Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.12.2011, 00:13   #1
jkf
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Guten Abend,

ich bin in diesem Forum gelandet, weil der Rechner meines Nachbarn bei mir gelandet ist (XP, SP3). Bei diesem Rechner wird durch Avira Antivir Personal der Trojaner TR/Crypt.XPACK.Gen3 2 Mal bei einem Systemscan gemeldet. Das Verschieben in die Quarantäne nutzt nichts, denn nach einem Neustart des Rechners und erneutem Systemscan wird wieder der Trojaner gemeldet.

Nachdem ich mich im Internet umgesehen habe und viele verschiedene Tips gelesen habe, hat mich die Vorgehensweise in diesem Forum sehr überzeugt, weshalb ich bis jetzt die Trojaner nur in die Quarantäne verschickt habe und dann die erforderlichen Logdateien erzeugt habe.

Vielen Dank für Ihre Hilfe.

Die Dateien gmer.txt und Extras.txt, sowie 2 Avira Reports finden sich in der gezippten Datei im Anhang,

Hier folgt nun die OTL.txt:

OTL logfile created on: 18.12.2011 23:12:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1022,48 Mb Total Physical Memory | 522,82 Mb Available Physical Memory | 51,13% Memory free
2,40 Gb Paging File | 1,95 Gb Available in Paging File | 81,18% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 201,95 Gb Free Space | 86,72% Space Free | Partition Type: NTFS

Computer Name: SN116528580310 | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
PRC - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 15:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\vsserv.exe
PRC - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2006.02.23 12:08:36 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
PRC - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
PRC - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe
PRC - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
PRC - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005.11.17 09:51:08 | 000,975,360 | ---- | M] (Packard Bell BV) -- C:\APPS\SMP\SMPSYS.EXE
PRC - [2005.06.03 03:52:54 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
PRC - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004.11.26 11:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.05.02 10:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE
PRC - [2003.05.02 10:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE


========== Modules (No Company Name) ==========

MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
MOD - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
MOD - [2006.02.23 12:08:54 | 000,065,634 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll
MOD - [2006.02.23 12:08:54 | 000,024,576 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll
MOD - [2006.02.23 12:08:52 | 000,225,384 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll
MOD - [2006.02.23 12:08:52 | 000,032,768 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll
MOD - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
MOD - [2006.01.30 09:03:18 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll
MOD - [2006.01.30 08:53:44 | 000,049,152 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPGina.dll
MOD - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
MOD - [2006.01.30 08:45:26 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll
MOD - [2006.01.30 08:45:24 | 000,110,592 | ---- | M] () -- C:\APPS\Softex\OmniPass\ginastub.dll
MOD - [2006.01.30 08:45:04 | 000,307,200 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll
MOD - [2006.01.30 08:44:50 | 000,901,120 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll
MOD - [2006.01.30 08:44:36 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll
MOD - [2006.01.30 08:44:34 | 000,364,544 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll
MOD - [2006.01.30 08:44:16 | 000,010,752 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll
MOD - [2006.01.30 08:33:28 | 002,179,504 | ---- | M] () -- C:\APPS\Softex\OmniPass\sftxtgp.dll
MOD - [2005.12.23 07:26:00 | 004,448,256 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\ROXIPP4.dll
MOD - [2005.11.04 16:56:34 | 000,073,728 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdpop3p.dll
MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll
MOD - [2005.09.19 17:37:08 | 000,132,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\libfn.dll
MOD - [2005.06.21 18:35:54 | 000,200,704 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdas.dll
MOD - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
MOD - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
MOD - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [2004.06.09 18:29:48 | 000,043,008 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimepack.dll
MOD - [2003.12.10 16:08:08 | 000,049,152 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimeinf.dll
MOD - [2003.12.10 16:07:30 | 000,045,056 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\procinf.dll
MOD - [2002.12.06 17:37:06 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\xreglib.dll
MOD - [2002.01.14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\avxdisk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)
SRV - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2005.12.27 09:23:16 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005.12.27 09:21:22 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2005.12.23 07:46:02 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011.06.28 19:28:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:28:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.05 04:34:28 | 005,656,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006.01.09 18:51:38 | 000,010,800 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRSDRV)
DRV - [2006.01.09 18:50:34 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFSDRV)
DRV - [2005.12.27 06:37:08 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005.12.09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.10.22 06:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005.10.22 06:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005.10.22 06:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005.10.22 06:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.02.23 04:07:34 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\AIDA32 - Enterprise System Information\aida32.sys -- (AIDA32Driver)
DRV - [2003.01.10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.08.18 04:19:50 | 000,281,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/ger.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.03 23:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.06 22:31:50 | 000,000,000 | ---D | M]

[2011.02.07 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2011.05.06 22:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions
[2011.02.08 09:56:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.19 10:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.20 09:20:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.03 23:54:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.16 07:16:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.16 07:16:38 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.16 07:16:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.16 07:16:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 07:16:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.16 07:16:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\bdswitch.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B778C99E-8791-46D4-AE36-E168495B90C3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Apps\Softex\OmniPass\opxpgina.dll) - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.18 23:07:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.18 20:00:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.04 09:06:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\IETldCache
[2011.12.04 00:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.04 00:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011.12.04 00:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.03 23:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.12.03 23:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.03 23:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.03 20:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InstallShield
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.18 23:12:48 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.18 23:03:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.18 23:03:43 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.18 22:59:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.12.18 20:12:54 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.18 20:08:38 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.18 20:08:38 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.18 20:08:38 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.18 20:08:38 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.18 20:03:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.18 19:31:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job
[2011.12.03 23:18:11 | 000,251,712 | ---- | M] () -- C:\ntldr
[2011.12.03 20:42:06 | 000,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:18:30 | 000,002,726 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\parcour.rtf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.18 22:59:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.12.03 20:42:06 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:10:31 | 000,002,726 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\parcour.rtf
[2011.06.26 15:19:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2011.06.12 11:24:40 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.14 16:59:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011.02.20 19:46:52 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2011.02.09 21:54:55 | 000,002,592 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.02.07 22:24:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.02.07 22:12:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.07 22:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.02.07 22:05:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.02.07 22:05:00 | 000,226,857 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.02.07 22:05:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.02.07 18:36:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.02.07 18:29:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.07 18:23:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011.02.07 18:22:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.02.07 18:21:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.07 18:12:45 | 000,000,626 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2011.02.07 18:10:36 | 000,006,929 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2011.02.07 18:09:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.07 18:01:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006.04.10 14:18:00 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.22 13:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.11.14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005.11.10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.11.10 11:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.11.10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.11.10 11:30:02 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe
[2005.11.10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll
[2004.11.30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004.11.30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.11 19:10:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.11 19:03:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.11 18:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.11 18:56:16 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.11 18:48:09 | 000,495,078 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.11 18:48:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.11 18:48:09 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.11 18:48:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.11 18:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.11 18:47:46 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.11 18:47:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.11 18:47:46 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.11 18:47:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.11 18:47:45 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.11 18:47:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.11 18:47:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.11 18:47:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.11 18:47:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.11 18:47:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

========== LOP Check ==========

[2011.02.20 19:46:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.02.07 21:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2011.06.20 09:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.02.07 18:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2011.02.07 21:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.02.07 18:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.02.07 18:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canon
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\go
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Leadertech
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ulead Systems
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.02.08 08:30:54 | 000,000,000 | ---D | M] -- C:\003914cbf4e6f12bc5
[2011.02.08 08:26:09 | 000,000,000 | ---D | M] -- C:\259eb95eb31c64f26756e4ba3bc4
[2011.05.13 11:34:15 | 000,000,000 | ---D | M] -- C:\960a64370aa33ab31255b86f2ea30d
[2011.02.07 18:22:43 | 000,000,000 | ---D | M] -- C:\APPS
[2011.02.07 22:04:00 | 000,000,000 | ---D | M] -- C:\ATI
[2011.05.08 19:47:52 | 000,000,000 | ---D | M] -- C:\bc1cbe7a8e3e1eaf14557fd08a
[2011.05.08 19:45:39 | 000,000,000 | ---D | M] -- C:\bc68f6a1d2941146903ec77c91
[2011.02.07 22:39:48 | 000,000,000 | ---D | M] -- C:\c0a9f8b1cf03d418b4
[2011.02.20 19:46:55 | 000,000,000 | ---D | M] -- C:\CanonMP
[2011.02.07 18:07:08 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2011.12.18 20:12:52 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.02.07 18:10:07 | 000,000,000 | -H-D | M] -- C:\DIVTOOLS
[2011.02.07 18:36:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.02.07 18:36:31 | 000,000,000 | -HSD | M] -- C:\DRIVERS
[2011.09.05 19:03:28 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.02.07 22:08:48 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.02.07 18:09:52 | 000,000,000 | ---D | M] -- C:\My Music
[2011.02.07 19:43:08 | 000,000,000 | -H-D | M] -- C:\PNP
[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.07.02 20:45:17 | 000,000,000 | R--D | M] -- C:\Programme
[2011.02.07 21:09:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.18 21:16:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.18 20:13:21 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]


< MD5 for: AFD.SYS >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3GDR\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\SoftwareDistribution\Download\e424457fa03b62ac525a28d5c035253c\sp3qfe\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004.08.04 14:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\SoftwareDistribution\Download\e424457fa03b62ac525a28d5c035253c\sp3gdr\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3QFE\afd.sys

< MD5 for: EXPLORER.EXE >
[2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: IPSEC.SYS >
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.04 14:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: REGEDIT.EXE >
[2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-18 19:08:54

< >

< End of report >

Alt 20.12.2011, 14:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 20.12.2011, 22:38   #3
jkf
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Guten Abend,

danke für die schnelle Antwort.

Hier folgt nun die Malwarebyte-Logdatei. Anschließend werde ich den ESTE-Scan starten.

Malwarebyte-Logdatei:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8404

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2011 22:25:01
mbam-log-2011-12-20 (22-25-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 232223
Laufzeit: 49 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{D449EB58-55AF-4695-B216-895D546AED89} (Spyware.CnsMin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{B7DB519E-7131-47B1-A9F5-DA8D061C2611} (Spyware.CnsMin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{446761D5-3AC9-40CC-9DCD-CDE23E2CE31A} (Spyware.CnsMin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDefender (Spyware.CnsMin) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\SOFTWIN\BITDEFENDER8\BDO.DLL (Spyware.CnsMin) -> Value: BDO.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme\Softwin\bitdefender8\bdo.dll (Spyware.CnsMin) -> Quarantined and deleted successfully.
__________________

Alt 20.12.2011, 22:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 00:36   #5
jkf
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Guten Abend Arne,

ich habe noch nie zuvor Malwarebytes auf diesem Rechner ausgeführt. In der Loghistory von Malwarebytes steht außer der geposteten mbam-log-2011-12-20 (22-25-01).txt nur eine protection-log-2011-12-20.txt.


Nun folgt noch der Inhalt der ESTE-Logdatei:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9cf1e1034d932343a43887e98c04449f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 11:16:34
# local_time=2011-12-21 12:16:34 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 185739 60954532 85466 0
# compatibility_mode=8192 67108863 100 0 3807 3807 0 0
# scanned=72554
# found=1
# cleaned=0
# scan_time=5286
C:\RECYCLER\S-1-5-21-3157941000-155644160-3530135916-1006\Dc5.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

Gruß von
Johannes


Alt 21.12.2011, 10:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Ok. Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...

Alt 21.12.2011, 20:23   #7
jkf
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Guten Abend Arne,

hier nun der Inhalt der OTL.txt nach einem erneuten Scan.

Gruß von
Johannes



PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.05.02 10:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE
PRC - [2003.05.02 10:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE


========== Modules (No Company Name) ==========

MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
MOD - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
MOD - [2006.02.23 12:08:54 | 000,065,634 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll
MOD - [2006.02.23 12:08:54 | 000,024,576 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll
MOD - [2006.02.23 12:08:52 | 000,225,384 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll
MOD - [2006.02.23 12:08:52 | 000,032,768 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll
MOD - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
MOD - [2006.01.30 09:03:18 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll
MOD - [2006.01.30 08:53:44 | 000,049,152 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPGina.dll
MOD - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
MOD - [2006.01.30 08:45:26 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll
MOD - [2006.01.30 08:45:24 | 000,110,592 | ---- | M] () -- C:\APPS\Softex\OmniPass\ginastub.dll
MOD - [2006.01.30 08:45:04 | 000,307,200 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll
MOD - [2006.01.30 08:44:50 | 000,901,120 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll
MOD - [2006.01.30 08:44:36 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll
MOD - [2006.01.30 08:44:34 | 000,364,544 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll
MOD - [2006.01.30 08:44:16 | 000,010,752 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll
MOD - [2006.01.30 08:33:28 | 002,179,504 | ---- | M] () -- C:\APPS\Softex\OmniPass\sftxtgp.dll
MOD - [2005.12.23 07:26:00 | 004,448,256 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\ROXIPP4.dll
MOD - [2005.11.04 16:56:34 | 000,073,728 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdpop3p.dll
MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll
MOD - [2005.09.19 17:37:08 | 000,132,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\libfn.dll
MOD - [2005.06.21 18:35:54 | 000,200,704 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdas.dll
MOD - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
MOD - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
MOD - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [2004.06.09 18:29:48 | 000,043,008 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimepack.dll
MOD - [2003.12.10 16:08:08 | 000,049,152 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimeinf.dll
MOD - [2003.12.10 16:07:30 | 000,045,056 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\procinf.dll
MOD - [2002.12.06 17:37:06 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\xreglib.dll
MOD - [2002.01.14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\avxdisk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)
SRV - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2005.12.27 09:23:16 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005.12.27 09:21:22 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2005.12.23 07:46:02 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.28 19:28:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:28:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.05 04:34:28 | 005,656,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006.01.09 18:51:38 | 000,010,800 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRSDRV)
DRV - [2006.01.09 18:50:34 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFSDRV)
DRV - [2005.12.27 06:37:08 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005.12.09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.10.22 06:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005.10.22 06:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005.10.22 06:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005.10.22 06:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.02.23 04:07:34 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\AIDA32 - Enterprise System Information\aida32.sys -- (AIDA32Driver)
DRV - [2003.01.10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.08.18 04:19:50 | 000,281,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/ger.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.03 23:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.06 22:31:50 | 000,000,000 | ---D | M]

[2011.02.07 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2011.05.06 22:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions
[2011.02.08 09:56:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.19 10:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.20 09:20:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.03 23:54:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.16 07:16:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.16 07:16:38 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.16 07:16:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.16 07:16:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 07:16:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.16 07:16:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\bdswitch.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Apps\Softex\OmniPass\opxpgina.dll) - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.mkdmp3enc - c:\APPS\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.mpegacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.20 22:45:04 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.20 22:44:28 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\****\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 21:07:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2011.12.20 21:07:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.20 21:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.20 21:07:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.20 21:07:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.18 23:07:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.18 20:00:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.04 09:06:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\IETldCache
[2011.12.04 00:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.04 00:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011.12.04 00:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.03 23:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.12.03 23:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.03 23:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.03 20:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InstallShield
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.21 19:50:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.21 19:50:37 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 00:41:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.12.20 22:44:29 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\****\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 21:07:49 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 00:09:20 | 000,014,926 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\LogFiles.zip
[2011.12.18 23:39:54 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\gepzdetr.exe
[2011.12.18 23:37:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.18 22:59:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.12.18 20:12:54 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.18 20:08:38 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.18 20:08:38 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.18 20:08:38 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.18 20:08:38 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.18 20:03:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job
[2011.12.03 23:18:11 | 000,251,712 | ---- | M] () -- C:\ntldr
[2011.12.03 20:42:06 | 000,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:18:30 | 000,002,726 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\parcour.rtf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.20 21:07:49 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 00:03:24 | 000,014,926 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\LogFiles.zip
[2011.12.18 23:39:53 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\gepzdetr.exe
[2011.12.18 22:59:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.12.03 20:42:06 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:10:31 | 000,002,726 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\parcour.rtf
[2011.06.26 15:19:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2011.06.12 11:24:40 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.14 16:59:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011.02.20 19:46:52 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2011.02.09 21:54:55 | 000,002,592 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.02.07 22:24:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.02.07 22:12:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.07 22:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.02.07 22:05:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.02.07 22:05:00 | 000,226,857 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.02.07 22:05:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.02.07 18:36:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.02.07 18:29:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.07 18:23:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011.02.07 18:22:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.02.07 18:21:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.07 18:12:45 | 000,000,626 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2011.02.07 18:10:36 | 000,006,929 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2011.02.07 18:09:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.07 18:01:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006.04.10 14:18:00 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.22 13:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.11.14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005.11.10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.11.10 11:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.11.10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.11.10 11:30:02 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe
[2005.11.10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll
[2004.11.30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004.11.30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.11 19:10:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.11 19:03:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.11 18:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.11 18:56:16 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.11 18:48:09 | 000,495,078 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.11 18:48:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.11 18:48:09 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.11 18:48:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.11 18:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.11 18:47:46 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.11 18:47:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.11 18:47:46 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.11 18:47:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.11 18:47:45 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.11 18:47:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.11 18:47:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.11 18:47:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.11 18:47:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.11 18:47:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

========== LOP Check ==========

[2011.02.20 19:46:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.02.07 21:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2011.06.20 09:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.02.07 18:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2011.02.07 21:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.02.07 18:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.02.07 18:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canon
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\go
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Leadertech
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ulead Systems
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.02.08 20:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe
[2011.05.07 21:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\AdobeUM
[2011.02.07 18:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\AOL
[2011.03.11 20:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Avira
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canon
[2011.05.13 19:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\CyberLink
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\go
[2011.11.18 20:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Help
[2004.08.11 19:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Identities
[2011.12.03 20:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InstallShield
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Leadertech
[2011.02.07 21:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Macromedia
[2011.12.20 21:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2011.12.02 16:56:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft
[2011.02.07 21:02:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla
[2011.07.02 20:46:22 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SecuROM
[2011.10.08 19:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Skype
[2011.06.18 12:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\skypePM
[2011.02.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Sun
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ulead Systems
[2011.04.16 16:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\vlc
[2011.02.07 18:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\You've Got Pictures Screensaver

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USER32.DLL >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004.08.11 18:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.11 18:55:48 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.11 18:55:48 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

Alt 21.12.2011, 20:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Log ist unvollständig, der Anfang fehlt

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 21:09   #9
jkf
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Sorry Arne,

nun aber vollständig und in Tags.

Gruß von
Johannes

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.12.2011 20:00:48 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,48 Mb Total Physical Memory | 435,11 Mb Available Physical Memory | 42,55% Memory free
2,40 Gb Paging File | 1,85 Gb Available in Paging File | 77,11% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 202,03 Gb Free Space | 86,76% Space Free | Partition Type: NTFS
 
Computer Name: SN116528580310 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 15:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.03 22:17:14 | 003,342,336 | ---- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\vsserv.exe
PRC - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2006.02.23 12:08:36 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
PRC - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
PRC - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe
PRC - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
PRC - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005.11.17 09:51:08 | 000,975,360 | ---- | M] (Packard Bell BV) -- C:\APPS\SMP\SMPSYS.EXE
PRC - [2005.06.03 03:52:54 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
PRC - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004.11.26 11:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.05.02 10:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE
PRC - [2003.05.02 10:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
MOD - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
MOD - [2006.02.23 12:08:54 | 000,065,634 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll
MOD - [2006.02.23 12:08:54 | 000,024,576 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll
MOD - [2006.02.23 12:08:52 | 000,225,384 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll
MOD - [2006.02.23 12:08:52 | 000,032,768 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll
MOD - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
MOD - [2006.01.30 09:03:18 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll
MOD - [2006.01.30 08:53:44 | 000,049,152 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPGina.dll
MOD - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
MOD - [2006.01.30 08:45:26 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll
MOD - [2006.01.30 08:45:24 | 000,110,592 | ---- | M] () -- C:\APPS\Softex\OmniPass\ginastub.dll
MOD - [2006.01.30 08:45:04 | 000,307,200 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll
MOD - [2006.01.30 08:44:50 | 000,901,120 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll
MOD - [2006.01.30 08:44:36 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll
MOD - [2006.01.30 08:44:34 | 000,364,544 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll
MOD - [2006.01.30 08:44:16 | 000,010,752 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll
MOD - [2006.01.30 08:33:28 | 002,179,504 | ---- | M] () -- C:\APPS\Softex\OmniPass\sftxtgp.dll
MOD - [2005.12.23 07:26:00 | 004,448,256 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\ROXIPP4.dll
MOD - [2005.11.04 16:56:34 | 000,073,728 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdpop3p.dll
MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll
MOD - [2005.09.19 17:37:08 | 000,132,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\libfn.dll
MOD - [2005.06.21 18:35:54 | 000,200,704 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdas.dll
MOD - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
MOD - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
MOD - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [2004.06.09 18:29:48 | 000,043,008 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimepack.dll
MOD - [2003.12.10 16:08:08 | 000,049,152 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimeinf.dll
MOD - [2003.12.10 16:07:30 | 000,045,056 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\procinf.dll
MOD - [2002.12.06 17:37:06 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\xreglib.dll
MOD - [2002.01.14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\avxdisk.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)
SRV - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2005.12.27 09:23:16 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005.12.27 09:21:22 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2005.12.23 07:46:02 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.28 19:28:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:28:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.05 04:34:28 | 005,656,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006.01.09 18:51:38 | 000,010,800 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRSDRV)
DRV - [2006.01.09 18:50:34 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFSDRV)
DRV - [2005.12.27 06:37:08 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005.12.09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.10.22 06:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005.10.22 06:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005.10.22 06:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005.10.22 06:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.02.23 04:07:34 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\AIDA32 - Enterprise System Information\aida32.sys -- (AIDA32Driver)
DRV - [2003.01.10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.08.18 04:19:50 | 000,281,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/ger.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.03 23:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.06 22:31:50 | 000,000,000 | ---D | M]
 
[2011.02.07 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.05.06 22:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions
[2011.02.08 09:56:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.19 10:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.20 09:20:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.03 23:54:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.16 07:16:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.16 07:16:38 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.16 07:16:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.16 07:16:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 07:16:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.16 07:16:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\bdswitch.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Apps\Softex\OmniPass\opxpgina.dll) - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.mkdmp3enc - c:\APPS\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.mpegacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.20 22:45:04 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.20 22:44:28 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 21:07:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011.12.20 21:07:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.20 21:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.20 21:07:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.20 21:07:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.18 23:07:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.12.18 20:00:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.04 09:06:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache
[2011.12.04 00:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.04 00:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011.12.04 00:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.03 23:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.12.03 23:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.03 23:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.03 20:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.21 19:50:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.21 19:50:37 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 00:41:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.12.20 22:44:29 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 21:07:49 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 00:09:20 | 000,014,926 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\LogFiles.zip
[2011.12.18 23:39:54 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\gepzdetr.exe
[2011.12.18 23:37:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.12.18 22:59:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2011.12.18 20:12:54 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.18 20:08:38 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.18 20:08:38 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.18 20:08:38 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.18 20:08:38 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.18 20:03:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job
[2011.12.03 23:18:11 | 000,251,712 | ---- | M] () -- C:\ntldr
[2011.12.03 20:42:06 | 000,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:18:30 | 000,002,726 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\parcour.rtf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.20 21:07:49 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 00:03:24 | 000,014,926 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\LogFiles.zip
[2011.12.18 23:39:53 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\gepzdetr.exe
[2011.12.18 22:59:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2011.12.03 20:42:06 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:10:31 | 000,002,726 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\parcour.rtf
[2011.06.26 15:19:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2011.06.12 11:24:40 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.14 16:59:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011.02.20 19:46:52 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2011.02.09 21:54:55 | 000,002,592 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.02.07 22:24:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.02.07 22:12:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.07 22:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.02.07 22:05:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.02.07 22:05:00 | 000,226,857 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.02.07 22:05:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.02.07 18:36:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.02.07 18:29:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.07 18:23:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011.02.07 18:22:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.02.07 18:21:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.07 18:12:45 | 000,000,626 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2011.02.07 18:10:36 | 000,006,929 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2011.02.07 18:09:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.07 18:01:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006.04.10 14:18:00 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.22 13:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.11.14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005.11.10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.11.10 11:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.11.10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.11.10 11:30:02 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe
[2005.11.10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll
[2004.11.30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004.11.30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.11 19:10:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.11 19:03:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.11 18:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.11 18:56:16 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.11 18:48:09 | 000,495,078 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.11 18:48:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.11 18:48:09 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.11 18:48:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.11 18:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.11 18:47:46 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.11 18:47:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.11 18:47:46 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.11 18:47:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.11 18:47:45 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.11 18:47:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.11 18:47:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.11 18:47:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.11 18:47:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.11 18:47:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
 
========== LOP Check ==========
 
[2011.02.20 19:46:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.02.07 21:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2011.06.20 09:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.02.07 18:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2011.02.07 21:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.02.07 18:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.02.07 18:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\go
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ulead Systems
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.08 20:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
[2011.05.07 21:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM
[2011.02.07 18:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AOL
[2011.03.11 20:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon
[2011.05.13 19:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberLink
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\go
[2011.11.18 20:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help
[2004.08.11 19:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities
[2011.12.03 20:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2011.02.07 21:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia
[2011.12.20 21:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011.12.02 16:56:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
[2011.02.07 21:02:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2011.07.02 20:46:22 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM
[2011.10.08 19:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
[2011.06.18 12:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
[2011.02.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ulead Systems
[2011.04.16 16:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2011.02.07 18:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\You've Got Pictures Screensaver
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.08.11 18:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.11 18:55:48 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.11 18:55:48 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         
--- --- ---


[/code]

Alt 21.12.2011, 21:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Zitat:
PRC - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
Also BD und AntiVir gleichzeitig sowas macht man nicht.
Eins von den beiden umgehend deinstallieren.

Zitat:
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
Wenn du schon beim deinstallieren bist, dieses Uralt-Java gleich auch deinstallieren!

Mach danach ein Neustart und wieder ein neues OTL-Log (CustomScan)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 21:57   #11
jkf
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Hi,

nach Deinstalltion von Antivir und Java Runtime hier nun die neue OTL-Logdatei

Gruß von
Johannes

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.12.2011 21:35:17 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,48 Mb Total Physical Memory | 429,20 Mb Available Physical Memory | 41,98% Memory free
2,40 Gb Paging File | 1,88 Gb Available in Paging File | 78,40% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 202,31 Gb Free Space | 86,88% Space Free | Partition Type: NTFS
 
Computer Name: SN116528580310 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.21 21:11:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.05.20 15:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\vsserv.exe
PRC - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2006.02.23 12:08:36 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
PRC - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
PRC - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe
PRC - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
PRC - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005.11.17 09:51:08 | 000,975,360 | ---- | M] (Packard Bell BV) -- C:\APPS\SMP\SMPSYS.EXE
PRC - [2005.11.07 17:48:20 | 000,417,792 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\bdmcon.exe
PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004.11.26 11:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.05.02 10:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE
PRC - [2003.05.02 10:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.21 21:11:43 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
MOD - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
MOD - [2006.02.23 12:08:54 | 000,065,634 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll
MOD - [2006.02.23 12:08:54 | 000,024,576 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll
MOD - [2006.02.23 12:08:52 | 000,225,384 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll
MOD - [2006.02.23 12:08:52 | 000,032,768 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll
MOD - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
MOD - [2006.01.30 09:03:18 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll
MOD - [2006.01.30 08:53:44 | 000,049,152 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPGina.dll
MOD - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
MOD - [2006.01.30 08:45:26 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll
MOD - [2006.01.30 08:45:24 | 000,110,592 | ---- | M] () -- C:\APPS\Softex\OmniPass\ginastub.dll
MOD - [2006.01.30 08:45:04 | 000,307,200 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll
MOD - [2006.01.30 08:44:50 | 000,901,120 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll
MOD - [2006.01.30 08:44:36 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll
MOD - [2006.01.30 08:44:34 | 000,364,544 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll
MOD - [2006.01.30 08:44:16 | 000,010,752 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll
MOD - [2006.01.30 08:33:28 | 002,179,504 | ---- | M] () -- C:\APPS\Softex\OmniPass\sftxtgp.dll
MOD - [2005.12.23 07:26:00 | 004,448,256 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\ROXIPP4.dll
MOD - [2005.11.04 16:56:34 | 000,073,728 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdpop3p.dll
MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll
MOD - [2005.09.19 17:37:08 | 000,132,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\libfn.dll
MOD - [2005.06.21 18:35:54 | 000,200,704 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdas.dll
MOD - [2005.06.15 14:18:16 | 000,090,112 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\getfile.dll
MOD - [2005.05.12 17:35:42 | 000,030,208 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\librtvr.dll
MOD - [2005.02.16 14:46:02 | 000,030,208 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\httpgetf.dll
MOD - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
MOD - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [2004.06.09 18:29:48 | 000,043,008 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimepack.dll
MOD - [2003.12.10 16:08:08 | 000,049,152 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimeinf.dll
MOD - [2003.12.10 16:07:30 | 000,045,056 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\procinf.dll
MOD - [2002.12.06 17:37:06 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\xreglib.dll
MOD - [2002.01.14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\avxdisk.dll
MOD - [1998.07.12 00:13:00 | 000,053,760 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\zlib.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)
SRV - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2005.12.27 09:23:16 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005.12.27 09:21:22 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2005.12.23 07:46:02 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.01.05 04:34:28 | 005,656,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.05.20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006.01.09 18:51:38 | 000,010,800 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRSDRV)
DRV - [2006.01.09 18:50:34 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFSDRV)
DRV - [2005.12.27 06:37:08 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005.12.09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.10.22 06:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005.10.22 06:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005.10.22 06:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005.10.22 06:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.02.23 04:07:34 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\AIDA32 - Enterprise System Information\aida32.sys -- (AIDA32Driver)
DRV - [2003.01.10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.08.18 04:19:50 | 000,281,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/ger.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.21 21:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.06 22:31:50 | 000,000,000 | ---D | M]
 
[2011.02.07 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.05.06 22:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions
[2011.02.08 09:56:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.19 10:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.20 09:20:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.21 21:11:44 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.16 07:16:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.16 07:16:38 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.16 07:16:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.16 07:16:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 07:16:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.16 07:16:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\bdmcon.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B778C99E-8791-46D4-AE36-E168495B90C3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Apps\Softex\OmniPass\opxpgina.dll) - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.mkdmp3enc - c:\APPS\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.mpegacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.20 22:45:04 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.20 22:44:28 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 21:07:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011.12.20 21:07:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.20 21:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.20 21:07:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.20 21:07:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.18 23:07:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.12.04 09:06:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache
[2011.12.04 00:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.04 00:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011.12.04 00:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.03 23:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.12.03 23:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.03 23:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.03 20:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.21 21:28:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.21 21:27:58 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 21:11:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.12.20 22:44:29 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 21:07:49 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 00:09:20 | 000,014,926 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\LogFiles.zip
[2011.12.18 23:39:54 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\gepzdetr.exe
[2011.12.18 23:37:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2011.12.18 22:59:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2011.12.18 20:12:54 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.18 20:08:38 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.18 20:08:38 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.18 20:08:38 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.18 20:08:38 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.18 20:03:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job
[2011.12.03 23:18:11 | 000,251,712 | ---- | M] () -- C:\ntldr
[2011.12.03 20:42:06 | 000,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:18:30 | 000,002,726 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\parcour.rtf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.20 21:07:49 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 00:03:24 | 000,014,926 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\LogFiles.zip
[2011.12.18 23:39:53 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\gepzdetr.exe
[2011.12.18 22:59:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2011.12.03 20:42:06 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:10:31 | 000,002,726 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\parcour.rtf
[2011.06.26 15:19:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2011.06.12 11:24:40 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.14 16:59:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011.02.20 19:46:52 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2011.02.09 21:54:55 | 000,002,592 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.02.07 22:24:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.02.07 22:12:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.07 22:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.02.07 22:05:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.02.07 22:05:00 | 000,226,857 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.02.07 22:05:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.02.07 18:36:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.02.07 18:29:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.07 18:23:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011.02.07 18:22:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.02.07 18:21:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.07 18:12:45 | 000,000,626 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2011.02.07 18:10:36 | 000,006,929 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2011.02.07 18:09:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.07 18:01:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006.04.10 14:18:00 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.22 13:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.11.14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005.11.10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.11.10 11:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.11.10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.11.10 11:30:02 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe
[2005.11.10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll
[2004.11.30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004.11.30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.11 19:10:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.11 19:03:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.11 18:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.11 18:56:16 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.11 18:48:09 | 000,495,078 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.11 18:48:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.11 18:48:09 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.11 18:48:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.11 18:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.11 18:47:46 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.11 18:47:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.11 18:47:46 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.11 18:47:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.11 18:47:45 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.11 18:47:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.11 18:47:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.11 18:47:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.11 18:47:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.11 18:47:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
 
========== LOP Check ==========
 
[2011.02.20 19:46:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.02.07 21:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2011.06.20 09:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.02.07 18:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2011.02.07 21:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.02.07 18:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.02.07 18:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\go
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ulead Systems
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.08 20:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
[2011.05.07 21:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM
[2011.02.07 18:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AOL
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon
[2011.05.13 19:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberLink
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\go
[2011.11.18 20:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help
[2004.08.11 19:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities
[2011.12.03 20:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2011.02.07 21:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia
[2011.12.20 21:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011.12.02 16:56:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
[2011.02.07 21:02:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2011.07.02 20:46:22 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM
[2011.10.08 19:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
[2011.06.18 12:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
[2011.02.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ulead Systems
[2011.04.16 16:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2011.02.07 18:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\You've Got Pictures Screensaver
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.08.11 18:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.11 18:55:48 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.11 18:55:48 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >

< End of report >
         
--- --- ---

[/code]

Alt 21.12.2011, 22:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 22:31   #13
jkf
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Hi,

hier nun das TDSS-Killer-Log:

Code:
ATTFilter
22:24:57.0906 3388	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:24:58.0125 3388	============================================================
22:24:58.0125 3388	Current date / time: 2011/12/21 22:24:58.0125
22:24:58.0125 3388	SystemInfo:
22:24:58.0125 3388	
22:24:58.0125 3388	OS Version: 5.1.2600 ServicePack: 3.0
22:24:58.0125 3388	Product type: Workstation
22:24:58.0125 3388	ComputerName: SN116528580310
22:24:58.0125 3388	UserName: ***
22:24:58.0125 3388	Windows directory: C:\WINDOWS
22:24:58.0125 3388	System windows directory: C:\WINDOWS
22:24:58.0125 3388	Processor architecture: Intel x86
22:24:58.0125 3388	Number of processors: 2
22:24:58.0125 3388	Page size: 0x1000
22:24:58.0125 3388	Boot type: Normal boot
22:24:58.0140 3388	============================================================
22:24:58.0796 3388	Initialize success
22:26:10.0750 2284	============================================================
22:26:10.0750 2284	Scan started
22:26:10.0750 2284	Mode: Manual; SigCheck; TDLFS; 
22:26:10.0750 2284	============================================================
22:26:11.0937 2284	Abiosdsk - ok
22:26:11.0984 2284	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:26:12.0734 2284	abp480n5 - ok
22:26:12.0812 2284	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:26:13.0015 2284	ACPI - ok
22:26:13.0046 2284	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:26:13.0203 2284	ACPIEC - ok
22:26:13.0234 2284	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:26:13.0390 2284	adpu160m - ok
22:26:13.0437 2284	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:26:13.0593 2284	aec - ok
22:26:13.0656 2284	AegisP          (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:26:13.0781 2284	AegisP ( UnsignedFile.Multi.Generic ) - warning
22:26:13.0781 2284	AegisP - detected UnsignedFile.Multi.Generic (1)
22:26:13.0890 2284	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:26:14.0218 2284	AFD - ok
22:26:14.0281 2284	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:26:14.0437 2284	agp440 - ok
22:26:14.0468 2284	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:26:14.0625 2284	agpCPQ - ok
22:26:14.0640 2284	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:26:14.0718 2284	Aha154x - ok
22:26:14.0734 2284	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:26:14.0890 2284	aic78u2 - ok
22:26:14.0906 2284	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:26:15.0046 2284	aic78xx - ok
22:26:15.0093 2284	AIDA32Driver    (92dc46fb76d96879bfebe0a334645b5b) C:\Programme\AIDA32 - Enterprise System Information\aida32.sys
22:26:15.0125 2284	AIDA32Driver ( UnsignedFile.Multi.Generic ) - warning
22:26:15.0125 2284	AIDA32Driver - detected UnsignedFile.Multi.Generic (1)
22:26:15.0203 2284	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:26:15.0359 2284	AliIde - ok
22:26:15.0390 2284	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:26:15.0546 2284	alim1541 - ok
22:26:15.0562 2284	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:26:15.0718 2284	amdagp - ok
22:26:15.0734 2284	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:26:15.0828 2284	amsint - ok
22:26:15.0859 2284	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:26:16.0000 2284	Arp1394 - ok
22:26:16.0031 2284	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:26:16.0187 2284	asc - ok
22:26:16.0203 2284	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:26:16.0296 2284	asc3350p - ok
22:26:16.0312 2284	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:26:16.0468 2284	asc3550 - ok
22:26:16.0531 2284	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:26:16.0687 2284	AsyncMac - ok
22:26:16.0703 2284	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:26:16.0843 2284	atapi - ok
22:26:16.0859 2284	Atdisk - ok
22:26:17.0031 2284	ati2mtag        (6936f713dc69ade85c50788990e34c16) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:26:17.0312 2284	ati2mtag - ok
22:26:17.0406 2284	atimtai         (e21282fa0e5b491c7b4920f1f6d8b028) C:\WINDOWS\system32\DRIVERS\atimtai.sys
22:26:17.0562 2284	atimtai - ok
22:26:17.0625 2284	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:26:17.0765 2284	Atmarpc - ok
22:26:17.0828 2284	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:26:17.0984 2284	audstub - ok
22:26:18.0062 2284	BDFSDRV         (09144a34a6bc8c1228db81995bacc0f8) C:\Programme\Softwin\BitDefender8\bdfsdrv.sys
22:26:18.0093 2284	BDFSDRV ( UnsignedFile.Multi.Generic ) - warning
22:26:18.0093 2284	BDFSDRV - detected UnsignedFile.Multi.Generic (1)
22:26:18.0109 2284	BDRSDRV         (f1889ce49bc9d097618ee2eb030fd368) C:\Programme\Softwin\BitDefender8\bdrsdrv.sys
22:26:18.0140 2284	BDRSDRV ( UnsignedFile.Multi.Generic ) - warning
22:26:18.0140 2284	BDRSDRV - detected UnsignedFile.Multi.Generic (1)
22:26:18.0218 2284	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:26:18.0359 2284	Beep - ok
22:26:18.0406 2284	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:26:18.0578 2284	cbidf - ok
22:26:18.0593 2284	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:26:18.0734 2284	cbidf2k - ok
22:26:18.0765 2284	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:26:18.0906 2284	CCDECODE - ok
22:26:18.0953 2284	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:26:19.0031 2284	cd20xrnt - ok
22:26:19.0046 2284	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:26:19.0218 2284	Cdaudio - ok
22:26:19.0250 2284	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:26:19.0390 2284	Cdfs - ok
22:26:19.0421 2284	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:26:19.0562 2284	Cdrom - ok
22:26:19.0609 2284	cdudf_xp        (453ee75b9164fee7bce6a0168abe9d43) C:\WINDOWS\system32\drivers\cdudf_xp.sys
22:26:19.0625 2284	cdudf_xp ( UnsignedFile.Multi.Generic ) - warning
22:26:19.0625 2284	cdudf_xp - detected UnsignedFile.Multi.Generic (1)
22:26:19.0640 2284	Changer - ok
22:26:19.0703 2284	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:26:19.0859 2284	CmdIde - ok
22:26:19.0875 2284	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:26:20.0031 2284	Cpqarray - ok
22:26:20.0062 2284	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:26:20.0218 2284	dac2w2k - ok
22:26:20.0234 2284	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:26:20.0390 2284	dac960nt - ok
22:26:20.0437 2284	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:26:20.0593 2284	Disk - ok
22:26:20.0640 2284	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:26:20.0843 2284	dmboot - ok
22:26:20.0859 2284	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:26:21.0015 2284	dmio - ok
22:26:21.0046 2284	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:26:21.0187 2284	dmload - ok
22:26:21.0234 2284	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:26:21.0375 2284	DMusic - ok
22:26:21.0421 2284	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:26:21.0578 2284	dpti2o - ok
22:26:21.0625 2284	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:26:21.0765 2284	drmkaud - ok
22:26:21.0812 2284	drvmcdb         (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys
22:26:21.0828 2284	drvmcdb ( UnsignedFile.Multi.Generic ) - warning
22:26:21.0828 2284	drvmcdb - detected UnsignedFile.Multi.Generic (1)
22:26:21.0843 2284	dvd_2K          (dd031ff015b22b4d1560510df0f21fe6) C:\WINDOWS\system32\drivers\dvd_2K.sys
22:26:21.0875 2284	dvd_2K ( UnsignedFile.Multi.Generic ) - warning
22:26:21.0875 2284	dvd_2K - detected UnsignedFile.Multi.Generic (1)
22:26:21.0921 2284	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:26:22.0078 2284	Fastfat - ok
22:26:22.0125 2284	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:26:22.0265 2284	Fdc - ok
22:26:22.0296 2284	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:26:22.0437 2284	Fips - ok
22:26:22.0453 2284	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:26:22.0609 2284	Flpydisk - ok
22:26:22.0640 2284	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:26:22.0796 2284	FltMgr - ok
22:26:22.0828 2284	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:26:22.0984 2284	Fs_Rec - ok
22:26:23.0015 2284	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:26:23.0156 2284	Ftdisk - ok
22:26:23.0203 2284	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:26:23.0343 2284	Gpc - ok
22:26:23.0390 2284	HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
22:26:23.0421 2284	HdAudAddService - ok
22:26:23.0468 2284	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:26:23.0625 2284	HDAudBus - ok
22:26:23.0671 2284	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:26:23.0812 2284	HidUsb - ok
22:26:23.0843 2284	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:26:24.0000 2284	hpn - ok
22:26:24.0046 2284	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:26:24.0109 2284	HTTP - ok
22:26:24.0156 2284	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:26:24.0296 2284	i2omgmt - ok
22:26:24.0312 2284	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:26:24.0468 2284	i2omp - ok
22:26:24.0500 2284	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:26:24.0671 2284	i8042prt - ok
22:26:24.0703 2284	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:26:24.0843 2284	Imapi - ok
22:26:24.0890 2284	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:26:25.0046 2284	ini910u - ok
22:26:25.0187 2284	IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:26:25.0406 2284	IntcAzAudAddService - ok
22:26:25.0453 2284	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:26:25.0593 2284	IntelIde - ok
22:26:25.0625 2284	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:26:25.0781 2284	intelppm - ok
22:26:25.0796 2284	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:26:25.0937 2284	Ip6Fw - ok
22:26:25.0968 2284	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:26:26.0140 2284	IpFilterDriver - ok
22:26:26.0171 2284	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:26:26.0312 2284	IpInIp - ok
22:26:26.0343 2284	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:26:26.0500 2284	IpNat - ok
22:26:26.0531 2284	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:26:26.0671 2284	IPSec - ok
22:26:26.0703 2284	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:26:26.0843 2284	IRENUM - ok
22:26:26.0859 2284	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:26:27.0000 2284	isapnp - ok
22:26:27.0031 2284	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:26:27.0171 2284	Kbdclass - ok
22:26:27.0203 2284	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:26:27.0343 2284	kbdhid - ok
22:26:27.0390 2284	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:26:27.0531 2284	kmixer - ok
22:26:27.0578 2284	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:26:27.0625 2284	KSecDD - ok
22:26:27.0640 2284	lbrtfdc - ok
22:26:27.0703 2284	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:26:27.0765 2284	MBAMProtector - ok
22:26:27.0781 2284	MBAMSwissArmy - ok
22:26:27.0828 2284	mmc_2K          (58955da604fa306f84e90f830f5c11b2) C:\WINDOWS\system32\drivers\mmc_2K.sys
22:26:27.0843 2284	mmc_2K ( UnsignedFile.Multi.Generic ) - warning
22:26:27.0843 2284	mmc_2K - detected UnsignedFile.Multi.Generic (1)
22:26:27.0875 2284	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:26:28.0031 2284	mnmdd - ok
22:26:28.0062 2284	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:26:28.0218 2284	Modem - ok
22:26:28.0234 2284	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:26:28.0375 2284	Mouclass - ok
22:26:28.0421 2284	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:26:28.0562 2284	mouhid - ok
22:26:28.0593 2284	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:26:28.0734 2284	MountMgr - ok
22:26:28.0750 2284	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:26:28.0906 2284	mraid35x - ok
22:26:28.0953 2284	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:26:29.0093 2284	MRxDAV - ok
22:26:29.0140 2284	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:26:29.0234 2284	MRxSmb - ok
22:26:29.0281 2284	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:26:29.0406 2284	Msfs - ok
22:26:29.0453 2284	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:26:29.0593 2284	MSKSSRV - ok
22:26:29.0609 2284	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:26:29.0750 2284	MSPCLOCK - ok
22:26:29.0781 2284	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:26:29.0921 2284	MSPQM - ok
22:26:29.0968 2284	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:26:30.0109 2284	mssmbios - ok
22:26:30.0140 2284	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:26:30.0281 2284	MSTEE - ok
22:26:30.0328 2284	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:26:30.0640 2284	Mup - ok
22:26:30.0671 2284	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:26:30.0812 2284	NABTSFEC - ok
22:26:30.0843 2284	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:26:31.0015 2284	NDIS - ok
22:26:31.0062 2284	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:26:31.0218 2284	NdisIP - ok
22:26:31.0250 2284	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:26:31.0281 2284	NdisTapi - ok
22:26:31.0312 2284	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:26:31.0468 2284	Ndisuio - ok
22:26:31.0515 2284	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:26:31.0656 2284	NdisWan - ok
22:26:31.0687 2284	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:26:31.0734 2284	NDProxy - ok
22:26:31.0781 2284	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:26:31.0921 2284	NetBIOS - ok
22:26:31.0953 2284	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:26:32.0093 2284	NetBT - ok
22:26:32.0156 2284	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:26:32.0296 2284	NIC1394 - ok
22:26:32.0328 2284	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:26:32.0484 2284	Npfs - ok
22:26:32.0515 2284	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:26:32.0703 2284	Ntfs - ok
22:26:32.0750 2284	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:26:32.0890 2284	Null - ok
22:26:32.0921 2284	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:26:33.0078 2284	NwlnkFlt - ok
22:26:33.0093 2284	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:26:33.0250 2284	NwlnkFwd - ok
22:26:33.0296 2284	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:26:33.0437 2284	ohci1394 - ok
22:26:33.0468 2284	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
22:26:33.0625 2284	Parport - ok
22:26:33.0640 2284	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:26:33.0781 2284	PartMgr - ok
22:26:33.0812 2284	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:26:33.0968 2284	ParVdm - ok
22:26:34.0000 2284	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:26:34.0140 2284	PCI - ok
22:26:34.0156 2284	PCIDump - ok
22:26:34.0187 2284	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:26:34.0343 2284	PCIIde - ok
22:26:34.0375 2284	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:26:34.0515 2284	Pcmcia - ok
22:26:34.0531 2284	PDCOMP - ok
22:26:34.0546 2284	PDFRAME - ok
22:26:34.0562 2284	PDRELI - ok
22:26:34.0578 2284	PDRFRAME - ok
22:26:34.0625 2284	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:26:34.0765 2284	perc2 - ok
22:26:34.0781 2284	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:26:34.0937 2284	perc2hib - ok
22:26:35.0000 2284	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:26:35.0140 2284	PptpMiniport - ok
22:26:35.0171 2284	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
22:26:35.0312 2284	Processor - ok
22:26:35.0343 2284	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:26:35.0484 2284	PSched - ok
22:26:35.0500 2284	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:26:35.0656 2284	Ptilink - ok
22:26:35.0687 2284	pwd_2k          (a57885ecdee5719a776a4202737fe347) C:\WINDOWS\system32\drivers\pwd_2k.sys
22:26:35.0718 2284	pwd_2k ( UnsignedFile.Multi.Generic ) - warning
22:26:35.0718 2284	pwd_2k - detected UnsignedFile.Multi.Generic (1)
22:26:35.0750 2284	PxHelp20        (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:26:35.0781 2284	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:26:35.0781 2284	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:26:35.0796 2284	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:26:35.0937 2284	ql1080 - ok
22:26:35.0953 2284	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:26:36.0140 2284	Ql10wnt - ok
22:26:36.0156 2284	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:26:36.0296 2284	ql12160 - ok
22:26:36.0312 2284	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:26:36.0468 2284	ql1240 - ok
22:26:36.0484 2284	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:26:36.0640 2284	ql1280 - ok
22:26:36.0671 2284	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:26:36.0828 2284	RasAcd - ok
22:26:36.0859 2284	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:26:37.0015 2284	Rasl2tp - ok
22:26:37.0031 2284	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:26:37.0187 2284	RasPppoe - ok
22:26:37.0203 2284	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:26:37.0343 2284	Raspti - ok
22:26:37.0375 2284	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:26:37.0515 2284	Rdbss - ok
22:26:37.0531 2284	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:26:37.0687 2284	RDPCDD - ok
22:26:37.0718 2284	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:26:37.0875 2284	rdpdr - ok
22:26:37.0921 2284	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:26:37.0968 2284	RDPWD - ok
22:26:38.0000 2284	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:26:38.0156 2284	redbook - ok
22:26:38.0218 2284	RT61 - ok
22:26:38.0234 2284	RTL8023xp       (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:26:38.0328 2284	RTL8023xp - ok
22:26:38.0359 2284	RxFilter        (2b3cc40e5586ac5724df83c257a69f69) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
22:26:38.0390 2284	RxFilter ( UnsignedFile.Multi.Generic ) - warning
22:26:38.0390 2284	RxFilter - detected UnsignedFile.Multi.Generic (1)
22:26:38.0437 2284	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:26:38.0593 2284	Secdrv - ok
22:26:38.0625 2284	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
22:26:38.0781 2284	Serial - ok
22:26:38.0812 2284	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:26:38.0953 2284	Sfloppy - ok
22:26:38.0968 2284	Simbad - ok
22:26:39.0015 2284	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:26:39.0156 2284	sisagp - ok
22:26:39.0187 2284	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:26:39.0328 2284	SLIP - ok
22:26:39.0359 2284	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:26:39.0437 2284	Sparrow - ok
22:26:39.0484 2284	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:26:39.0640 2284	splitter - ok
22:26:39.0671 2284	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:26:39.0812 2284	sr - ok
22:26:39.0859 2284	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:26:39.0921 2284	Srv - ok
22:26:39.0968 2284	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:26:40.0125 2284	streamip - ok
22:26:40.0140 2284	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:26:40.0281 2284	swenum - ok
22:26:40.0312 2284	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:26:40.0453 2284	swmidi - ok
22:26:40.0484 2284	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:26:40.0640 2284	symc810 - ok
22:26:40.0656 2284	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:26:40.0796 2284	symc8xx - ok
22:26:40.0812 2284	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:26:40.0953 2284	sym_hi - ok
22:26:40.0968 2284	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:26:41.0125 2284	sym_u3 - ok
22:26:41.0171 2284	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:26:41.0312 2284	sysaudio - ok
22:26:41.0390 2284	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:26:41.0484 2284	Tcpip - ok
22:26:41.0515 2284	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:26:41.0656 2284	TDPIPE - ok
22:26:41.0687 2284	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:26:41.0843 2284	TDTCP - ok
22:26:41.0859 2284	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:26:42.0000 2284	TermDD - ok
22:26:42.0031 2284	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
22:26:42.0171 2284	TosIde - ok
22:26:42.0218 2284	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:26:42.0359 2284	Udfs - ok
22:26:42.0390 2284	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:26:42.0468 2284	ultra - ok
22:26:42.0515 2284	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:26:42.0656 2284	Update - ok
22:26:42.0718 2284	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:26:42.0859 2284	usbaudio - ok
22:26:42.0890 2284	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:26:43.0031 2284	usbccgp - ok
22:26:43.0062 2284	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:26:43.0203 2284	usbehci - ok
22:26:43.0218 2284	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:26:43.0359 2284	usbhub - ok
22:26:43.0375 2284	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:26:43.0515 2284	usbohci - ok
22:26:43.0546 2284	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:26:43.0703 2284	usbprint - ok
22:26:43.0734 2284	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:26:43.0875 2284	usbscan - ok
22:26:43.0921 2284	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:26:44.0046 2284	USBSTOR - ok
22:26:44.0062 2284	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:26:44.0218 2284	VgaSave - ok
22:26:44.0250 2284	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:26:44.0390 2284	viaagp - ok
22:26:44.0406 2284	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:26:44.0562 2284	ViaIde - ok
22:26:44.0578 2284	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:26:44.0734 2284	VolSnap - ok
22:26:44.0828 2284	VX3000          (e26744e5dd71a16e80d4dd5a286b8423) C:\WINDOWS\system32\DRIVERS\VX3000.sys
22:26:44.0968 2284	VX3000 - ok
22:26:45.0015 2284	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:26:45.0171 2284	Wanarp - ok
22:26:45.0203 2284	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:26:45.0250 2284	wanatw - ok
22:26:45.0328 2284	WDICA - ok
22:26:45.0390 2284	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:26:45.0546 2284	wdmaud - ok
22:26:45.0656 2284	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:26:45.0812 2284	WSTCODEC - ok
22:26:45.0859 2284	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:26:46.0015 2284	\Device\Harddisk0\DR0 - ok
22:26:46.0015 2284	Boot (0x1200)   (558ad5e109a98dc819d137e19fc17fb2) \Device\Harddisk0\DR0\Partition0
22:26:46.0015 2284	\Device\Harddisk0\DR0\Partition0 - ok
22:26:46.0015 2284	============================================================
22:26:46.0015 2284	Scan finished
22:26:46.0015 2284	============================================================
22:26:46.0156 1644	Detected object count: 11
22:26:46.0156 1644	Actual detected object count: 11
22:27:15.0062 1644	AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0062 1644	AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0062 1644	AIDA32Driver ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0062 1644	AIDA32Driver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0062 1644	BDFSDRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0062 1644	BDFSDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0078 1644	BDRSDRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0078 1644	BDRSDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0078 1644	cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0078 1644	cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0078 1644	drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0078 1644	drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0078 1644	dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0078 1644	dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0093 1644	mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0093 1644	mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0093 1644	pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0093 1644	pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0093 1644	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0093 1644	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:27:15.0093 1644	RxFilter ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:15.0093 1644	RxFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 22.12.2011, 08:02   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.12.2011, 22:32   #15
jkf
 
TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Standard

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...



Guten Abend Arne,

bin heute etws später unterwegs und habe Combofix ausgeführt.

Gruß von
Johannes

Hier die Logdatei

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-22.04 - *** 22.12.2011  22:17:47.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.418 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: BitDefender 8 AntiVirus + AntiSpam *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-22 bis 2011-12-22  ))))))))))))))))))))))))))))))
.
.
2011-12-21 22:36 . 2011-12-21 22:37	--------	dc-h--w-	c:\windows\ie8
2011-12-21 20:11 . 2011-12-21 20:11	43992	----a-w-	c:\programme\Mozilla Firefox\mozutils.dll
2011-12-21 20:11 . 2011-12-21 20:11	626688	----a-w-	c:\programme\Mozilla Firefox\msvcr80.dll
2011-12-21 20:11 . 2011-12-21 20:11	548864	----a-w-	c:\programme\Mozilla Firefox\msvcp80.dll
2011-12-21 20:11 . 2011-12-21 20:11	479232	----a-w-	c:\programme\Mozilla Firefox\msvcm80.dll
2011-12-20 21:45 . 2011-12-20 21:45	--------	d-----w-	c:\programme\ESET
2011-12-20 20:07 . 2011-12-20 20:07	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2011-12-20 20:07 . 2011-12-20 20:07	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-20 20:07 . 2011-12-20 21:24	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-12-20 20:07 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-18 18:40 . 2010-09-18 06:52	954368	------w-	c:\windows\system32\dllcache\mfc40.dll
2011-12-18 18:40 . 2010-09-18 06:52	953856	------w-	c:\windows\system32\dllcache\mfc40u.dll
2011-12-18 18:40 . 2010-08-23 16:11	617472	------w-	c:\windows\system32\dllcache\comctl32.dll
2011-12-18 18:38 . 2010-11-02 15:17	40960	------w-	c:\windows\system32\dllcache\ndproxy.sys
2011-12-18 18:37 . 2011-06-24 14:10	139656	------w-	c:\windows\system32\dllcache\rdpwd.sys
2011-12-18 18:37 . 2011-04-21 13:37	105472	------w-	c:\windows\system32\dllcache\mup.sys
2011-12-18 18:36 . 2011-07-08 14:02	10496	------w-	c:\windows\system32\dllcache\ndistapi.sys
2011-12-18 18:35 . 2010-10-11 14:59	45568	------w-	c:\windows\system32\dllcache\wab.exe
2011-12-04 08:06 . 2011-12-04 08:06	--------	d-sh--w-	c:\dokumente und einstellungen\***\IETldCache
2011-12-03 23:04 . 2011-08-16 10:45	6144	------w-	c:\windows\system32\dllcache\iecompat.dll
2011-12-03 23:03 . 2011-11-04 19:13	602112	------w-	c:\windows\system32\dllcache\msfeeds.dll
2011-12-03 23:03 . 2011-11-04 19:13	55296	------w-	c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-03 23:03 . 2011-11-04 19:13	12800	------w-	c:\windows\system32\dllcache\xpshims.dll
2011-12-03 23:03 . 2011-11-04 19:13	247808	------w-	c:\windows\system32\dllcache\ieproxy.dll
2011-12-03 23:03 . 2011-11-04 19:13	743424	------w-	c:\windows\system32\dllcache\iedvtool.dll
2011-12-03 23:03 . 2011-11-04 19:13	2000384	------w-	c:\windows\system32\dllcache\iertutil.dll
2011-12-03 23:03 . 2011-11-04 19:13	11081728	------w-	c:\windows\system32\dllcache\ieframe.dll
2011-12-03 22:49 . 2011-07-15 13:29	456320	------w-	c:\windows\system32\dllcache\mrxsmb.sys
2011-12-03 22:48 . 2011-12-03 22:48	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-03 22:26 . 2011-12-03 22:26	--------	d-----w-	c:\windows\l2schemas
2011-12-03 22:26 . 2011-12-03 22:26	--------	d-----w-	c:\windows\system32\de
2011-12-03 22:26 . 2011-12-03 22:26	--------	d-----w-	c:\windows\system32\bits
2011-12-03 20:25 . 2008-04-14 02:22	21504	----a-w-	c:\windows\system32\hidserv.dll
2011-12-03 20:25 . 2008-04-14 01:58	14720	----a-w-	c:\windows\system32\drivers\kbdhid.sys
2011-12-03 19:40 . 2011-12-03 19:40	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\InstallShield
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2011-05-14 15:58	1859712	----a-w-	c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2011-05-14 15:58	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2011-05-14 15:58	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2011-05-14 15:58	43520	------w-	c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-11 17:47	385024	------w-	c:\windows\system32\html.iec
2011-11-01 16:07 . 2011-05-14 15:58	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2011-05-14 15:58	33280	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2011-05-14 15:58	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2011-05-14 15:58	2029568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2011-05-14 15:59	186880	----a-w-	c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-05-14 15:58	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2011-05-14 15:59	604160	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59	614912	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-11 17:47	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 10:41 . 2004-08-11 17:47	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-12-21 20:11 . 2011-05-06 21:31	121816	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"EA Core"="c:\programme\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"Ulead AutoDetector v2"="c:\programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"LifeCam"="c:\programme\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2005-11-07 417792]
"BDNewsAgent"="c:\programme\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 8192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
WiFi Station.lnk - c:\programme\Hercules\WiFi Station\WifiStation.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 07:53	49152	----a-w-	c:\apps\Softex\OmniPass\OPXPGina.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\Ahead\\SIPPS\\SIPPS.exe"=
"%ProgramFiles%\\sipgate X-Lite\\sipgateXLite.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programme\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Programme\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programme\\Roxio\\WinOnCD 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
.
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2011 21:07 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2011 21:07 22216]
S3 AIDA32Driver;AIDA32Driver;c:\programme\AIDA32 - Enterprise System Information\aida32.sys [23.02.2004 04:07 3584]
S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [07.02.2011 21:22 281728]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-04 c:\windows\Tasks\Erweiterte Garantie.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = file:///C:/APPS/IE/offline/ger.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-22 22:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\sockspy.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\apps\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\sockspy.dll
.
Zeit der Fertigstellung: 2011-12-22  22:24:38
ComboFix-quarantined-files.txt  2011-12-22 21:24
.
Vor Suchlauf: 15 Verzeichnis(se), 216.665.464.832 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 226.418.909.184 Bytes frei
.
- - End Of File - - 8FF9DA13118CE76A69510DE0EE2CB4A2
         
--- --- ---

Antwort

Themen zu TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...
0x00000001, antivir, avira, bho, c:\windows\system32\rundll32.exe, defender, download, einstellungen, explorer, firefox, fontcache, format, hdaudio.sys, home, internet, logfile, microsoft, neustart, packard bell, realtek, registry, required, rundll, security, security update, software, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, win32k.sys, windows, winlogon, winlogon.exe



Ähnliche Themen: TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...


  1. tr/crypt.xpack.gen3 und AVIRA
    Plagegeister aller Art und deren Bekämpfung - 25.12.2014 (3)
  2. Avira Guard meldet TR/Crypt.XPACK.Gen3 - Trojaner
    Log-Analyse und Auswertung - 26.05.2013 (25)
  3. Avira schlägt bei Spielinstallation an: TR/Crypt.XPACK.Gen3
    Log-Analyse und Auswertung - 22.01.2012 (2)
  4. tr/crypt.xpack.gen3 in c:\windows\temp
    Log-Analyse und Auswertung - 02.06.2011 (11)
  5. AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (26)
  6. tr crypt.xpack.gen3 und Absturz AntiVir
    Plagegeister aller Art und deren Bekämpfung - 20.03.2011 (19)
  7. AntiVir: TR/Crypt.XPACK.Gen3 in Firefox-Cache
    Plagegeister aller Art und deren Bekämpfung - 11.03.2011 (42)
  8. crypt.xpack.gen3 Fund durch AntiVir
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (9)
  9. AVIRA findet TR/Crypt.XPACK.Gen3 in C:\Windows\..\..\..\\local\imezezoc.dll
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (2)
  10. Avira fand TR/Crypt.XPACK.Gen3. bin ich sicher?
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (4)
  11. TR/Crypt.XPACK.Gen3 von Avira Guard gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.11.2010 (9)
  12. Infizierung mit "TR/Crypt.XPACK.Gen3" in C:/Windows/Temp/...
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (4)
  13. infizierung: TR/Crypt.XPACK.Gen3" in C:/Windows/Temp/...
    Mülltonne - 18.10.2010 (1)
  14. TR/Crypt.XPACK.Gen3 und TR/Dropper.Gen in C:\Windows\Temp\
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (4)
  15. TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (8)
  16. 'TR/Crypt.XPACK.Gen3' in C:\WINDOWS\Temp\TMP24.tmp
    Plagegeister aller Art und deren Bekämpfung - 09.10.2010 (1)
  17. Massenweise Viren werden in Windows/Temp erstellt (Tr/Crypt.xpack.Gen3+TR/Crypt.Pepn.Gen und andere)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)

Zum Thema TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... - Guten Abend, ich bin in diesem Forum gelandet, weil der Rechner meines Nachbarn bei mir gelandet ist (XP, SP3). Bei diesem Rechner wird durch Avira Antivir Personal der Trojaner TR/Crypt.XPACK.Gen3 - TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp......
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.