Hallo, Leute.


Ich hab ein großes Problem. Gestern hat mir mein (gratis) Avira AnitVir angezeigt, dass ich einen Trojaner auf meinem Laptop habe. Und zwar einen TR/Rootkit.GEN in meinem system32/drivers/cygigsb.sys.


Natürlich hab ich mein AntiVir seinen Dienst tun lassen, doch es hilft nicht, weil ich dann die folgende Meldung bekomme:
C:\Windows\System32\drivers\cqgigsb.sys
[WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
C:\Windows\System32\drivers\cqgigsb.sys
[WARNUNG] Die Datei konnte nicht gelöscht werden!
C:\Windows\System32\drivers\cqgigsb.sys
[WARNUNG] Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche Ursache: Ein an das System angeschlossenes Gerät funktioniert nicht.


Ich hab dann versucht die Datei "per Hand" zu löschen, aber das fuktioniert auch nicht, da ich dann gesagt bekomme: Die Quelldatei oder vom Quelldatenträger kann nicht gelesen werden. (ich weiß nichtmal, was der PC mir damit sagen will)


Ich bin total verzweifelt und weiß nicht, was ich machen soll. Ständig hängt mein PC sich auf, egal ob ich im Internet (ich habe Internet Explorer) oder im Windows Explorer bin, der bei mir ohnehin gerne mal zickt.


Ich wär euch dankbar, wenn ihr mir helfen könntet.


Ach, eins noch: Ich hab keine Ahnung von solchen Dingen. Ich hab auch schon im Internet nach Hilfe gesucht, bin aber meistens auf Fachchinesischh gestoßen, dass mir nicht geholfen hat.

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

• Bitte arbeite alle Schritte der Reihe nach ab.
• Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.


Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf .
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

• alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
• nichts am Rechner getan werden,
• nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

• Lade Dir Gmer von dieser Seite herunter
  (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:
  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system ?
  Unbedingt auf "No" klicken.
• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Bitte poste in Deiner nächsten Antwort
OTL.txt
Extra.txt
Gmer.txt

Hey, erstmal vielen Dank für die schnelle Antwort. Werd es morgen direkt ausprobieren, hab aber vorher noch eine kleine Frage, und zwar: Löscht das meine gesamten Daten, wenn ich das mache?

Ja klar, ich helfe dir alle Dateien zu löschen. Dann könntest Du auch formatieren oder.

/me fragt sich wo manche Leute ihre Logik her haben

Ok, mal sehen, ob es mit dem Link, also einem kürzeren Text, wenigstens funktioniert. Drück mir die Daumen.
Ist jetzt erstaml der Inhalt uas dem OTL-Txt - Editor und der aus dem Extras.TXt - Editor. Der Rest folgt. ^_~


hxxp://www.file-upload.net/download-2540339/OTL.Txt.html

hxxp://www.file-upload.net/download-2540365/Extras.Txt.html



Edit: Okay, hat sich komplett erledigt. Wenn du nicht noch eine Idee hast, was ich machen könnte, bleibt mir wohl doch keine andere Wahl, als Format c, auch wenn ich das unter allen Umständen hatte vermeiden wollen. Aber ich hab es jetzt sieben Mal GMER versucht und jedes Mal ist der PC nach etwa vier Minuten mit einem kurzen Piepen und einer Warnung abgeschmiert und hat von selbst einen Neustart gemacht.

Ich danke dir trotzdem für deine Hilfe.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

• BleepingComputer
• ForoSpyware

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
  • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
  • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

Ok, mal sehen, ob's diesmal klappt. ^^

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-05-24.03 - Serenity 25.05.2010  10:33:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.2125 [GMT 2:00]
ausgeführt von:: c:\users\Serenity\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Serenity\AppData\Roaming\inst.exe
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((   Dateien erstellt von 2010-04-25 bis 2010-05-25  ))))))))))))))))))))))))))))))
.

2010-05-25 08:46 . 2010-05-25 08:47	--------	d-----w-	c:\users\Serenity\AppData\Local\temp
2010-05-25 08:46 . 2010-05-25 08:46	--------	d-----w-	c:\users\Mopsi\AppData\Local\temp
2010-05-25 08:46 . 2010-05-25 08:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-05-20 10:44 . 2010-05-23 16:25	--------	d-----w-	C:\avrescue
2010-05-19 14:21 . 2010-05-19 14:21	--------	d-----w-	c:\users\Serenity\AppData\Roaming\Avira
2010-05-16 17:09 . 2010-05-16 17:09	--------	d-----w-	c:\program files\iPod
2010-05-16 17:09 . 2010-05-16 17:11	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-16 17:05 . 2010-05-16 17:05	--------	d-----w-	c:\program files\QuickTime
2010-05-16 16:57 . 2010-05-16 16:57	--------	d-----w-	c:\program files\Bonjour
2010-05-16 16:55 . 2010-05-16 16:55	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-15 15:16 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-05-15 15:16 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-05-15 15:14 . 2010-05-15 15:14	44151368	----a-w-	C:\avira_antivir_personal_de.exe
2010-05-14 11:16 . 2010-05-14 11:16	--------	d-----w-	c:\users\Serenity\AppData\Roaming\DVDVideoSoftIEHelpers
2010-05-14 11:14 . 2010-05-14 11:14	42527176	----a-w-	C:\FreeStudio.exe
2010-05-14 09:27 . 2010-05-14 09:27	21449731	----a-w-	C:\FreeVideoToDVDConverter.exe
2010-05-12 16:08 . 2010-01-29 15:40	738816	----a-w-	c:\windows\system32\inetcomm.dll
2010-05-01 16:52 . 2010-05-01 16:52	--------	d-----w-	c:\program files\Windows Portable Devices
2010-05-01 13:32 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2010-05-01 13:32 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2010-05-01 13:32 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-05-01 13:29 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-05-01 13:27 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-05-01 13:27 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-05-01 13:27 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-04-30 07:05 . 2010-01-06 15:39	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-04-30 07:05 . 2010-01-06 15:38	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-04-30 07:05 . 2010-01-06 13:30	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-29 17:23 . 2010-04-29 17:26	--------	d-----w-	c:\windows\system32\ca-ES
2010-04-29 17:23 . 2010-04-29 17:26	--------	d-----w-	c:\windows\system32\eu-ES
2010-04-29 17:23 . 2010-04-29 17:26	--------	d-----w-	c:\windows\system32\vi-VN
2010-04-29 12:02 . 2010-04-29 12:02	--------	d-----w-	c:\windows\system32\EventProviders
2010-04-29 06:14 . 2010-02-12 10:48	293376	----a-w-	c:\windows\system32\browserchoice.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 08:23 . 2008-05-15 14:46	12	----a-w-	c:\windows\bthservsdp.dat
2010-05-18 23:40 . 2008-10-25 15:31	86472	----a-w-	c:\users\Serenity\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-18 23:24 . 2008-06-02 11:19	--------	d-----w-	c:\programdata\Microsoft Help
2010-05-18 21:58 . 2008-01-21 07:15	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-05-18 21:58 . 2008-01-21 07:15	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-05-17 17:28 . 2009-02-20 18:13	1	----a-w-	c:\users\Serenity\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-16 17:11 . 2008-10-29 17:13	--------	d-----w-	c:\program files\iTunes
2010-05-16 17:09 . 2008-10-29 17:10	--------	d-----w-	c:\program files\Common Files\Apple
2010-05-14 11:16 . 2009-01-16 18:51	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-05-14 09:29 . 2009-01-16 18:51	--------	d-----w-	c:\program files\DVDVideoSoft
2010-05-13 16:21 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-05-06 14:57 . 2008-12-04 12:00	--------	d-----w-	c:\program files\Ashampoo
2010-05-01 16:52 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-05-01 16:51 . 2010-05-01 16:51	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-01 16:50 . 2010-05-01 16:50	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-04-29 17:27 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2010-04-29 17:27 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-04-29 17:27 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2010-04-29 17:27 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2010-04-29 17:27 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-04-29 17:27 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2010-04-29 06:48 . 2008-05-15 15:23	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-29 06:48 . 2008-05-16 08:06	--------	d-----w-	c:\program files\Sony
2010-04-16 06:33 . 2010-04-16 06:33	41472	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2010-04-16 06:33 . 2010-04-16 06:33	3003680	----a-w-	c:\windows\system32\usbaaplrc.dll
2010-04-08 11:20 . 2010-04-08 11:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-04-06 10:08 . 2010-04-01 10:08	--------	d-----w-	c:\program files\McAfee Security Scan
2010-04-03 19:42 . 2008-10-25 15:31	1356	----a-w-	c:\users\Serenity\AppData\Local\d3d9caps.dat
2010-04-01 10:08 . 2010-04-01 10:08	--------	d-----w-	c:\programdata\McAfee Security Scan
2010-04-01 09:45 . 2010-04-01 09:45	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-01 09:45 . 2010-04-01 09:45	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-01 09:45 . 2010-04-01 09:45	49152	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-01 09:45 . 2010-04-01 09:45	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-01 09:45 . 2010-04-01 09:45	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-01 09:45 . 2010-04-01 09:45	308808	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-01 09:45 . 2010-04-01 09:45	14848	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-01 09:45 . 2010-04-01 09:45	40960	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-01 09:45 . 2010-04-01 09:45	341600	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-01 09:45 . 2009-01-16 12:54	--------	d-----w-	c:\program files\Common Files\Real
2010-04-01 09:44 . 2009-01-16 12:55	--------	d-----w-	c:\program files\Real
2010-04-01 09:44 . 2010-04-01 09:44	--------	d-----w-	c:\program files\Common Files\xing shared
2010-03-29 06:44 . 2010-03-29 06:44	443912	----a-w-	c:\users\Serenity\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-03-09 12:45 . 2010-03-09 12:45	443912	----a-w-	c:\users\Serenity\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-09 09:32 . 2010-03-09 09:32	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb89F9.tmp.exe
2010-03-05 14:01 . 2010-04-15 10:22	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-03-01 20:41 . 2008-11-22 13:02	86472	----a-w-	c:\users\Mopsi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-01 08:05 . 2009-06-25 10:49	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-04-22 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 6111232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-01 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-06-02 36864]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-03-26 1093632]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"Skytel"="Skytel.exe" [2008-04-29 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\users\Serenity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\program files\FRITZ!DSL\StCenter.exe [2008-10-25 679936]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-5-16 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-12 21:45	98304	----a-w-	c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0d,8f,be,97,c2,e7,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-13 639224]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-12-12 28464]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-01 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-11-16 27168]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-04 104288]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-03-04 350048]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-03-04 63328]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-04-03 229376]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkHDMIService;RtkHDMIService;c:\windows\RtkAudioService.exe [2008-04-29 98304]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-11-09 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-04-24 411488]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-01-30 17408]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-11-16 27168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - cqgigsb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32	8192	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 09:34]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 09:34]

2009-05-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-25 11:32]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-25 11:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Serenity\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Serenity\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-25 10:47
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cqgigsb]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-05-25  10:50:23
ComboFix-quarantined-files.txt  2010-05-25 08:50

Vor Suchlauf: 11 Verzeichnis(se), 143.399.571.456 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 171.105.206.272 Bytes frei

- - End Of File - - 2504FB03F9189E55D4070051564C8808
         

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com - GeeksTogo.com

und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.

• Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
  Danach wieder anstellen nicht vergessen!
• Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
  Dies kann dazu führen, dass ComboFix sich aufhängt.

Anwendung

1. Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:
   
   Code: Alles auswählenAufklappen

   ATTFilter

   KILLALL::
   Rootkit::
   C:\Windows\System32\drivers\cqgigsb.sys
   
   Registry::
   [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cqgigsb]
            

2. Speichere dies als CFScript.txt auf Deinem Desktop
   .
   
   .
3. In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
4. Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


schritt 2

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
Combofix.txt
OTL.txt

Ok, einmal log.


Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-05-25.05 - Serenity 26.05.2010  15:37:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3069.2187 [GMT 2:00]
ausgeführt von:: c:\users\Serenity\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Serenity\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Serenity\AppData\Roaming\inst.exe
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_cqgigsb
-------\Service_cqgigsb


(((((((((((((((((((((((   Dateien erstellt von 2010-04-26 bis 2010-05-26  ))))))))))))))))))))))))))))))
.

2010-05-26 13:49 . 2010-05-26 13:49	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-05-26 13:49 . 2010-05-26 13:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-05-26 13:49 . 2010-05-26 13:49	--------	d-----w-	c:\users\Mopsi\AppData\Local\temp
2010-05-25 17:40 . 2010-05-25 17:40	--------	d-----w-	c:\users\Serenity\AppData\Local\Temp(455)
2010-05-25 17:40 . 2010-05-25 17:40	--------	d-----w-	c:\users\Mopsi\AppData\Local\Temp(447)
2010-05-25 08:50 . 2010-05-25 08:50	--------	d-----w-	C:\$Recycle(4).Bin
2010-05-25 08:22 . 2010-05-25 08:50	--------	d-----w-	C:\Combo-Fix
2010-05-20 10:44 . 2010-05-25 11:26	--------	d-----w-	C:\avrescue
2010-05-19 14:21 . 2010-05-19 14:21	--------	d-----w-	c:\users\Serenity\AppData\Roaming\Avira
2010-05-16 17:09 . 2010-05-16 17:09	--------	d-----w-	c:\program files\iPod(277)
2010-05-16 17:09 . 2010-05-16 17:11	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-16 17:05 . 2010-05-16 17:05	--------	d-----w-	c:\program files\QuickTime(323)
2010-05-16 16:57 . 2010-05-16 16:57	--------	d-----w-	c:\program files\Bonjour(154)
2010-05-14 11:16 . 2010-05-14 11:16	--------	d-----w-	c:\users\Serenity\AppData\Roaming\DVDVideoSoftIEHelpers
2010-04-29 16:41 . 2010-05-25 20:12	--------	d-----w-	C:\86d0562222041f0ab5648e8e60eed9
2010-04-29 12:02 . 2010-04-29 12:02	--------	d-----w-	c:\windows\system32\EventProviders
2010-04-29 06:14 . 2010-02-12 10:48	293376	----a-w-	c:\windows\system32\browserchoice.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 13:29 . 2008-05-15 14:46	12	----a-w-	c:\windows\bthservsdp.dat
2010-05-26 13:13 . 2008-10-25 15:31	86472	----a-w-	c:\users\Serenity\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-25 20:13 . 2010-04-01 10:08	--------	d-----w-	c:\programdata\McAfee Security Scan
2010-05-25 20:13 . 2010-01-10 21:22	--------	d-----w-	c:\program files\QuickTime
2010-05-25 20:13 . 2008-05-16 08:06	--------	d-----w-	c:\programdata\FLEXnet
2010-05-25 20:12 . 2008-10-29 17:13	--------	d-----w-	c:\program files\iTunes
2010-05-25 20:12 . 2009-01-16 18:51	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-05-25 20:12 . 2008-10-29 17:05	--------	d-----w-	c:\program files\DVD Shrink DE
2010-05-25 20:12 . 2010-01-10 21:23	--------	d-----w-	c:\program files\Bonjour
2010-05-25 20:11 . 2008-10-29 17:10	--------	d-----w-	c:\program files\Common Files\Apple
2010-05-25 20:11 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-05-25 20:11 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-05-25 19:54 . 2010-01-10 21:25	--------	d-----w-	c:\program files\iPod
2010-05-18 23:24 . 2008-06-02 11:19	--------	d-----w-	c:\programdata\Microsoft Help
2010-05-14 09:29 . 2009-01-16 18:51	--------	d-----w-	c:\program files\DVDVideoSoft
2010-05-06 14:57 . 2008-12-04 12:00	--------	d-----w-	c:\program files\Ashampoo
2010-04-29 10:56 . 2008-01-21 07:15	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-04-29 10:56 . 2008-01-21 07:15	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-04-29 06:48 . 2008-05-15 15:23	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-29 06:48 . 2008-05-16 08:06	--------	d-----w-	c:\program files\Sony
2010-04-06 10:08 . 2010-04-01 10:08	--------	d-----w-	c:\program files\McAfee Security Scan
2010-04-03 19:42 . 2008-10-25 15:31	1356	----a-w-	c:\users\Serenity\AppData\Local\d3d9caps.dat
2010-04-01 09:45 . 2010-04-01 09:45	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-01 09:45 . 2010-04-01 09:45	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-01 09:45 . 2010-04-01 09:45	49152	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-01 09:45 . 2010-04-01 09:45	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-01 09:45 . 2010-04-01 09:45	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-01 09:45 . 2010-04-01 09:45	308808	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-01 09:45 . 2010-04-01 09:45	14848	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-01 09:45 . 2010-04-01 09:45	40960	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-01 09:45 . 2010-04-01 09:45	341600	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-01 09:45 . 2009-01-16 12:54	--------	d-----w-	c:\program files\Common Files\Real
2010-04-01 09:44 . 2009-01-16 12:55	--------	d-----w-	c:\program files\Real
2010-04-01 09:44 . 2010-04-01 09:44	--------	d-----w-	c:\program files\Common Files\xing shared
2010-03-29 06:44 . 2010-03-29 06:44	443912	----a-w-	c:\users\Serenity\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-03-09 12:45 . 2010-03-09 12:45	443912	----a-w-	c:\users\Serenity\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-09 09:32 . 2010-03-09 09:32	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb89F9.tmp.exe
2010-03-05 14:01 . 2010-04-15 10:22	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-03-01 20:41 . 2008-11-22 13:02	86472	----a-w-	c:\users\Mopsi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-01 13:28 . 2009-12-01 13:28	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-04-22 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 6111232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-01 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-06-02 36864]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-03-26 1093632]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]

c:\users\Serenity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\program files\FRITZ!DSL\StCenter.exe [2008-10-25 679936]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-5-16 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-12 21:45	98304	----a-w-	c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-12-12 28464]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-01 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-11-16 27168]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-04 104288]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-03-04 350048]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-03-04 63328]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-13 639224]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-04-03 229376]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkHDMIService;RtkHDMIService;c:\windows\RtkAudioService.exe [2008-04-29 98304]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-11-09 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-04-24 411488]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-01-30 17408]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-11-16 27168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32	8192	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 09:34]

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 09:34]

2009-05-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-25 11:32]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-25 11:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
FF - ProfilePath - c:\users\Serenity\AppData\Roaming\Mozilla\Firefox\Profiles\gwaoea0j.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-26 23:04
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x853651D8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8b1aa322
\Driver\ACPI -> acpi.sys @ 0x807a3d4c
\Driver\iaStor -> 0x853651d8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4240)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\progra~1\mcafee\SITEAD~1\mcieplg.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\FRITZ!DSL\IGDCTRL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-26  23:14:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-05-26 21:14
ComboFix2.txt  2010-05-25 08:50

Vor Suchlauf: 14 Verzeichnis(se), 168.906.752.000 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 166.831.046.656 Bytes frei

- - End Of File - - CFAE2F04B2359F61E94D7B46227CD09A
         

und einmal OTL.

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 26.05.2010 23:22:41 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Serenity\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,73 Gb Total Space | 155,40 Gb Free Space | 69,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SAMMY
Current User Name: Serenity
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.05.26 23:22:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Serenity\Desktop\OTL.exe
PRC - [2009.12.08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.12 23:45:06 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008.05.12 23:45:06 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.29 06:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008.04.24 14:06:12 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008.04.24 14:06:10 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe
PRC - [2008.04.03 15:52:46 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe
PRC - [2008.03.03 14:45:48 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008.02.15 11:56:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008.02.15 11:56:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008.02.15 11:56:50 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008.01.22 17:27:14 | 000,550,752 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe
PRC - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSK\msksrver.exe
PRC - [2007.11.09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007.11.01 18:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.08.15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007.08.03 22:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe
PRC - [2007.07.18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2007.04.13 09:20:22 | 000,097,432 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2005.07.25 12:00:56 | 000,876,032 | ---- | M] (Nero AG) -- C:\Programme\Ahead\InCD\InCDsrv.exe
PRC - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.05.26 23:22:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Serenity\Desktop\OTL.exe
MOD - [2009.12.08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\sahook.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009.12.01 15:28:04 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009.08.05 14:04:54 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.05.16 10:06:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.05.12 23:45:06 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.04.29 06:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService)
SRV - [2008.04.24 14:06:10 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008.04.03 15:52:46 | 000,229,376 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008.03.04 20:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008.03.04 20:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008.03.04 20:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008.03.03 14:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008.03.03 13:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008.02.15 11:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008.02.15 11:56:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008.02.15 11:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008.02.15 11:56:50 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008.01.25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.28 02:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007.11.28 02:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007.11.28 01:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007.11.26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007.11.09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.11.07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.08.15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007.04.13 09:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.11.21 10:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
SRV - [2005.07.25 12:00:56 | 000,876,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2009.12.08 09:06:29 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.16 15:46:12 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.11.16 15:45:50 | 000,027,168 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2009.11.16 15:45:50 | 000,027,168 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.13 20:08:03 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.05.13 02:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.29 06:47:43 | 002,126,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.28 03:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.04.22 15:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.22 02:01:11 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.16 02:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008.04.16 02:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.03.19 02:04:14 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008.02.23 02:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.30 17:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.17 03:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.12.13 02:05:02 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.12.13 02:04:51 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.12.13 02:04:44 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.12.13 02:04:44 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.12.12 02:06:28 | 000,017,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007.12.12 02:06:25 | 000,099,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007.12.12 02:06:25 | 000,081,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007.12.12 02:04:55 | 000,028,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2007.12.02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.07.13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.05.26 10:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005.07.25 11:53:28 | 000,101,504 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.25 11:53:04 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005.07.25 11:53:00 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDrm.sys -- (incdrm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.09 09:23:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.01 11:45:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.25 22:12:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.25 22:12:59 | 000,000,000 | ---D | M]
 
[2010.05.25 21:58:00 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\mozilla\Firefox\Profiles\gwaoea0j.default\extensions
[2010.05.25 22:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serenity\AppData\Roaming\mozilla\Firefox\Profiles\gwaoea0j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.25 22:13:11 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\mozilla\Firefox\Profiles\gwaoea0j.default\extensions\moveplayer@movenetworks.com
 
O1 HOSTS File: ([2010.05.26 23:03:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Serenity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O4 - Startup: C:\Users\Serenity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: corel.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: corel.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: intervideo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Serenity\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Serenity\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.05.26 23:22:06 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Serenity\Desktop\OTL.exe
[2010.05.26 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Local\temp
[2010.05.26 23:14:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.05.26 15:33:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.05.26 15:33:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.05.26 15:33:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.05.26 15:32:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.05.26 15:28:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.05.25 19:40:23 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Local\Temp(455)
[2010.05.25 10:50:46 | 000,000,000 | ---D | C] -- C:\$Recycle(4).Bin
[2010.05.25 10:22:54 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010.05.25 10:20:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.20 12:44:21 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.05.19 17:53:02 | 000,000,000 | ---D | C] -- C:\Users\Serenity\Documents\Updater5
[2010.05.19 16:21:23 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Roaming\Avira
[2010.05.16 19:09:50 | 000,000,000 | ---D | C] -- C:\Programme\iPod(277)
[2010.05.16 19:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.16 19:05:05 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime(323)
[2010.05.16 18:57:55 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour(154)
[2010.05.14 13:16:26 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.29 18:41:12 | 000,000,000 | ---D | C] -- C:\86d0562222041f0ab5648e8e60eed9
[2010.04.29 14:02:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.04.01 12:12:49 | 000,000,000 | ---D | C] -- C:\DVDVideoSoft
[2010.04.01 12:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.04.01 12:08:18 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan
[2010.04.01 11:44:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared
[2010.03.25 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\Serenity\Desktop\Handy
[2010.03.21 18:48:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.03.19 20:42:10 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Local\Real
[2010.03.05 12:46:34 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Roaming\Canon
[2010.03.01 19:51:40 | 000,000,000 | ---D | C] -- C:\Users\Serenity\Documents\Bewerbungen
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.05.26 23:22:55 | 004,718,592 | -HS- | M] () -- C:\Users\Serenity\ntuser.dat
[2010.05.26 23:22:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Serenity\Desktop\OTL.exe
[2010.05.26 23:05:42 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.05.26 23:03:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.26 23:02:45 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.26 23:02:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.26 23:02:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.26 23:02:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.26 23:02:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.26 23:02:10 | 3219,169,280 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.26 21:49:17 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.26 15:29:37 | 000,031,357 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.05.26 15:29:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.26 15:29:33 | 000,524,288 | -HS- | M] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TMContainer00000000000000000001.regtrans-ms
[2010.05.26 15:29:33 | 000,065,536 | -HS- | M] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TM.blf
[2010.05.26 15:29:32 | 002,129,017 | -H-- | M] () -- C:\Users\Serenity\AppData\Local\IconCache.db
[2010.05.26 15:24:08 | 003,699,168 | R--- | M] () -- C:\Users\Serenity\Desktop\ComboFix.exe
[2010.05.26 15:13:35 | 000,086,472 | ---- | M] () -- C:\Users\Serenity\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.25 21:21:52 | 000,524,288 | -HS- | M] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TMContainer00000000000000000002.regtrans-ms
[2010.05.25 19:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Serenity\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.25 19:18:45 | 000,065,536 | -HS- | M] () -- C:\Users\Serenity\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.25 19:08:51 | 000,200,192 | ---- | M] () -- C:\Users\Serenity\Desktop\Land.doc
[2010.04.29 12:56:02 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.29 12:56:02 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.29 12:56:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.29 12:56:02 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.29 12:56:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.29 09:08:56 | 000,353,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010.04.06 12:08:17 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.04.06 12:08:17 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.04.03 21:42:35 | 000,001,356 | ---- | M] () -- C:\Users\Serenity\AppData\Local\d3d9caps.dat
[2010.04.03 01:11:03 | 311,428,896 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.01 11:45:15 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.04.01 11:43:59 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.03.29 02:12:37 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.03.19 12:55:51 | 000,031,232 | ---- | M] () -- C:\Users\Serenity\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.01 12:28:16 | 000,020,480 | ---- | M] () -- C:\Users\Serenity\Desktop\Microsoft Word-Dokument (neu).doc
[2010.02.28 23:01:42 | 000,086,472 | ---- | M] () -- C:\Users\Serenity\AppData\Roaming\GDIPFONTCACHEV1.DAT
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.26 15:33:03 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.05.26 15:33:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.05.26 15:33:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.05.26 15:33:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.05.26 15:33:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.05.26 15:24:00 | 003,699,168 | R--- | C] () -- C:\Users\Serenity\Desktop\ComboFix.exe
[2010.05.25 21:18:31 | 000,524,288 | -HS- | C] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TMContainer00000000000000000002.regtrans-ms
[2010.05.25 21:18:31 | 000,524,288 | -HS- | C] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TMContainer00000000000000000001.regtrans-ms
[2010.05.25 21:18:30 | 000,065,536 | -HS- | C] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TM.blf
[2010.05.20 13:34:54 | 3219,169,280 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.01 12:08:19 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.04.01 12:08:19 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.04.01 11:45:15 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.03.09 11:34:58 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.09 11:34:58 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.01 10:39:50 | 000,020,480 | ---- | C] () -- C:\Users\Serenity\Desktop\Microsoft Word-Dokument (neu).doc
[2009.12.15 23:41:18 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2009.04.26 20:02:33 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.02.03 15:55:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.13 20:08:03 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.10 13:19:52 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLdNL.DLL
[2008.06.02 13:58:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.06.02 13:51:23 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008.05.16 02:41:54 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.30 10:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.09.12 01:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.06.14 18:17:50 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Amazon
[2009.09.11 11:27:49 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Ashampoo
[2010.03.05 12:46:57 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Canon
[2009.11.30 10:40:40 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\CDZilla
[2010.05.14 13:16:26 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.10.27 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\FRITZ!
[2008.10.25 18:29:37 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\InterVideo
[2009.02.20 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\OpenOffice.org
[2009.09.11 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\phonostar-Player
[2008.11.07 23:20:37 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Template
[2009.09.11 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Vso
[2009.05.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009.11.01 02:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010.05.26 15:29:37 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         

schritt 1

Mehrere Anti-Virus-Programme

Code: Alles auswählenAufklappen

ATTFilter

McAfee
Avira
         

Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast und deinstalliere die/das andere/n.


schritt 2

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

• Installiere das Programm in den vorgegebenen Pfad.
• Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
• Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
• Aktiviere "Quick-Scan durchführen" => Scan.
• Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
• Bei Funden in C:\System Volume Information den Haken entfernen.
  Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
  Er könnte jedoch trotz Malware noch gebraucht werden.
  
• Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
• Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.


schritt 3

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

• Schließe alle Browserfenster.
• Doppelklicke die JavaRa.exe, um das Programm zu starten.
• Die Sprache auswählen, nimm Englisch und klicke "Select".
• Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
• Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
• Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
• Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
• Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
• Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
• Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.


schritt 4

• ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

• Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
• Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button "ESET Online Scanner" drücken.
• Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
• Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User müssen das Installieren eines ActiveX Elements erlauben.
• Einen Haken bei "Remove found threads" und "Scan archives" machen.
• Start drücken.
• Signaturen werden heruntergeladen.
• Der Scan beginnt automatisch.
• Finish drücken.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
• IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
• O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

schritt 5

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
MBAM Logfile
Eset Logfile
OTL.txt
Berichte wie der Rechner läuft

Ok, ich hab jetzt schonmal McAfee vom Rechner geschmissen.

Den AntiMalware Quik-Scan hab ich auch gemacht, das log auf dem Dekstop gespeichert.

Ich hab dann Java so erneuert, wie du's geschrieben hast, hat soweit auch funktioniert, aber ich hab keine log-Datei bekommen. Java hat mir zwar angezeit, dass eine erstellt wurde, die geöffnet auch wird, aber das ist nicht passiert. Und ich konnte die Datei auch nirgends am PC finden, obwohl ich überall gesucht hab.
'ne Idee, was ich da machen kann?
Mh, auf die Gefahr hin, dass du mich für blöd hältst, aber ich weiß nichtmal, wofür Java überhaupt da ist ... *hüstel

Zitat:

Bitte poste in Deiner nächsten Antwort
MBAM Logfile
Eset Logfile
OTL.txt
Berichte wie der Rechner läuft

Steht da was von einer JavaRa Log? Die brauche ich nicht zwingend

http://de.wikipedia.org/wiki/JavaScript
http://www.java.com/de/about/

So, hat leider etwas gedauert, ich war am Wochende nicht da. ^^

Also, es fängt an mit der mbam-log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

27.05.2010 23:59:57
mbam-log-2010-05-27 (23-59-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132116
Laufzeit: 8 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Dann die Eset.log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251


Und schließlich die OTL.Txt.log:

Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,73 Gb Total Space | 148,37 Gb Free Space | 66,62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMMY
Current User Name: Serenity
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.05.26 23:22:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Serenity\Desktop\OTL.exe
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.01 11:43:54 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.02.23 08:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009.12.01 15:28:04 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009.08.05 14:04:54 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.08 13:54:38 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.09 20:46:32 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 20:45:26 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.02 13:44:32 | 000,036,864 | ---- | M] (Sony NSCE) -- C:\Programme\Sony\Marketing Tools\MarketingTools.exe
PRC - [2008.05.16 10:06:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008.05.12 23:45:06 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008.05.12 23:45:06 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.29 06:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008.04.24 14:06:12 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008.04.24 14:06:10 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe
PRC - [2008.04.22 17:08:04 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe
PRC - [2008.04.03 20:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2008.04.03 15:52:46 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe
PRC - [2008.03.03 14:45:48 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008.02.23 02:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2008.02.23 02:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2008.02.23 02:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe
PRC - [2008.02.15 11:56:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008.02.15 11:56:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008.02.15 11:56:50 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008.01.22 17:27:14 | 000,550,752 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.11.09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007.10.30 11:04:08 | 000,748,072 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.04.13 09:20:22 | 000,097,432 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.10.22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2005.11.15 03:07:28 | 000,679,936 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2005.07.25 12:01:24 | 001,397,760 | ---- | M] (Nero AG) -- C:\Programme\Ahead\InCD\InCD.exe
PRC - [2005.07.25 12:00:56 | 000,876,032 | ---- | M] (Nero AG) -- C:\Programme\Ahead\InCD\InCDsrv.exe
PRC - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


========== Modules (SafeList) ==========

MOD - [2010.05.26 23:22:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Serenity\Desktop\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.12.01 15:28:04 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009.08.05 14:04:54 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.05.16 10:06:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.05.12 23:45:06 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.04.29 06:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService)
SRV - [2008.04.24 14:06:10 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008.04.03 15:52:46 | 000,229,376 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008.03.04 20:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008.03.04 20:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008.03.04 20:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008.03.03 14:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008.03.03 13:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008.02.15 11:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008.02.15 11:56:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008.02.15 11:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008.02.15 11:56:50 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.28 02:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007.11.28 02:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007.11.28 01:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007.11.09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.04.13 09:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005.11.21 11:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.11.21 10:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
SRV - [2005.07.25 12:00:56 | 000,876,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)


========== Driver Services (SafeList) ==========

DRV - [2009.12.08 09:06:29 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.16 15:46:12 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.11.16 15:45:50 | 000,027,168 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2009.11.16 15:45:50 | 000,027,168 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.13 20:08:03 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.05.13 02:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.29 06:47:43 | 002,126,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.28 03:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.04.22 15:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.22 02:01:11 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.16 02:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008.04.16 02:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.03.19 02:04:14 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008.02.23 02:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.30 17:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.17 03:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.12.13 02:05:02 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.12.13 02:04:51 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.12.13 02:04:44 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.12.13 02:04:44 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.12.12 02:06:28 | 000,017,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007.12.12 02:06:25 | 000,099,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007.12.12 02:06:25 | 000,081,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007.12.12 02:04:55 | 000,028,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2007.05.26 10:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005.07.25 11:53:28 | 000,101,504 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005.07.25 11:53:04 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005.07.25 11:53:00 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDrm.sys -- (incdrm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.01 11:45:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010.05.25 21:58:00 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\mozilla\Firefox\Profiles\gwaoea0j.default\extensions
[2010.05.25 22:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serenity\AppData\Roaming\mozilla\Firefox\Profiles\gwaoea0j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.25 22:13:11 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\mozilla\Firefox\Profiles\gwaoea0j.default\extensions\moveplayer@movenetworks.com

O1 HOSTS File: ([2010.05.26 23:03:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Serenity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O4 - Startup: C:\Users\Serenity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: corel.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: corel.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: intervideo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Serenity\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Serenity\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.05.29 02:41:32 | 000,000,000 | ---D | C] -- C:\My Music
[2010.05.28 08:53:49 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.28 00:03:23 | 000,000,000 | ---D | C] -- C:\Users\Serenity\Desktop\JavaRa
[2010.05.27 23:51:06 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Roaming\Malwarebytes
[2010.05.27 23:50:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.27 23:50:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.27 23:50:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.27 23:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.27 23:49:16 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Serenity\Desktop\mbam-setup.exe
[2010.05.27 00:53:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.05.27 00:40:09 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.05.27 00:33:35 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.05.27 00:25:38 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.05.27 00:15:26 | 097,547,048 | ---- | C] (Apple Inc.) -- C:\Users\Serenity\Desktop\iTunesSetup.exe
[2010.05.26 23:43:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.26 23:22:06 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Serenity\Desktop\OTL.exe
[2010.05.26 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Local\temp
[2010.05.26 23:14:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.05.26 15:33:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.05.26 15:33:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.05.26 15:33:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.05.26 15:32:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.05.26 15:28:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.05.25 19:40:23 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Local\Temp(455)
[2010.05.25 10:22:54 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010.05.25 10:20:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.20 12:44:21 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.05.19 17:53:02 | 000,000,000 | ---D | C] -- C:\Users\Serenity\Documents\Updater5
[2010.05.19 16:21:23 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Roaming\Avira
[2010.05.16 19:09:50 | 000,000,000 | ---D | C] -- C:\Programme\iPod(277)
[2010.05.16 19:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.16 19:05:05 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime(323)
[2010.05.16 18:57:55 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour(154)
[2010.05.14 13:16:26 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.29 18:41:12 | 000,000,000 | ---D | C] -- C:\86d0562222041f0ab5648e8e60eed9
[2010.04.29 14:02:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.04.29 08:14:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.16 08:33:36 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2010.04.15 12:22:15 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 12:22:10 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 12:22:09 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 12:22:04 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.08 13:20:02 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2010.04.08 13:20:02 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2010.04.01 12:12:49 | 000,000,000 | ---D | C] -- C:\DVDVideoSoft
[2010.04.01 11:44:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared
[2010.03.31 08:20:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.31 08:20:23 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 08:20:23 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 08:20:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 08:20:21 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.31 08:20:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 08:20:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.31 08:20:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 08:20:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.31 08:20:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.31 08:20:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 08:20:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.31 08:20:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.31 08:20:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.31 08:20:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.03.25 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\Serenity\Desktop\Handy
[2010.03.21 18:48:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.03.19 20:42:10 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Local\Real
[2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010.03.11 09:36:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.11 09:36:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.03.05 12:46:34 | 000,000,000 | ---D | C] -- C:\Users\Serenity\AppData\Roaming\Canon
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.05.31 21:46:05 | 004,718,592 | -HS- | M] () -- C:\Users\Serenity\ntuser.dat
[2010.05.31 20:49:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.31 20:47:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.31 20:47:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.31 16:48:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.31 16:47:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.31 16:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.31 16:47:27 | 3217,088,512 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.30 15:19:46 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.30 15:19:43 | 000,524,288 | -HS- | M] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TMContainer00000000000000000001.regtrans-ms
[2010.05.30 15:19:43 | 000,065,536 | -HS- | M] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TM.blf
[2010.05.30 15:19:36 | 003,468,382 | -H-- | M] () -- C:\Users\Serenity\AppData\Local\IconCache.db
[2010.05.28 00:02:16 | 000,071,798 | ---- | M] () -- C:\Users\Serenity\Desktop\JavaRa.zip
[2010.05.27 23:50:53 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.27 23:49:24 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Serenity\Desktop\mbam-setup.exe
[2010.05.27 16:48:35 | 000,280,576 | ---- | M] () -- C:\Users\Serenity\Desktop\Land.doc
[2010.05.27 01:06:18 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.27 01:06:18 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.27 01:06:18 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.27 01:06:17 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.27 01:06:17 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.27 00:56:39 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.27 00:41:35 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.05.27 00:15:27 | 097,547,048 | ---- | M] (Apple Inc.) -- C:\Users\Serenity\Desktop\iTunesSetup.exe
[2010.05.26 23:22:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Serenity\Desktop\OTL.exe
[2010.05.26 23:05:42 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.05.26 23:03:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.26 15:24:08 | 003,699,168 | R--- | M] () -- C:\Users\Serenity\Desktop\ComboFix.exe
[2010.05.26 15:13:35 | 000,086,472 | ---- | M] () -- C:\Users\Serenity\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.25 21:21:52 | 000,524,288 | -HS- | M] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TMContainer00000000000000000002.regtrans-ms
[2010.05.25 19:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Serenity\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.25 19:18:45 | 000,065,536 | -HS- | M] () -- C:\Users\Serenity\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 09:08:56 | 000,353,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010.04.23 15:55:52 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.04.16 08:33:36 | 003,003,680 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2010.04.08 13:20:02 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2010.04.08 13:20:02 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2010.04.03 21:42:35 | 000,001,356 | ---- | M] () -- C:\Users\Serenity\AppData\Local\d3d9caps.dat
[2010.04.03 01:11:03 | 311,428,896 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.01 11:45:15 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.04.01 11:45:06 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.04.01 11:44:34 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.04.01 11:44:34 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010.04.01 11:43:59 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.03.29 02:12:37 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.03.19 12:55:51 | 000,031,232 | ---- | M] () -- C:\Users\Serenity\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010.03.05 16:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.28 00:02:15 | 000,071,798 | ---- | C] () -- C:\Users\Serenity\Desktop\JavaRa.zip
[2010.05.27 23:50:53 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.27 00:56:39 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.27 00:41:35 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.05.26 15:33:03 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.05.26 15:33:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.05.26 15:33:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.05.26 15:33:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.05.26 15:33:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.05.26 15:24:00 | 003,699,168 | R--- | C] () -- C:\Users\Serenity\Desktop\ComboFix.exe
[2010.05.25 21:18:31 | 000,524,288 | -HS- | C] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TMContainer00000000000000000002.regtrans-ms
[2010.05.25 21:18:31 | 000,524,288 | -HS- | C] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TMContainer00000000000000000001.regtrans-ms
[2010.05.25 21:18:30 | 000,065,536 | -HS- | C] () -- C:\Users\Serenity\ntuser.dat{0aad6049-6832-11df-ade0-001dba20afb7}.TM.blf
[2010.05.20 13:34:54 | 3217,088,512 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.01 11:45:15 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.03.09 11:34:58 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.09 11:34:58 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.12.15 23:41:18 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2009.04.26 20:02:33 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.02.03 15:55:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.13 20:08:03 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.10 13:19:52 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLdNL.DLL
[2008.06.02 13:58:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.06.02 13:51:23 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008.05.16 02:41:54 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.30 10:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.09.12 01:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009.06.14 18:17:50 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Amazon
[2009.09.11 11:27:49 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Ashampoo
[2010.03.05 12:46:57 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Canon
[2009.11.30 10:40:40 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\CDZilla
[2010.05.14 13:16:26 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.10.27 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\FRITZ!
[2008.10.25 18:29:37 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\InterVideo
[2009.02.20 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\OpenOffice.org
[2009.09.11 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\phonostar-Player
[2008.11.07 23:20:37 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Template
[2009.09.11 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\Serenity\AppData\Roaming\Vso
[2010.05.30 15:19:46 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >



So, jetzt der Bericht?
Mh, der PC hält länger durch als vorher, aber er hängt sich noch immer sehr gerne auf. Besonders im Internet Explorer, noch lieber allerdings im Windows Explorer, da geht kaum was, ohne das sich der Rechner aufhängt.
Und Firefox funktioniert gar nicht mehr. Zumindest vorher nicht, hab mich bisher nicht getraut, ihn nochmal auszuprobieren. Sobald ich den gestartet hatte, ging überhaupt gar nix mehr, nirgendwo. Hatte daraufhin Firefox vom PC geschmissen und notgedrungen den IE genutzt, obwohl ich Firfox eigentlich lieber mag. Meinst du, ich kann Firefox jetzt wieder ohne Probleme installieren?

Ok, wie gesagt, meine Hauptprobleme liegen immer noch bei der Internetnutzung und im Windows Explorer.

Hm die ESET ist mir zu Kurz. Hat ESET was gefunden ?
Die OTL sehe ich mir am Abend genau an, etwas im Stress gerade.


windows + R Taste --> services.msc (eingeben) --> OK
Suche dir nun folgenden Eintrag
VzCdbSvc
Rechtsklick --> EIgenschaften --> Stelle den Dienst auf Manuell um.


Ereignisse mit VEW exportieren

Bitte lade VEW.exe von Vino Rosso herunter und speichere das Tool auf Deinem Desktop.
Starte die vew.exe durch Doppelklick und mache folgende Einstellungen:



Drücke den Button Run, um den Suchlauf zu starten.
Wenn der Suchlauf beendet ist, öffnet sich der Editor mit dem Logfile.
Kopiere das Logfile (C:\vew.txt) hier in den Thread.