08 09:00:33.0481 5648 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/08 09:00:33.0658 5648 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/07/08 09:00:33.0773 5648 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/08 09:00:33.0828 5648 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/08 09:00:33.0889 5648 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/08 09:00:34.0028 5648 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/08 09:00:34.0082 5648 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/08 09:00:34.0166 5648 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/08 09:00:34.0548 5648 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/08 09:00:34.0669 5648 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/08 09:00:34.0718 5648 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/08 09:00:34.0877 5648 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/07/08 09:00:34.0989 5648 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/07/08 09:00:35.0008 5648 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/07/08 09:00:35.0077 5648 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/08 09:00:35.0154 5648 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/08 09:00:35.0219 5648 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/08 09:00:35.0257 5648 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/08 09:00:35.0418 5648 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
2011/07/08 09:00:35.0533 5648 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/08 09:00:35.0628 5648 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/08 09:00:35.0717 5648 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/08 09:00:35.0805 5648 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/08 09:00:35.0945 5648 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/08 09:00:35.0995 5648 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/08 09:00:36.0118 5648 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/08 09:00:36.0199 5648 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/08 09:00:36.0288 5648 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/08 09:00:36.0333 5648 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/08 09:00:36.0446 5648 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/08 09:00:36.0580 5648 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/08 09:00:36.0763 5648 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/08 09:00:36.0839 5648 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/08 09:00:36.0913 5648 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/08 09:00:36.0970 5648 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/08 09:00:37.0043 5648 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/08 09:00:37.0118 5648 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/08 09:00:37.0193 5648 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/07/08 09:00:37.0212 5648 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/08 09:00:37.0271 5648 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/08 09:00:37.0332 5648 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/08 09:00:37.0380 5648 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/07/08 09:00:37.0420 5648 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/07/08 09:00:37.0467 5648 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/07/08 09:00:37.0545 5648 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/08 09:00:37.0611 5648 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/08 09:00:37.0688 5648 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/08 09:00:37.0757 5648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/08 09:00:37.0823 5648 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/08 09:00:37.0872 5648 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/08 09:00:37.0936 5648 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/08 09:00:38.0001 5648 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/08 09:00:38.0086 5648 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/08 09:00:38.0150 5648 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/08 09:00:38.0229 5648 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/08 09:00:38.0296 5648 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/07/08 09:00:38.0339 5648 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/08 09:00:38.0388 5648 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/08 09:00:38.0480 5648 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/08 09:00:38.0561 5648 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/08 09:00:38.0661 5648 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/08 09:00:38.0737 5648 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/08 09:00:38.0813 5648 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/08 09:00:38.0920 5648 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/08 09:00:39.0057 5648 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/07/08 09:00:39.0127 5648 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/08 09:00:39.0199 5648 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/08 09:00:39.0236 5648 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/08 09:00:39.0284 5648 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/08 09:00:39.0428 5648 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/08 09:00:39.0506 5648 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/08 09:00:39.0587 5648 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/08 09:00:39.0652 5648 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/08 09:00:39.0704 5648 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/08 09:00:39.0779 5648 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/08 09:00:39.0845 5648 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/08 09:00:39.0928 5648 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/08 09:00:39.0997 5648 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/08 09:00:40.0058 5648 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/08 09:00:40.0144 5648 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/08 09:00:40.0197 5648 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/08 09:00:40.0272 5648 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/08 09:00:40.0307 5648 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/08 09:00:40.0351 5648 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/08 09:00:40.0393 5648 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/08 09:00:40.0456 5648 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/08 09:00:40.0503 5648 UmPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/08 09:00:40.0607 5648 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/08 09:00:40.0659 5648 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/08 09:00:40.0720 5648 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/08 09:00:40.0795 5648 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/08 09:00:40.0879 5648 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/08 09:00:40.0914 5648 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/08 09:00:40.0974 5648 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/08 09:00:41.0074 5648 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/08 09:00:41.0125 5648 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/08 09:00:41.0201 5648 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/08 09:00:41.0259 5648 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/07/08 09:00:41.0350 5648 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/08 09:00:41.0427 5648 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/08 09:00:41.0496 5648 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/07/08 09:00:41.0550 5648 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/08 09:00:41.0627 5648 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
2011/07/08 09:00:41.0700 5648 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/08 09:00:41.0791 5648 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/08 09:00:41.0871 5648 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/08 09:00:41.0945 5648 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/08 09:00:42.0003 5648 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/08 09:00:42.0064 5648 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/08 09:00:42.0085 5648 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/08 09:00:42.0138 5648 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/08 09:00:42.0204 5648 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/08 09:00:42.0315 5648 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/08 09:00:42.0455 5648 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/07/08 09:00:42.0517 5648 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/08 09:00:42.0642 5648 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/08 09:00:42.0733 5648 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/08 09:00:42.0778 5648 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/08 09:00:42.0913 5648 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/08 09:00:43.0347 5648 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/07/08 09:00:43.0358 5648 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk3\DR3
2011/07/08 09:00:43.0374 5648 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk4\DR4
2011/07/08 09:00:43.0440 5648 Boot (0x1200) (b5ef6fc5f59610cbf27921c7373968c7) \Device\Harddisk0\DR0\Partition0
2011/07/08 09:00:43.0458 5648 Boot (0x1200) (022e48e33d1fbda8ab82b4f0637da9cd) \Device\Harddisk0\DR0\Partition1
2011/07/08 09:00:43.0475 5648 Boot (0x1200) (8fd79b902559e481d4765f0b78b4e9dc) \Device\Harddisk1\DR1\Partition0
2011/07/08 09:00:43.0508 5648 Boot (0x1200) (83673c77137130d57fb37d922865f1bf) \Device\Harddisk1\DR1\Partition1
2011/07/08 09:00:43.0526 5648 Boot (0x1200) (4db6bdb64fb7012149812ca0a14934ab) \Device\Harddisk3\DR3\Partition0
2011/07/08 09:00:43.0544 5648 Boot (0x1200) (fa9b2131de9993acbe27bd58b25d3279) \Device\Harddisk4\DR4\Partition0
2011/07/08 09:00:43.0549 5648 ================================================================================
2011/07/08 09:00:43.0549 5648 Scan finished
2011/07/08 09:00:43.0549 5648 ================================================================================
2011/07/08 09:00:43.0561 3784 Detected object count: 0
2011/07/08 09:00:43.0561 3784 Actual detected object count: 0

Geändert von speedrunner (08.07.2011 um 09:30 Uhr)

Alt 08.07.2011, 16:53   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Standard

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.07.2011, 21:41   #12
speedrunner
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Beitrag

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Hallo Cosinus,

anbei der gewünschte Bericht.

Gruß
Speedrunner

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-07-10.03 - ms 10.07.2011  21:18:36.1.2 - x86
ausgeführt von:: c:\users\ms\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-10 bis 2011-07-10  ))))))))))))))))))))))))))))))
.
.
2011-07-10 19:23 . 2011-07-10 19:24	--------	d-----w-	c:\users\ms\AppData\Local\temp
2011-07-10 19:23 . 2011-07-10 19:23	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-07-10 19:23 . 2011-07-10 19:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-08 06:51 . 2011-06-07 15:55	7074640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E72CC1D-090C-4EDA-A0F7-A0A96E4211F8}\mpengine.dll
2011-07-07 08:06 . 2011-07-07 08:06	--------	d-----w-	C:\_OTL
2011-07-02 15:32 . 2011-04-29 15:59	276992	----a-w-	c:\windows\system32\schannel.dll
2011-06-25 20:33 . 2011-06-25 20:33	--------	d-----w-	c:\users\ms\AppData\Roaming\Malwarebytes
2011-06-25 20:33 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 20:33 . 2011-06-25 20:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-25 20:33 . 2011-07-06 04:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-25 20:33 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-25 18:54 . 2011-06-25 18:54	--------	d-----w-	c:\program files\ScanSoft
2011-06-25 18:35 . 2011-06-26 09:29	--------	d-----w-	c:\windows\Lhsp
2011-06-18 10:14 . 2011-06-18 10:14	--------	d-----w-	c:\users\ms\AppData\Roaming\QuickScan
2011-06-18 10:08 . 2011-06-18 10:17	--------	d-----w-	c:\windows\BDOSCAN8
2011-06-17 07:49 . 2011-05-02 17:16	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-06-17 07:49 . 2011-04-29 13:24	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 07:49 . 2011-04-29 13:24	79872	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 07:49 . 2011-04-29 13:24	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 07:48 . 2011-05-02 12:02	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 19:19 . 2010-04-18 09:19	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-07-04 19:19 . 2009-12-24 04:42	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-02 09:37 . 2011-05-24 04:37	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2009-10-03 07:12	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-05-06 21:04	472808	----a-w-	c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-07 293992]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-09 12:07	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 AvskeyService;AVSKey-Lock;c:\program files\AVSKey-Lock\AVSKey.exe [2009-04-23 4640445]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 136176]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-05-07 4352]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-22 112128]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Prosieben;maxdome Download Manager;c:\program files\maxdome\DCBin\DCService.exe [2009-05-01 77032]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-12-31 101248]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2009-05-07 440832]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 17:18]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 17:18]
.
2011-07-10 c:\windows\Tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mWindow Title = Internet Explorer Spezialversion MS
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Mit FRITZ!Box Anrufen - c:\program files\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm
IE: Mit FRITZ!Box Anrufen\Contexts - 16 (0x10)
IE: Mit FRITZ!Box Anrufen\Flags
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search Image on TinEye - file://c:\users\ms\Documents\TinEye 1.0\TinEye.js
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105F} - {CC68A724-B5F7-4bd3-865C-7D97141A140F} - c:\program files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll
TCP: DhcpNameServer = 192.168.178.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-10 21:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Prosieben]
"ImagePath"="\"c:\program files\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,ee,1f,32,b5,11,91,44,9a,5d,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,ee,1f,32,b5,11,91,44,9a,5d,3d,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-07-10  21:27:09
ComboFix-quarantined-files.txt  2011-07-10 19:26
.
Vor Suchlauf: 20 Verzeichnis(se), 27.107.381.248 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 27.855.839.232 Bytes frei
.
- - End Of File - - 3431BE6765387CE399F86D6022E461B6
         
--- --- ---

Alt 11.07.2011, 09:35   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Standard

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.07.2011, 10:10   #14
speedrunner
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Beitrag

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Hallo Cosinus,

anbei die gewünschten Daten.

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:05:21 on 12.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\Windows\system32\BACSCPL.cpl
"DMdm32.cpl" - ? - C:\Windows\system32\DMdm32.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Users\ms\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver" (PCD5SRVC{3F6A8B78-EC003E00-05040104}) - "PC-Doctor, Inc." - C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{42B57B62-BC0A-47F0-A3E9-79D461D255A3} "MuVo Series Media Explorer" - "Creative Technology Ltd" - C:\Program Files\Creative\MuVo Series Media Explorer\CTMVNSu.Dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CC68A724-B5F7-4bd3-865C-7D97141A140F} "FRITZ!Box AddOn" - "AVM Berlin" - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "BitDefender QuickScan Control" - "BitDefender LLC" - C:\Windows\DOWNLO~1\qsax.dll / hxxp://quickscan.bitdefender.com/qsax/qsax.cab
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{49312E18-AA92-4CC2-BB97-55DEA7BCADD6} "WMI Class" - ? - C:\Windows\system32\Dell\SYSTEM~1\SysPro.exe / hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"Exec" - ? - C:\Windows\bdoscandel.exe  (File found, but it contains no detailed information)
{CC68A724-B5F7-4bd3-865C-7D97141A140F} "FRITZ!Box AddOn" - "AVM Berlin" - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{C0C86BBE-9509-4296-8459-FDBFDAF4B673} "SplitButtonBHO Class" - "AVM Berlin" - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DellSupportCenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe
"DELL Webcam Manager" - "Creative Technology Ltd." - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
"dellsupportcenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NVHotkey" - "NVIDIA Corporation" - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
"PCMService" - "CyberLink Corp." - "C:\Program Files\Dell\MediaDirect\PCMService.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe
"AVSKey-Lock" (AvskeyService) - ? - C:\Program Files\AVSKey-Lock\AVSKey.exe  (File found, but it contains no detailed information)
"Creative Service for CDROM Access" (Creative Service for CDROM Access) - "Creative Technology Ltd" - C:\Windows\system32\CTsvcCDA.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"maxdome Download Manager" (Prosieben) - "Entriq, Inc." - C:\Program Files\maxdome\DCBin\DCService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"SupportSoft Sprocket Service (DellSupportCenter)" (sprtsvc_DellSupportCenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru



MBRCheck, version 1.2.3(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1720
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 160):
0x8201C000 \SystemRoot\system32\ntkrnlpa.exe
0x823D6000 \SystemRoot\system32\hal.dll
0x80603000 \SystemRoot\system32\kdcom.dll
0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067A000 \SystemRoot\system32\PSHED.dll
0x8068B000 \SystemRoot\system32\BOOTVID.dll
0x80693000 \SystemRoot\system32\CLFS.SYS
0x806D4000 \SystemRoot\system32\CI.dll
0x82601000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8267D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8268A000 \SystemRoot\system32\drivers\acpi.sys
0x826D0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x826D9000 \SystemRoot\system32\drivers\msisadrv.sys
0x826E1000 \SystemRoot\system32\drivers\pci.sys
0x82708000 \SystemRoot\System32\drivers\partmgr.sys
0x82717000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8271A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82724000 \SystemRoot\system32\drivers\volmgr.sys
0x82733000 \SystemRoot\System32\drivers\volmgrx.sys
0x8277D000 \SystemRoot\system32\DRIVERS\intelide.sys
0x82784000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x82792000 \SystemRoot\system32\drivers\pciide.sys
0x82799000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B60C000 \SystemRoot\system32\drivers\iastorv.sys
0x8B6AC000 \SystemRoot\system32\drivers\iastor.sys
0x8B76A000 \SystemRoot\system32\drivers\atapi.sys
0x8B772000 \SystemRoot\system32\drivers\ataport.SYS
0x8B790000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B7C2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B7D2000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B80E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B87F000 \SystemRoot\system32\drivers\ndis.sys
0x8B98A000 \SystemRoot\system32\drivers\msrpc.sys
0x8B9B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA0A000 \SystemRoot\System32\drivers\tcpip.sys
0x8BAF4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BC04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD14000 \SystemRoot\system32\drivers\volsnap.sys
0x8BD4D000 \SystemRoot\System32\Drivers\spldr.sys
0x8BD55000 \SystemRoot\System32\Drivers\mup.sys
0x8BD64000 \SystemRoot\System32\drivers\ecache.sys
0x8BD8B000 \SystemRoot\system32\drivers\disk.sys
0x8BD9C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BDBD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BDD3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BDDE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BDE7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F80F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90240000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x90242000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x902E2000 \SystemRoot\System32\drivers\watchdog.sys
0x902EE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x902F9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90337000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90346000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9040E000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x9063D000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x9064D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9065D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9066B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90685000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90693000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x906A7000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x906F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9070B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x90737000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90742000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9074D000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x90766000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9077E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90782000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9078B000 \SystemRoot\system32\DRIVERS\avmaudio.sys
0x907A4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x907AF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x827A9000 \SystemRoot\system32\DRIVERS\storport.sys
0x907DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x907F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x903D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F800000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BBCD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BBE1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B9F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90400000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807B4000 \SystemRoot\system32\DRIVERS\ks.sys
0x90402000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B800000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90A08000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90A3D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90A4E000 \SystemRoot\system32\drivers\stwrt.sys
0x90AA3000 \SystemRoot\system32\drivers\portcls.sys
0x90AD0000 \SystemRoot\system32\drivers\drmk.sys
0x90AF5000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90C01000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90D04000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x90DB8000 \SystemRoot\system32\drivers\modem.sys
0x90DC5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90DCE000 \SystemRoot\System32\Drivers\Null.SYS
0x90DD5000 \SystemRoot\System32\Drivers\Beep.SYS
0x90DE5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90DEC000 \SystemRoot\System32\drivers\vga.sys
0x90B32000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90DF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90DDC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90B53000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90B5E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90B6C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90B75000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90B8B000 \SystemRoot\system32\DRIVERS\smb.sys
0x90B9F000 \SystemRoot\system32\drivers\afd.sys
0x91202000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91234000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9124A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91258000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9126B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91271000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x912AD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x912B7000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x912C1000 \SystemRoot\System32\Drivers\dfsc.sys
0x912D8000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91318000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91325000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x913E3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x913FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BB0F000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x913FC000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x93A30000 \SystemRoot\System32\win32k.sys
0x912FF000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BB49000 \SystemRoot\system32\DRIVERS\fwlanusbn.sys
0x91309000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93C50000 \SystemRoot\System32\TSDDD.dll
0x93C70000 \SystemRoot\System32\cdd.dll
0x90BE7000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8B7DB000 \SystemRoot\system32\drivers\luafv.sys
0xA1A03000 \SystemRoot\system32\drivers\spsys.sys
0xA1AB3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA1AC3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA1AED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA1AF7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA1B0A000 \SystemRoot\system32\drivers\HTTP.sys
0xA1B77000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1B94000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1BAD000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1BC2000 \SystemRoot\system32\drivers\mrxdav.sys
0x807DE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2E0A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2E43000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2E5B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2E83000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2EEA000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA2F12000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2F16000 \SystemRoot\system32\drivers\peauth.sys
0xA2FF4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2ED2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2EDE000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA1BE3000 \SystemRoot\system32\drivers\tdtcp.sys
0xA1BEE000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA4E0E000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA4E7D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4E93000 \??\C:\Windows\system32\drivers\mbam.sys
0x778F0000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 System
492 C:\Windows\System32\smss.exe
624 csrss.exe
688 C:\Windows\System32\wininit.exe
700 csrss.exe
732 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\svchost.exe
948 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
988 C:\Windows\System32\winlogon.exe
1024 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1152 C:\Windows\System32\nvvsvc.exe
1180 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\audiodg.exe
1520 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\SLsvc.exe
1604 C:\Windows\System32\svchost.exe
1744 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1764 C:\Windows\System32\nvvsvc.exe
1808 C:\Windows\System32\svchost.exe
2012 C:\Windows\System32\wlanext.exe
332 C:\Windows\System32\spoolsv.exe
428 C:\Program Files\Avira\AntiVir Desktop\sched.exe
512 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\AEstSrv.exe
1364 C:\Program Files\avmwlanstick\WLanNetService.exe
2052 C:\Program Files\AVSKey-Lock\AVSKey.EXE
2072 C:\Windows\System32\svchost.exe
2092 C:\Windows\System32\CTSVCCDA.EXE
2212 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2276 C:\Windows\System32\svchost.exe
2308 C:\Program Files\maxdome\DCBin\DCService.exe
2416 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2444 C:\Windows\System32\stacsv.exe
2648 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2668 C:\Windows\System32\svchost.exe
2704 C:\Windows\System32\svchost.exe
2740 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2824 C:\Windows\System32\SearchIndexer.exe
2876 C:\Windows\System32\drivers\XAudio.exe
3416 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3436 C:\Windows\System32\taskeng.exe
3980 C:\Windows\System32\dwm.exe
4044 C:\Windows\explorer.exe
4060 C:\Windows\System32\taskeng.exe
3880 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
4076 C:\Program Files\DellTPad\Apoint.exe
3536 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3016 C:\Program Files\avmwlanstick\WLanGUI.exe
4028 C:\Windows\OEM02Mon.exe
2628 C:\Program Files\Dell\MediaDirect\PCMService.exe
1864 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1556 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
2964 C:\Windows\ehome\ehtray.exe
3124 C:\Program Files\Windows Media Player\wmpnscfg.exe
2248 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
896 C:\Windows\ehome\ehmsas.exe
3900 C:\Program Files\Windows Media Player\wmpnetwk.exe
4448 C:\Program Files\DellTPad\ApMsgFwd.exe
4472 C:\Program Files\DellTPad\hidfind.exe
4480 C:\Program Files\DellTPad\ApntEx.exe
4576 C:\Windows\System32\svchost.exe
6068 C:\Windows\System32\svchost.exe
3172 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3712 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
5756 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
5532 C:\Program Files\Internet Explorer\iexplore.exe
684 C:\Program Files\Internet Explorer\iexplore.exe
2228 C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
5760 C:\Windows\System32\SearchProtocolHost.exe
4800 C:\Windows\System32\SearchFilterHost.exe
5700 dllhost.exe
5828 dllhost.exe
4984 C:\Users\ms\Desktop\MBRCheck.exe
5632 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT1, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Alt 12.07.2011, 14:48   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Standard

TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL
.dll, 32 bit, anti-malware, appdata, datei, dateien, ergebnis, excel, explorer, forum, gegenmaßnahmen, homebanking, internet, malwarebytes, maßnahme, microsoft, neu, nicht mehr, office, programme, quarantäne, rechner, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojan.avkiller.gen, trojan.dropper.pgen, trojaner, trojaner?, trojanische pferd, vista, vista 32, vista 32 bit



Ähnliche Themen: TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL


  1. TR/ATRAPS.Gen2 C:\Program Files (x86)\Google\Desktop
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (2)
  2. C:\Program Files (x86)\Electronic Arts\FIFA Manager 13\Manager13.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2'
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (3)
  3. Windows 7: C:\Program files\Desktop\Google\...usw-> TR/Sirefef.A.37 und TR/ATRAPS.Gen2, Antivir kann Sie nicht in die Quarantäne verschieben
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (13)
  4. Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@
    Log-Analyse und Auswertung - 10.08.2013 (5)
  5. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  6. TR/Crypt.XPACK.Gen2 in 'C:\Program Files (x86)\DVDVideoSoft\Free Studio\Free Disc Burner\FreeDiscBurner.exe' gefunden
    Log-Analyse und Auswertung - 25.02.2013 (11)
  7. Avira meldet: 'TR/Crypt.ZPACK.Gen2' [trojan] in der Datei 'C:\Program Files\Skype\Phone\Skype.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  8. TR/Crypt.ZPACK.Gen2 in C:\Program Files\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  9. Fund von TR/Dropper.Gen durch Antivir in C:\Programme\Microsoft Office\Office12\WINWORD.EX
    Log-Analyse und Auswertung - 06.05.2012 (1)
  10. Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe
    Plagegeister aller Art und deren Bekämpfung - 16.12.2011 (41)
  11. TR/Crypt.XPACK.Gen in C:\Program Files\PDFCreator/PDFCreator.exe
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (10)
  12. Spaß mit TR/ATRAPS.Gen2, TR/Kazy.mekml.1 und Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (1)
  13. TR/Trash.Gen // TR/Spy.Agent.blbk // TR/Rootkit.Gen2' // TR/BHO.Gen // TR/Crypt.XPACK.Gen2' et al
    Antiviren-, Firewall- und andere Schutzprogramme - 05.11.2010 (16)
  14. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  15. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (4)
  16. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  17. TR/Crypt.XPACK.Gen2 und TR/DDOX im Temporary Internet Files Ordner
    Log-Analyse und Auswertung - 01.06.2010 (9)

Zum Thema TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL - Hallo, Avira hat auf meinem DELL-Laptop mit Vista 32 Bit den Trojaner TR/Crypt.XPACK.Gen2 in der Datei OART.DLL gefunden. Hab den auch gleich in Quarantäne verschoben. Danach liefen allerdings Word, Excel - TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.