Trojaner-Board - TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp... (https://www.trojaner-board.de/106581-tr-crypt-xpack-gen3-avira-antivir-personal-gemeldet-c-windows-temp-tmp.html)

TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...

Guten Abend,

ich bin in diesem Forum gelandet, weil der Rechner meines Nachbarn bei mir gelandet ist (XP, SP3). Bei diesem Rechner wird durch Avira Antivir Personal der Trojaner TR/Crypt.XPACK.Gen3 2 Mal bei einem Systemscan gemeldet. Das Verschieben in die Quarantäne nutzt nichts, denn nach einem Neustart des Rechners und erneutem Systemscan wird wieder der Trojaner gemeldet.

Nachdem ich mich im Internet umgesehen habe und viele verschiedene Tips gelesen habe, hat mich die Vorgehensweise in diesem Forum sehr überzeugt, weshalb ich bis jetzt die Trojaner nur in die Quarantäne verschickt habe und dann die erforderlichen Logdateien erzeugt habe.

Vielen Dank für Ihre Hilfe.

Die Dateien gmer.txt und Extras.txt, sowie 2 Avira Reports finden sich in der gezippten Datei im Anhang,

Hier folgt nun die OTL.txt:

OTL logfile created on: 18.12.2011 23:12:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1022,48 Mb Total Physical Memory | 522,82 Mb Available Physical Memory | 51,13% Memory free
2,40 Gb Paging File | 1,95 Gb Available in Paging File | 81,18% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 201,95 Gb Free Space | 86,72% Space Free | Partition Type: NTFS

Computer Name: SN116528580310 | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
PRC - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 15:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\vsserv.exe
PRC - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2006.02.23 12:08:36 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
PRC - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
PRC - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe
PRC - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
PRC - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005.11.17 09:51:08 | 000,975,360 | ---- | M] (Packard Bell BV) -- C:\APPS\SMP\SMPSYS.EXE
PRC - [2005.06.03 03:52:54 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
PRC - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004.11.26 11:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe
PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.05.02 10:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE
PRC - [2003.05.02 10:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE

========== Modules (No Company Name) ==========

MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
MOD - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
MOD - [2006.02.23 12:08:54 | 000,065,634 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll
MOD - [2006.02.23 12:08:54 | 000,024,576 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll
MOD - [2006.02.23 12:08:52 | 000,225,384 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll
MOD - [2006.02.23 12:08:52 | 000,032,768 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll
MOD - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
MOD - [2006.01.30 09:03:18 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll
MOD - [2006.01.30 08:53:44 | 000,049,152 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPGina.dll
MOD - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
MOD - [2006.01.30 08:45:26 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll
MOD - [2006.01.30 08:45:24 | 000,110,592 | ---- | M] () -- C:\APPS\Softex\OmniPass\ginastub.dll
MOD - [2006.01.30 08:45:04 | 000,307,200 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll
MOD - [2006.01.30 08:44:50 | 000,901,120 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll
MOD - [2006.01.30 08:44:36 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll
MOD - [2006.01.30 08:44:34 | 000,364,544 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll
MOD - [2006.01.30 08:44:16 | 000,010,752 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll
MOD - [2006.01.30 08:33:28 | 002,179,504 | ---- | M] () -- C:\APPS\Softex\OmniPass\sftxtgp.dll
MOD - [2005.12.23 07:26:00 | 004,448,256 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\ROXIPP4.dll
MOD - [2005.11.04 16:56:34 | 000,073,728 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdpop3p.dll
MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll
MOD - [2005.09.19 17:37:08 | 000,132,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\libfn.dll
MOD - [2005.06.21 18:35:54 | 000,200,704 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdas.dll
MOD - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
MOD - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
MOD - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [2004.06.09 18:29:48 | 000,043,008 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimepack.dll
MOD - [2003.12.10 16:08:08 | 000,049,152 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimeinf.dll
MOD - [2003.12.10 16:07:30 | 000,045,056 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\procinf.dll
MOD - [2002.12.06 17:37:06 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\xreglib.dll
MOD - [2002.01.14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\avxdisk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)
SRV - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2005.12.27 09:23:16 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005.12.27 09:21:22 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2005.12.23 07:46:02 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2011.06.28 19:28:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:28:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.05 04:34:28 | 005,656,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006.01.09 18:51:38 | 000,010,800 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRSDRV)
DRV - [2006.01.09 18:50:34 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFSDRV)
DRV - [2005.12.27 06:37:08 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005.12.09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.10.22 06:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005.10.22 06:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005.10.22 06:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005.10.22 06:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.02.23 04:07:34 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\AIDA32 - Enterprise System Information\aida32.sys -- (AIDA32Driver)
DRV - [2003.01.10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.08.18 04:19:50 | 000,281,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/ger.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.03 23:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.06 22:31:50 | 000,000,000 | ---D | M]

[2011.02.07 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2011.05.06 22:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions
[2011.02.08 09:56:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.19 10:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.20 09:20:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.03 23:54:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.16 07:16:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.16 07:16:38 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.16 07:16:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.16 07:16:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 07:16:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.16 07:16:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\bdswitch.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B778C99E-8791-46D4-AE36-E168495B90C3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Apps\Softex\OmniPass\opxpgina.dll) - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.18 23:07:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.18 20:00:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.04 09:06:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\IETldCache
[2011.12.04 00:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.04 00:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011.12.04 00:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.03 23:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.12.03 23:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.03 23:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.03 20:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InstallShield
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.18 23:12:48 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.18 23:03:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.18 23:03:43 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.18 22:59:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.12.18 20:12:54 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.18 20:08:38 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.18 20:08:38 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.18 20:08:38 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.18 20:08:38 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.18 20:03:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.18 19:31:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job
[2011.12.03 23:18:11 | 000,251,712 | ---- | M] () -- C:\ntldr
[2011.12.03 20:42:06 | 000,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:18:30 | 000,002,726 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\parcour.rtf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.18 22:59:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.12.03 20:42:06 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:10:31 | 000,002,726 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\parcour.rtf
[2011.06.26 15:19:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2011.06.12 11:24:40 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.14 16:59:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011.02.20 19:46:52 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2011.02.09 21:54:55 | 000,002,592 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.02.07 22:24:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.02.07 22:12:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.07 22:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.02.07 22:05:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.02.07 22:05:00 | 000,226,857 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.02.07 22:05:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.02.07 18:36:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.02.07 18:29:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.07 18:23:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011.02.07 18:22:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.02.07 18:21:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.07 18:12:45 | 000,000,626 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2011.02.07 18:10:36 | 000,006,929 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2011.02.07 18:09:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.07 18:01:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006.04.10 14:18:00 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.22 13:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.11.14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005.11.10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.11.10 11:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.11.10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.11.10 11:30:02 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe
[2005.11.10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll
[2004.11.30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004.11.30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.11 19:10:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.11 19:03:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.11 18:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.11 18:56:16 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.11 18:48:09 | 000,495,078 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.11 18:48:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.11 18:48:09 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.11 18:48:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.11 18:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.11 18:47:46 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.11 18:47:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.11 18:47:46 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.11 18:47:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.11 18:47:45 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.11 18:47:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.11 18:47:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.11 18:47:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.11 18:47:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.11 18:47:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

========== LOP Check ==========

[2011.02.20 19:46:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.02.07 21:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2011.06.20 09:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.02.07 18:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2011.02.07 21:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.02.07 18:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.02.07 18:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canon
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\go
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Leadertech
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ulead Systems
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011.02.08 08:30:54 | 000,000,000 | ---D | M] -- C:\003914cbf4e6f12bc5
[2011.02.08 08:26:09 | 000,000,000 | ---D | M] -- C:\259eb95eb31c64f26756e4ba3bc4
[2011.05.13 11:34:15 | 000,000,000 | ---D | M] -- C:\960a64370aa33ab31255b86f2ea30d
[2011.02.07 18:22:43 | 000,000,000 | ---D | M] -- C:\APPS
[2011.02.07 22:04:00 | 000,000,000 | ---D | M] -- C:\ATI
[2011.05.08 19:47:52 | 000,000,000 | ---D | M] -- C:\bc1cbe7a8e3e1eaf14557fd08a
[2011.05.08 19:45:39 | 000,000,000 | ---D | M] -- C:\bc68f6a1d2941146903ec77c91
[2011.02.07 22:39:48 | 000,000,000 | ---D | M] -- C:\c0a9f8b1cf03d418b4
[2011.02.20 19:46:55 | 000,000,000 | ---D | M] -- C:\CanonMP
[2011.02.07 18:07:08 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2011.12.18 20:12:52 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.02.07 18:10:07 | 000,000,000 | -H-D | M] -- C:\DIVTOOLS
[2011.02.07 18:36:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.02.07 18:36:31 | 000,000,000 | -HSD | M] -- C:\DRIVERS
[2011.09.05 19:03:28 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.02.07 22:08:48 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.02.07 18:09:52 | 000,000,000 | ---D | M] -- C:\My Music
[2011.02.07 19:43:08 | 000,000,000 | -H-D | M] -- C:\PNP
[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.07.02 20:45:17 | 000,000,000 | R--D | M] -- C:\Programme
[2011.02.07 21:09:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.18 21:16:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.18 20:13:21 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< MD5 for: AFD.SYS >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3GDR\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\SoftwareDistribution\Download\e424457fa03b62ac525a28d5c035253c\sp3qfe\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004.08.04 14:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\SoftwareDistribution\Download\e424457fa03b62ac525a28d5c035253c\sp3gdr\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3QFE\afd.sys

< MD5 for: EXPLORER.EXE >
[2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: IPSEC.SYS >
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.04 14:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: REGEDIT.EXE >
[2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-18 19:08:54

< >

< End of report >

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Guten Abend,

danke für die schnelle Antwort.

Hier folgt nun die Malwarebyte-Logdatei. Anschließend werde ich den ESTE-Scan starten.

Malwarebyte-Logdatei:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8404

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2011 22:25:01
mbam-log-2011-12-20 (22-25-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 232223
Laufzeit: 49 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{D449EB58-55AF-4695-B216-895D546AED89} (Spyware.CnsMin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{B7DB519E-7131-47B1-A9F5-DA8D061C2611} (Spyware.CnsMin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{446761D5-3AC9-40CC-9DCD-CDE23E2CE31A} (Spyware.CnsMin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDefender (Spyware.CnsMin) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\SOFTWIN\BITDEFENDER8\BDO.DLL (Spyware.CnsMin) -> Value: BDO.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme\Softwin\bitdefender8\bdo.dll (Spyware.CnsMin) -> Quarantined and deleted successfully.

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Guten Abend Arne,

ich habe noch nie zuvor Malwarebytes auf diesem Rechner ausgeführt. In der Loghistory von Malwarebytes steht außer der geposteten mbam-log-2011-12-20 (22-25-01).txt nur eine protection-log-2011-12-20.txt.

Nun folgt noch der Inhalt der ESTE-Logdatei:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9cf1e1034d932343a43887e98c04449f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 11:16:34
# local_time=2011-12-21 12:16:34 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 185739 60954532 85466 0
# compatibility_mode=8192 67108863 100 0 3807 3807 0 0
# scanned=72554
# found=1
# cleaned=0
# scan_time=5286
C:\RECYCLER\S-1-5-21-3157941000-155644160-3530135916-1006\Dc5.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

Gruß von
Johannes

Ok. Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Guten Abend Arne,

hier nun der Inhalt der OTL.txt nach einem erneuten Scan.

Gruß von
Johannes

PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003.05.02 10:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE
PRC - [2003.05.02 10:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE

========== Modules (No Company Name) ==========

MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
MOD - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
MOD - [2006.02.23 12:08:54 | 000,065,634 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll
MOD - [2006.02.23 12:08:54 | 000,024,576 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll
MOD - [2006.02.23 12:08:52 | 000,225,384 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll
MOD - [2006.02.23 12:08:52 | 000,032,768 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll
MOD - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe
MOD - [2006.01.30 09:03:18 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll
MOD - [2006.01.30 08:53:44 | 000,049,152 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPGina.dll
MOD - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
MOD - [2006.01.30 08:45:26 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll
MOD - [2006.01.30 08:45:24 | 000,110,592 | ---- | M] () -- C:\APPS\Softex\OmniPass\ginastub.dll
MOD - [2006.01.30 08:45:04 | 000,307,200 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll
MOD - [2006.01.30 08:44:50 | 000,901,120 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll
MOD - [2006.01.30 08:44:36 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll
MOD - [2006.01.30 08:44:34 | 000,364,544 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll
MOD - [2006.01.30 08:44:16 | 000,010,752 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll
MOD - [2006.01.30 08:33:28 | 002,179,504 | ---- | M] () -- C:\APPS\Softex\OmniPass\sftxtgp.dll
MOD - [2005.12.23 07:26:00 | 004,448,256 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\ROXIPP4.dll
MOD - [2005.11.04 16:56:34 | 000,073,728 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdpop3p.dll
MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll
MOD - [2005.09.19 17:37:08 | 000,132,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\libfn.dll
MOD - [2005.06.21 18:35:54 | 000,200,704 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdas.dll
MOD - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
MOD - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
MOD - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [2004.06.09 18:29:48 | 000,043,008 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimepack.dll
MOD - [2003.12.10 16:08:08 | 000,049,152 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimeinf.dll
MOD - [2003.12.10 16:07:30 | 000,045,056 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\procinf.dll
MOD - [2002.12.06 17:37:06 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\xreglib.dll
MOD - [2002.01.14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\avxdisk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)
SRV - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)
SRV - [2005.12.27 09:23:16 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005.12.27 09:21:22 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2005.12.23 07:46:02 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.28 19:28:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:28:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.05 04:34:28 | 005,656,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006.01.09 18:51:38 | 000,010,800 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRSDRV)
DRV - [2006.01.09 18:50:34 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFSDRV)
DRV - [2005.12.27 06:37:08 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005.12.09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.10.22 06:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005.10.22 06:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005.10.22 06:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005.10.22 06:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.02.23 04:07:34 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\AIDA32 - Enterprise System Information\aida32.sys -- (AIDA32Driver)
DRV - [2003.01.10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.08.18 04:19:50 | 000,281,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/ger.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.03 23:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.06 22:31:50 | 000,000,000 | ---D | M]

[2011.02.07 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2011.05.06 22:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions
[2011.02.08 09:56:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.19 10:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.20 09:20:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.03 23:54:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.16 07:16:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.16 07:16:38 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.16 07:16:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.16 07:16:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.16 07:16:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.16 07:16:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\bdswitch.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Apps\Softex\OmniPass\opxpgina.dll) - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG800DL.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.mkdmp3enc - c:\APPS\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.mpegacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.20 22:45:04 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.20 22:44:28 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\****\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 21:07:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2011.12.20 21:07:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.20 21:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.20 21:07:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.20 21:07:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.18 23:07:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.18 20:00:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.04 09:06:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\****\IETldCache
[2011.12.04 00:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.12.04 00:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011.12.04 00:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.12.03 23:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.12.03 23:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.03 23:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.03 20:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InstallShield
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.21 19:50:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.21 19:50:37 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 00:41:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.12.20 22:44:29 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\****\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 21:07:49 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 00:09:20 | 000,014,926 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\LogFiles.zip
[2011.12.18 23:39:54 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\gepzdetr.exe
[2011.12.18 23:37:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2011.12.18 22:59:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.12.18 20:12:54 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.18 20:08:38 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.18 20:08:38 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.18 20:08:38 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.18 20:08:38 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.18 20:03:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job
[2011.12.03 23:18:11 | 000,251,712 | ---- | M] () -- C:\ntldr
[2011.12.03 20:42:06 | 000,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:18:30 | 000,002,726 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\parcour.rtf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.20 21:07:49 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 00:03:24 | 000,014,926 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\LogFiles.zip
[2011.12.18 23:39:53 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\gepzdetr.exe
[2011.12.18 22:59:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2011.12.18 22:58:04 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2011.12.03 20:42:06 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk
[2011.11.27 21:10:31 | 000,002,726 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\parcour.rtf
[2011.06.26 15:19:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2011.06.12 11:24:40 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.14 16:59:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011.02.20 19:46:52 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2011.02.09 21:54:55 | 000,002,592 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.02.07 22:24:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.02.07 22:12:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.07 22:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.02.07 22:05:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.02.07 22:05:00 | 000,226,857 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.02.07 22:05:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.02.07 18:36:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.02.07 18:29:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.02.07 18:23:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011.02.07 18:22:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.02.07 18:21:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.07 18:12:45 | 000,000,626 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2011.02.07 18:10:36 | 000,006,929 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2011.02.07 18:09:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.07 18:01:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006.04.10 14:18:00 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.22 13:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.11.14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005.11.10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.11.10 11:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.11.10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.11.10 11:30:02 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe
[2005.11.10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll
[2004.11.30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004.11.30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.11 19:10:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.11 19:03:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.11 18:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.11 18:56:16 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.11 18:48:09 | 000,495,078 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.11 18:48:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.11 18:48:09 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.11 18:48:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.11 18:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.11 18:47:46 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.11 18:47:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.11 18:47:46 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.11 18:47:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.11 18:47:45 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.11 18:47:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.11 18:47:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.11 18:47:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.11 18:47:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.11 18:47:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

========== LOP Check ==========

[2011.02.20 19:46:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.02.07 21:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2011.06.20 09:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2011.02.07 18:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2
[2011.02.07 21:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.02.07 18:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.02.07 18:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canon
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\go
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Leadertech
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ulead Systems
[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job

========== Purity Check ==========

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.02.08 20:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Adobe
[2011.05.07 21:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\AdobeUM
[2011.02.07 18:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\AOL
[2011.03.11 20:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Avira
[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canon
[2011.05.13 19:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\CyberLink
[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\go
[2011.11.18 20:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Help
[2004.08.11 19:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Identities
[2011.12.03 20:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InstallShield
[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Leadertech
[2011.02.07 21:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Macromedia
[2011.12.20 21:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2011.12.02 16:56:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft
[2011.02.07 21:02:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla
[2011.07.02 20:46:22 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SecuROM
[2011.10.08 19:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Skype
[2011.06.18 12:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\skypePM
[2011.02.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Sun
[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Ulead Systems
[2011.04.16 16:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\vlc
[2011.02.07 18:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\You've Got Pictures Screensaver

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USER32.DLL >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004.08.11 18:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.11 18:55:48 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.11 18:55:48 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

Log ist unvollständig, der Anfang fehlt

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Sorry Arne,

nun aber vollständig und in Tags.

Gruß von
Johannes

OTL Logfile:

Code:

OTL logfile created on: 21.12.2011 20:00:48 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,48 Mb Total Physical Memory | 435,11 Mb Available Physical Memory | 42,55% Memory free

2,40 Gb Paging File | 1,85 Gb Available in Paging File | 77,11% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232,88 Gb Total Space | 202,03 Gb Free Space | 86,76% Space Free | Partition Type: NTFS

 

Computer Name: SN116528580310 | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.05.20 15:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe

PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.09.03 22:17:14 | 003,342,336 | ---- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe

PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\vsserv.exe

PRC - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe

PRC - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

PRC - [2006.02.23 12:08:36 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe

PRC - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

PRC - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe

PRC - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe

PRC - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe

PRC - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

PRC - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe

PRC - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe

PRC - [2005.11.17 09:51:08 | 000,975,360 | ---- | M] (Packard Bell BV) -- C:\APPS\SMP\SMPSYS.EXE

PRC - [2005.06.03 03:52:54 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_04\bin\jusched.exe

PRC - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe

PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe

PRC - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe

PRC - [2004.11.26 11:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe

PRC - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe

PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2003.05.02 10:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE

PRC - [2003.05.02 10:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.06.17 14:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe

MOD - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

MOD - [2006.02.23 12:08:54 | 000,065,634 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll

MOD - [2006.02.23 12:08:54 | 000,024,576 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll

MOD - [2006.02.23 12:08:52 | 000,225,384 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll

MOD - [2006.02.23 12:08:52 | 000,032,768 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll

MOD - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe

MOD - [2006.01.30 09:03:18 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll

MOD - [2006.01.30 08:53:44 | 000,049,152 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPGina.dll

MOD - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe

MOD - [2006.01.30 08:45:26 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll

MOD - [2006.01.30 08:45:24 | 000,110,592 | ---- | M] () -- C:\APPS\Softex\OmniPass\ginastub.dll

MOD - [2006.01.30 08:45:04 | 000,307,200 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll

MOD - [2006.01.30 08:44:50 | 000,901,120 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll

MOD - [2006.01.30 08:44:36 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll

MOD - [2006.01.30 08:44:34 | 000,364,544 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll

MOD - [2006.01.30 08:44:16 | 000,010,752 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll

MOD - [2006.01.30 08:33:28 | 002,179,504 | ---- | M] () -- C:\APPS\Softex\OmniPass\sftxtgp.dll

MOD - [2005.12.23 07:26:00 | 004,448,256 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\ROXIPP4.dll

MOD - [2005.11.04 16:56:34 | 000,073,728 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdpop3p.dll

MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll

MOD - [2005.09.19 17:37:08 | 000,132,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\libfn.dll

MOD - [2005.06.21 18:35:54 | 000,200,704 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdas.dll

MOD - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe

MOD - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe

MOD - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe

MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll

MOD - [2004.06.09 18:29:48 | 000,043,008 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimepack.dll

MOD - [2003.12.10 16:08:08 | 000,049,152 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimeinf.dll

MOD - [2003.12.10 16:07:30 | 000,045,056 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\procinf.dll

MOD - [2002.12.06 17:37:06 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\xreglib.dll

MOD - [2002.01.14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\avxdisk.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.06.28 19:28:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)

SRV - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)

SRV - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)

SRV - [2005.12.27 09:23:16 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)

SRV - [2005.12.27 09:21:22 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)

SRV - [2005.12.23 07:46:02 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)

SRV - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)

SRV - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)

SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)

SRV - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)

SRV - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.06.28 19:28:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.28 19:28:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.01.05 04:34:28 | 005,656,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010.05.20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2006.01.09 18:51:38 | 000,010,800 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRSDRV)

DRV - [2006.01.09 18:50:34 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFSDRV)

DRV - [2005.12.27 06:37:08 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)

DRV - [2005.12.09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005.10.22 06:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)

DRV - [2005.10.22 06:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)

DRV - [2005.10.22 06:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)

DRV - [2005.10.22 06:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)

DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2004.02.23 04:07:34 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\AIDA32 - Enterprise System Information\aida32.sys -- (AIDA32Driver)

DRV - [2003.01.10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2001.08.18 04:19:50 | 000,281,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/ger.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.03 23:54:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.06 22:31:50 | 000,000,000 | ---D | M]

 

[2011.02.07 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2011.05.06 22:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions

[2011.02.08 09:56:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.05.19 10:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.06.20 09:20:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.12.03 23:54:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.10.16 07:16:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.16 07:16:38 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.10.16 07:16:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.16 07:16:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.16 07:16:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.16 07:16:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\bdswitch.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()

O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Apps\Softex\OmniPass\opxpgina.dll) - C:\APPS\Softex\OmniPass\OPXPGina.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG800DL.bmp

O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG800DL.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp -  File not found

Drivers32: msacm.mkdmp3enc - c:\APPS\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM File not found

Drivers32: msacm.mpegacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.20 22:45:04 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2011.12.20 22:44:28 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe

[2011.12.20 21:07:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011.12.20 21:07:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.12.20 21:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.12.20 21:07:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.12.20 21:07:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.12.18 23:07:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2011.12.18 20:00:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.12.04 09:06:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache

[2011.12.04 00:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2011.12.04 00:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2011.12.04 00:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011.12.03 23:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2011.12.03 23:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de

[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2011.12.03 23:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2011.12.03 20:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.21 19:50:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.12.21 19:50:37 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.21 00:41:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011.12.20 22:44:29 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe

[2011.12.20 21:07:49 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.20 00:09:20 | 000,014,926 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\LogFiles.zip

[2011.12.18 23:39:54 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\gepzdetr.exe

[2011.12.18 23:37:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2011.12.18 22:59:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2011.12.18 22:58:04 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe

[2011.12.18 20:12:54 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.12.18 20:08:38 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.12.18 20:08:38 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.12.18 20:08:38 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.12.18 20:08:38 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.12.18 20:03:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job

[2011.12.03 23:18:11 | 000,251,712 | ---- | M] () -- C:\ntldr

[2011.12.03 20:42:06 | 000,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk

[2011.11.27 21:18:30 | 000,002,726 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\parcour.rtf

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.20 21:07:49 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.20 00:03:24 | 000,014,926 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\LogFiles.zip

[2011.12.18 23:39:53 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\gepzdetr.exe

[2011.12.18 22:59:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2011.12.18 22:58:04 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe

[2011.12.03 20:42:06 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk

[2011.11.27 21:10:31 | 000,002,726 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\parcour.rtf

[2011.06.26 15:19:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI

[2011.06.12 11:24:40 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.05.14 16:59:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2011.02.20 19:46:52 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL

[2011.02.09 21:54:55 | 000,002,592 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.02.07 22:24:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011.02.07 22:12:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.02.07 22:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2011.02.07 22:05:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2011.02.07 22:05:00 | 000,226,857 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2011.02.07 22:05:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2011.02.07 18:36:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2011.02.07 18:29:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2011.02.07 18:23:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2011.02.07 18:22:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2011.02.07 18:21:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.02.07 18:12:45 | 000,000,626 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI

[2011.02.07 18:10:36 | 000,006,929 | ---- | C] () -- C:\WINDOWS\HDReg.ini

[2011.02.07 18:09:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011.02.07 18:01:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2006.04.10 14:18:00 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005.11.22 13:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005.11.14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005.11.10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005.11.10 11:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005.11.10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005.11.10 11:30:02 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe

[2005.11.10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll

[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll

[2004.11.30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe

[2004.11.30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll

[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004.08.11 19:10:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004.08.11 19:03:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004.08.11 18:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004.08.11 18:56:16 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004.08.11 18:48:09 | 000,495,078 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2004.08.11 18:48:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2004.08.11 18:48:09 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2004.08.11 18:48:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2004.08.11 18:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004.08.11 18:47:46 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004.08.11 18:47:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004.08.11 18:47:46 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004.08.11 18:47:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004.08.11 18:47:45 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004.08.11 18:47:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004.08.11 18:47:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004.08.11 18:47:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004.08.11 18:47:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004.08.11 18:47:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll

[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

 
 ========== LOP Check ==========

 

[2011.02.20 19:46:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2011.02.07 21:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz

[2011.06.20 09:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO

[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts

[2011.02.07 18:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2

[2011.02.07 21:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters

[2011.02.07 18:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems

[2011.02.07 18:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint

[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon

[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\go

[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ulead Systems

[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.02.08 20:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe

[2011.05.07 21:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM

[2011.02.07 18:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AOL

[2011.03.11 20:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira

[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon

[2011.05.13 19:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberLink

[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\go

[2011.11.18 20:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help

[2004.08.11 19:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities

[2011.12.03 20:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield

[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2011.02.07 21:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia

[2011.12.20 21:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011.12.02 16:56:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft

[2011.02.07 21:02:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla

[2011.07.02 20:46:22 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM

[2011.10.08 19:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype

[2011.06.18 12:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM

[2011.02.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun

[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ulead Systems

[2011.04.16 16:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc

[2011.02.07 18:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\You've Got Pictures Screensaver

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys

[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2004.08.11 18:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004.08.11 18:55:48 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004.08.11 18:55:48 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

--- --- ---

[/code]

Zitat:

PRC - [2011.05.04 18:54:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2005.04.06 14:09:42 | 000,033,280 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdswitch.exe
PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe

Also BD und AntiVir gleichzeitig sowas macht man nicht.
Eins von den beiden umgehend deinstallieren.

Zitat:

C:\Programme\Java\jre1.5.0_04\bin\jusched.exe

Wenn du schon beim deinstallieren bist, dieses Uralt-Java gleich auch deinstallieren!

Mach danach ein Neustart und wieder ein neues OTL-Log (CustomScan)

Hi,

nach Deinstalltion von Antivir und Java Runtime hier nun die neue OTL-Logdatei

Gruß von
Johannes

OTL Logfile:

Code:

OTL logfile created on: 21.12.2011 21:35:17 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1022,48 Mb Total Physical Memory | 429,20 Mb Available Physical Memory | 41,98% Memory free

2,40 Gb Paging File | 1,88 Gb Available in Paging File | 78,40% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232,88 Gb Total Space | 202,31 Gb Free Space | 86,88% Space Free | Partition Type: NTFS

 

Computer Name: SN116528580310 | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.21 21:11:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010.05.20 15:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe

PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\vsserv.exe

PRC - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe

PRC - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

PRC - [2006.02.23 12:08:36 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe

PRC - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

PRC - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe

PRC - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe

PRC - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe

PRC - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

PRC - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe

PRC - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe

PRC - [2005.11.17 09:51:08 | 000,975,360 | ---- | M] (Packard Bell BV) -- C:\APPS\SMP\SMPSYS.EXE

PRC - [2005.11.07 17:48:20 | 000,417,792 | ---- | M] (SOFTWIN S.R.L.) -- C:\Programme\Softwin\BitDefender8\bdmcon.exe

PRC - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe

PRC - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe

PRC - [2004.11.26 11:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe

PRC - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe

PRC - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2003.05.02 10:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE

PRC - [2003.05.02 10:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.21 21:11:43 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe

MOD - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

MOD - [2006.02.23 12:08:54 | 000,065,634 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll

MOD - [2006.02.23 12:08:54 | 000,024,576 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll

MOD - [2006.02.23 12:08:52 | 000,225,384 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll

MOD - [2006.02.23 12:08:52 | 000,032,768 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll

MOD - [2006.01.30 09:56:38 | 001,978,368 | ---- | M] () -- C:\APPS\Softex\OmniPass\scureapp.exe

MOD - [2006.01.30 09:03:18 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll

MOD - [2006.01.30 08:53:44 | 000,049,152 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPGina.dll

MOD - [2006.01.30 08:47:50 | 000,014,848 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe

MOD - [2006.01.30 08:45:26 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\scuredll.dll

MOD - [2006.01.30 08:45:24 | 000,110,592 | ---- | M] () -- C:\APPS\Softex\OmniPass\ginastub.dll

MOD - [2006.01.30 08:45:04 | 000,307,200 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll

MOD - [2006.01.30 08:44:50 | 000,901,120 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll

MOD - [2006.01.30 08:44:36 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll

MOD - [2006.01.30 08:44:34 | 000,364,544 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll

MOD - [2006.01.30 08:44:16 | 000,010,752 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll

MOD - [2006.01.30 08:33:28 | 002,179,504 | ---- | M] () -- C:\APPS\Softex\OmniPass\sftxtgp.dll

MOD - [2005.12.23 07:26:00 | 004,448,256 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\ROXIPP4.dll

MOD - [2005.11.04 16:56:34 | 000,073,728 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdpop3p.dll

MOD - [2005.10.10 17:12:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\sockspy.dll

MOD - [2005.09.19 17:37:08 | 000,132,608 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\libfn.dll

MOD - [2005.06.21 18:35:54 | 000,200,704 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\bdas.dll

MOD - [2005.06.15 14:18:16 | 000,090,112 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\getfile.dll

MOD - [2005.05.12 17:35:42 | 000,030,208 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\librtvr.dll

MOD - [2005.02.16 14:46:02 | 000,030,208 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\httpgetf.dll

MOD - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe

MOD - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe

MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll

MOD - [2004.06.09 18:29:48 | 000,043,008 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimepack.dll

MOD - [2003.12.10 16:08:08 | 000,049,152 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\mimeinf.dll

MOD - [2003.12.10 16:07:30 | 000,045,056 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\procinf.dll

MOD - [2002.12.06 17:37:06 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\xreglib.dll

MOD - [2002.01.14 14:49:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\avxdisk.dll

MOD - [1998.07.12 00:13:00 | 000,053,760 | ---- | M] () -- C:\Programme\Softwin\BitDefender8\zlib.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2006.03.22 19:08:32 | 000,090,112 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Programme\Softwin\BitDefender8\vsserv.exe -- (VSSERV)

SRV - [2006.02.23 12:09:06 | 000,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2006.02.23 12:09:04 | 000,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2006.02.23 12:08:28 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2006.01.30 08:47:48 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)

SRV - [2006.01.13 18:14:46 | 000,086,016 | ---- | M] (Softwin) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)

SRV - [2005.12.27 09:23:16 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)

SRV - [2005.12.27 09:21:22 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)

SRV - [2005.12.23 07:46:02 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)

SRV - [2005.12.23 07:44:42 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)

SRV - [2005.12.23 07:42:02 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)

SRV - [2005.01.24 15:25:38 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)

SRV - [2005.01.07 11:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)

SRV - [2004.11.09 21:36:01 | 001,140,312 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.01.05 04:34:28 | 005,656,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2010.05.20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2006.01.09 18:51:38 | 000,010,800 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\Softwin\BitDefender8\bdrsdrv.sys -- (BDRSDRV)

DRV - [2006.01.09 18:50:34 | 000,014,145 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Softwin\BitDefender8\bdfsdrv.sys -- (BDFSDRV)

DRV - [2005.12.27 06:37:08 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)

DRV - [2005.12.09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005.10.22 06:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)

DRV - [2005.10.22 06:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)

DRV - [2005.10.22 06:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)

DRV - [2005.10.22 06:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)

DRV - [2005.09.30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2004.02.23 04:07:34 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\AIDA32 - Enterprise System Information\aida32.sys -- (AIDA32Driver)

DRV - [2003.01.10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2001.08.18 04:19:50 | 000,281,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/ger.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.21 21:11:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.06 22:31:50 | 000,000,000 | ---D | M]

 

[2011.02.07 21:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2011.05.06 22:17:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions

[2011.02.08 09:56:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.05.19 10:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.06.20 09:20:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.12.21 21:11:44 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.10.16 07:16:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.16 07:16:38 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.10.16 07:16:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.16 07:16:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.16 07:16:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.16 07:16:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\bdmcon.exe (SOFTWIN S.R.L.)

O4 - HKLM..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OmniPass] C:\APPS\Softex\OmniPass\scureapp.exe ()

O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B778C99E-8791-46D4-AE36-E168495B90C3}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - AppInit_DLLs: (sockspy.dll) -C:\WINDOWS\System32\sockspy.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Apps\Softex\OmniPass\opxpgina.dll) - C:\APPS\Softex\OmniPass\OPXPGina.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG800DL.bmp

O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG800DL.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.dvacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp -  File not found

Drivers32: msacm.mkdmp3enc - c:\APPS\POWERC~1\Kernel\Burner\MKDMP3Enc.ACM File not found

Drivers32: msacm.mpegacm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.ulmp3acm - C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.20 22:45:04 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2011.12.20 22:44:28 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe

[2011.12.20 21:07:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011.12.20 21:07:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.12.20 21:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.12.20 21:07:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.12.20 21:07:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.12.18 23:07:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2011.12.04 09:06:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache

[2011.12.04 00:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2011.12.04 00:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2011.12.04 00:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011.12.03 23:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2011.12.03 23:26:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de

[2011.12.03 23:26:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2011.12.03 23:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2011.12.03 20:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.21 21:28:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.12.21 21:27:58 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.21 21:11:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011.12.20 22:44:29 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe

[2011.12.20 21:07:49 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.20 00:09:20 | 000,014,926 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\LogFiles.zip

[2011.12.18 23:39:54 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\gepzdetr.exe

[2011.12.18 23:37:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.12.18 23:07:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2011.12.18 22:59:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2011.12.18 22:58:04 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe

[2011.12.18 20:12:54 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.12.18 20:08:38 | 000,495,078 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.12.18 20:08:38 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.12.18 20:08:38 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.12.18 20:08:38 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.12.18 20:03:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Erweiterte Garantie.job

[2011.12.03 23:18:11 | 000,251,712 | ---- | M] () -- C:\ntldr

[2011.12.03 20:42:06 | 000,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk

[2011.11.27 21:18:30 | 000,002,726 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\parcour.rtf

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.20 21:07:49 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.20 00:03:24 | 000,014,926 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\LogFiles.zip

[2011.12.18 23:39:53 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\gepzdetr.exe

[2011.12.18 22:59:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2011.12.18 22:58:04 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe

[2011.12.03 20:42:06 | 000,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WiFi Station.lnk

[2011.11.27 21:10:31 | 000,002,726 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\parcour.rtf

[2011.06.26 15:19:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI

[2011.06.12 11:24:40 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.05.14 16:59:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2011.02.20 19:46:52 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL

[2011.02.09 21:54:55 | 000,002,592 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.02.07 22:24:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011.02.07 22:12:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011.02.07 22:05:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2011.02.07 22:05:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2011.02.07 22:05:00 | 000,226,857 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2011.02.07 22:05:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2011.02.07 18:36:24 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2011.02.07 18:29:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2011.02.07 18:23:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2011.02.07 18:22:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2011.02.07 18:21:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.02.07 18:12:45 | 000,000,626 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI

[2011.02.07 18:10:36 | 000,006,929 | ---- | C] () -- C:\WINDOWS\HDReg.ini

[2011.02.07 18:09:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011.02.07 18:01:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2006.04.10 14:18:00 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005.11.22 13:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005.11.14 14:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005.11.10 11:30:04 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005.11.10 11:30:04 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005.11.10 11:30:04 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005.11.10 11:30:02 | 000,524,288 | R--- | C] () -- C:\WINDOWS\System32\divxsm.exe

[2005.11.10 11:30:02 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll

[2005.10.10 17:12:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy.dll

[2004.11.30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe

[2004.11.30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll

[2004.08.11 19:13:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004.08.11 19:10:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004.08.11 19:03:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004.08.11 18:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004.08.11 18:56:16 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004.08.11 18:48:09 | 000,495,078 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2004.08.11 18:48:09 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2004.08.11 18:48:09 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2004.08.11 18:48:09 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2004.08.11 18:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004.08.11 18:47:46 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004.08.11 18:47:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004.08.11 18:47:46 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004.08.11 18:47:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004.08.11 18:47:45 | 000,004,613 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004.08.11 18:47:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004.08.11 18:47:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004.08.11 18:47:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004.08.11 18:47:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004.08.11 18:47:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll

[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

[2002.12.06 17:37:06 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

 
 ========== LOP Check ==========

 

[2011.02.20 19:46:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2011.02.07 21:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz

[2011.06.20 09:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO

[2011.07.02 21:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts

[2011.02.07 18:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OD2

[2011.02.07 21:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters

[2011.02.07 18:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems

[2011.02.07 18:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint

[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon

[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\go

[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ulead Systems

[2011.12.04 10:30:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Erweiterte Garantie.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.02.08 20:41:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe

[2011.05.07 21:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM

[2011.02.07 18:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AOL

[2011.02.23 21:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon

[2011.05.13 19:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberLink

[2011.11.18 21:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\go

[2011.11.18 20:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help

[2004.08.11 19:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities

[2011.12.03 20:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield

[2011.07.02 20:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2011.02.07 21:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia

[2011.12.20 21:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011.12.02 16:56:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft

[2011.02.07 21:02:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla

[2011.07.02 20:46:22 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM

[2011.10.08 19:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype

[2011.06.18 12:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM

[2011.02.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun

[2011.02.23 21:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ulead Systems

[2011.04.16 16:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc

[2011.02.07 18:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\You've Got Pictures Screensaver

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys

[2011.05.14 16:58:03 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2004.08.11 18:55:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004.08.11 18:55:48 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004.08.11 18:55:48 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >
 

< End of report >

--- --- ---

[/code]

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hi,

hier nun das TDSS-Killer-Log:

Code:



22:24:57.0906 3388        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

22:24:58.0125 3388        ============================================================

22:24:58.0125 3388        Current date / time: 2011/12/21 22:24:58.0125

22:24:58.0125 3388        SystemInfo:

22:24:58.0125 3388        

22:24:58.0125 3388        OS Version: 5.1.2600 ServicePack: 3.0

22:24:58.0125 3388        Product type: Workstation

22:24:58.0125 3388        ComputerName: SN116528580310

22:24:58.0125 3388        UserName: ***

22:24:58.0125 3388        Windows directory: C:\WINDOWS

22:24:58.0125 3388        System windows directory: C:\WINDOWS

22:24:58.0125 3388        Processor architecture: Intel x86

22:24:58.0125 3388        Number of processors: 2

22:24:58.0125 3388        Page size: 0x1000

22:24:58.0125 3388        Boot type: Normal boot

22:24:58.0140 3388        ============================================================

22:24:58.0796 3388        Initialize success

22:26:10.0750 2284        ============================================================

22:26:10.0750 2284        Scan started

22:26:10.0750 2284        Mode: Manual; SigCheck; TDLFS; 

22:26:10.0750 2284        ============================================================

22:26:11.0937 2284        Abiosdsk - ok

22:26:11.0984 2284        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

22:26:12.0734 2284        abp480n5 - ok

22:26:12.0812 2284        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:26:13.0015 2284        ACPI - ok

22:26:13.0046 2284        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

22:26:13.0203 2284        ACPIEC - ok

22:26:13.0234 2284        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

22:26:13.0390 2284        adpu160m - ok

22:26:13.0437 2284        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

22:26:13.0593 2284        aec - ok

22:26:13.0656 2284        AegisP          (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

22:26:13.0781 2284        AegisP ( UnsignedFile.Multi.Generic ) - warning

22:26:13.0781 2284        AegisP - detected UnsignedFile.Multi.Generic (1)

22:26:13.0890 2284        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

22:26:14.0218 2284        AFD - ok

22:26:14.0281 2284        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

22:26:14.0437 2284        agp440 - ok

22:26:14.0468 2284        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

22:26:14.0625 2284        agpCPQ - ok

22:26:14.0640 2284        Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

22:26:14.0718 2284        Aha154x - ok

22:26:14.0734 2284        aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

22:26:14.0890 2284        aic78u2 - ok

22:26:14.0906 2284        aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

22:26:15.0046 2284        aic78xx - ok

22:26:15.0093 2284        AIDA32Driver    (92dc46fb76d96879bfebe0a334645b5b) C:\Programme\AIDA32 - Enterprise System Information\aida32.sys

22:26:15.0125 2284        AIDA32Driver ( UnsignedFile.Multi.Generic ) - warning

22:26:15.0125 2284        AIDA32Driver - detected UnsignedFile.Multi.Generic (1)

22:26:15.0203 2284        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

22:26:15.0359 2284        AliIde - ok

22:26:15.0390 2284        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

22:26:15.0546 2284        alim1541 - ok

22:26:15.0562 2284        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

22:26:15.0718 2284        amdagp - ok

22:26:15.0734 2284        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

22:26:15.0828 2284        amsint - ok

22:26:15.0859 2284        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:26:16.0000 2284        Arp1394 - ok

22:26:16.0031 2284        asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

22:26:16.0187 2284        asc - ok

22:26:16.0203 2284        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

22:26:16.0296 2284        asc3350p - ok

22:26:16.0312 2284        asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

22:26:16.0468 2284        asc3550 - ok

22:26:16.0531 2284        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:26:16.0687 2284        AsyncMac - ok

22:26:16.0703 2284        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:26:16.0843 2284        atapi - ok

22:26:16.0859 2284        Atdisk - ok

22:26:17.0031 2284        ati2mtag        (6936f713dc69ade85c50788990e34c16) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

22:26:17.0312 2284        ati2mtag - ok

22:26:17.0406 2284        atimtai         (e21282fa0e5b491c7b4920f1f6d8b028) C:\WINDOWS\system32\DRIVERS\atimtai.sys

22:26:17.0562 2284        atimtai - ok

22:26:17.0625 2284        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:26:17.0765 2284        Atmarpc - ok

22:26:17.0828 2284        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:26:17.0984 2284        audstub - ok

22:26:18.0062 2284        BDFSDRV         (09144a34a6bc8c1228db81995bacc0f8) C:\Programme\Softwin\BitDefender8\bdfsdrv.sys

22:26:18.0093 2284        BDFSDRV ( UnsignedFile.Multi.Generic ) - warning

22:26:18.0093 2284        BDFSDRV - detected UnsignedFile.Multi.Generic (1)

22:26:18.0109 2284        BDRSDRV         (f1889ce49bc9d097618ee2eb030fd368) C:\Programme\Softwin\BitDefender8\bdrsdrv.sys

22:26:18.0140 2284        BDRSDRV ( UnsignedFile.Multi.Generic ) - warning

22:26:18.0140 2284        BDRSDRV - detected UnsignedFile.Multi.Generic (1)

22:26:18.0218 2284        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:26:18.0359 2284        Beep - ok

22:26:18.0406 2284        cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

22:26:18.0578 2284        cbidf - ok

22:26:18.0593 2284        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:26:18.0734 2284        cbidf2k - ok

22:26:18.0765 2284        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:26:18.0906 2284        CCDECODE - ok

22:26:18.0953 2284        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

22:26:19.0031 2284        cd20xrnt - ok

22:26:19.0046 2284        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:26:19.0218 2284        Cdaudio - ok

22:26:19.0250 2284        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:26:19.0390 2284        Cdfs - ok

22:26:19.0421 2284        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:26:19.0562 2284        Cdrom - ok

22:26:19.0609 2284        cdudf_xp        (453ee75b9164fee7bce6a0168abe9d43) C:\WINDOWS\system32\drivers\cdudf_xp.sys

22:26:19.0625 2284        cdudf_xp ( UnsignedFile.Multi.Generic ) - warning

22:26:19.0625 2284        cdudf_xp - detected UnsignedFile.Multi.Generic (1)

22:26:19.0640 2284        Changer - ok

22:26:19.0703 2284        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys

22:26:19.0859 2284        CmdIde - ok

22:26:19.0875 2284        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

22:26:20.0031 2284        Cpqarray - ok

22:26:20.0062 2284        dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

22:26:20.0218 2284        dac2w2k - ok

22:26:20.0234 2284        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

22:26:20.0390 2284        dac960nt - ok

22:26:20.0437 2284        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:26:20.0593 2284        Disk - ok

22:26:20.0640 2284        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

22:26:20.0843 2284        dmboot - ok

22:26:20.0859 2284        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

22:26:21.0015 2284        dmio - ok

22:26:21.0046 2284        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:26:21.0187 2284        dmload - ok

22:26:21.0234 2284        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

22:26:21.0375 2284        DMusic - ok

22:26:21.0421 2284        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

22:26:21.0578 2284        dpti2o - ok

22:26:21.0625 2284        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

22:26:21.0765 2284        drmkaud - ok

22:26:21.0812 2284        drvmcdb         (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys

22:26:21.0828 2284        drvmcdb ( UnsignedFile.Multi.Generic ) - warning

22:26:21.0828 2284        drvmcdb - detected UnsignedFile.Multi.Generic (1)

22:26:21.0843 2284        dvd_2K          (dd031ff015b22b4d1560510df0f21fe6) C:\WINDOWS\system32\drivers\dvd_2K.sys

22:26:21.0875 2284        dvd_2K ( UnsignedFile.Multi.Generic ) - warning

22:26:21.0875 2284        dvd_2K - detected UnsignedFile.Multi.Generic (1)

22:26:21.0921 2284        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:26:22.0078 2284        Fastfat - ok

22:26:22.0125 2284        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

22:26:22.0265 2284        Fdc - ok

22:26:22.0296 2284        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

22:26:22.0437 2284        Fips - ok

22:26:22.0453 2284        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

22:26:22.0609 2284        Flpydisk - ok

22:26:22.0640 2284        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

22:26:22.0796 2284        FltMgr - ok

22:26:22.0828 2284        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:26:22.0984 2284        Fs_Rec - ok

22:26:23.0015 2284        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:26:23.0156 2284        Ftdisk - ok

22:26:23.0203 2284        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:26:23.0343 2284        Gpc - ok

22:26:23.0390 2284        HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys

22:26:23.0421 2284        HdAudAddService - ok

22:26:23.0468 2284        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:26:23.0625 2284        HDAudBus - ok

22:26:23.0671 2284        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:26:23.0812 2284        HidUsb - ok

22:26:23.0843 2284        hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

22:26:24.0000 2284        hpn - ok

22:26:24.0046 2284        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:26:24.0109 2284        HTTP - ok

22:26:24.0156 2284        i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

22:26:24.0296 2284        i2omgmt - ok

22:26:24.0312 2284        i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

22:26:24.0468 2284        i2omp - ok

22:26:24.0500 2284        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:26:24.0671 2284        i8042prt - ok

22:26:24.0703 2284        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:26:24.0843 2284        Imapi - ok

22:26:24.0890 2284        ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

22:26:25.0046 2284        ini910u - ok

22:26:25.0187 2284        IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys

22:26:25.0406 2284        IntcAzAudAddService - ok

22:26:25.0453 2284        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys

22:26:25.0593 2284        IntelIde - ok

22:26:25.0625 2284        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:26:25.0781 2284        intelppm - ok

22:26:25.0796 2284        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

22:26:25.0937 2284        Ip6Fw - ok

22:26:25.0968 2284        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:26:26.0140 2284        IpFilterDriver - ok

22:26:26.0171 2284        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:26:26.0312 2284        IpInIp - ok

22:26:26.0343 2284        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:26:26.0500 2284        IpNat - ok

22:26:26.0531 2284        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:26:26.0671 2284        IPSec - ok

22:26:26.0703 2284        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:26:26.0843 2284        IRENUM - ok

22:26:26.0859 2284        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:26:27.0000 2284        isapnp - ok

22:26:27.0031 2284        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:26:27.0171 2284        Kbdclass - ok

22:26:27.0203 2284        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

22:26:27.0343 2284        kbdhid - ok

22:26:27.0390 2284        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

22:26:27.0531 2284        kmixer - ok

22:26:27.0578 2284        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:26:27.0625 2284        KSecDD - ok

22:26:27.0640 2284        lbrtfdc - ok

22:26:27.0703 2284        MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

22:26:27.0765 2284        MBAMProtector - ok

22:26:27.0781 2284        MBAMSwissArmy - ok

22:26:27.0828 2284        mmc_2K          (58955da604fa306f84e90f830f5c11b2) C:\WINDOWS\system32\drivers\mmc_2K.sys

22:26:27.0843 2284        mmc_2K ( UnsignedFile.Multi.Generic ) - warning

22:26:27.0843 2284        mmc_2K - detected UnsignedFile.Multi.Generic (1)

22:26:27.0875 2284        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:26:28.0031 2284        mnmdd - ok

22:26:28.0062 2284        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

22:26:28.0218 2284        Modem - ok

22:26:28.0234 2284        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:26:28.0375 2284        Mouclass - ok

22:26:28.0421 2284        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:26:28.0562 2284        mouhid - ok

22:26:28.0593 2284        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:26:28.0734 2284        MountMgr - ok

22:26:28.0750 2284        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

22:26:28.0906 2284        mraid35x - ok

22:26:28.0953 2284        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:26:29.0093 2284        MRxDAV - ok

22:26:29.0140 2284        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:26:29.0234 2284        MRxSmb - ok

22:26:29.0281 2284        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:26:29.0406 2284        Msfs - ok

22:26:29.0453 2284        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:26:29.0593 2284        MSKSSRV - ok

22:26:29.0609 2284        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:26:29.0750 2284        MSPCLOCK - ok

22:26:29.0781 2284        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

22:26:29.0921 2284        MSPQM - ok

22:26:29.0968 2284        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:26:30.0109 2284        mssmbios - ok

22:26:30.0140 2284        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

22:26:30.0281 2284        MSTEE - ok

22:26:30.0328 2284        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

22:26:30.0640 2284        Mup - ok

22:26:30.0671 2284        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:26:30.0812 2284        NABTSFEC - ok

22:26:30.0843 2284        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:26:31.0015 2284        NDIS - ok

22:26:31.0062 2284        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:26:31.0218 2284        NdisIP - ok

22:26:31.0250 2284        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:26:31.0281 2284        NdisTapi - ok

22:26:31.0312 2284        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:26:31.0468 2284        Ndisuio - ok

22:26:31.0515 2284        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:26:31.0656 2284        NdisWan - ok

22:26:31.0687 2284        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

22:26:31.0734 2284        NDProxy - ok

22:26:31.0781 2284        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:26:31.0921 2284        NetBIOS - ok

22:26:31.0953 2284        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:26:32.0093 2284        NetBT - ok

22:26:32.0156 2284        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:26:32.0296 2284        NIC1394 - ok

22:26:32.0328 2284        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:26:32.0484 2284        Npfs - ok

22:26:32.0515 2284        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:26:32.0703 2284        Ntfs - ok

22:26:32.0750 2284        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:26:32.0890 2284        Null - ok

22:26:32.0921 2284        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:26:33.0078 2284        NwlnkFlt - ok

22:26:33.0093 2284        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:26:33.0250 2284        NwlnkFwd - ok

22:26:33.0296 2284        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:26:33.0437 2284        ohci1394 - ok

22:26:33.0468 2284        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

22:26:33.0625 2284        Parport - ok

22:26:33.0640 2284        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:26:33.0781 2284        PartMgr - ok

22:26:33.0812 2284        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

22:26:33.0968 2284        ParVdm - ok

22:26:34.0000 2284        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

22:26:34.0140 2284        PCI - ok

22:26:34.0156 2284        PCIDump - ok

22:26:34.0187 2284        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

22:26:34.0343 2284        PCIIde - ok

22:26:34.0375 2284        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

22:26:34.0515 2284        Pcmcia - ok

22:26:34.0531 2284        PDCOMP - ok

22:26:34.0546 2284        PDFRAME - ok

22:26:34.0562 2284        PDRELI - ok

22:26:34.0578 2284        PDRFRAME - ok

22:26:34.0625 2284        perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

22:26:34.0765 2284        perc2 - ok

22:26:34.0781 2284        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

22:26:34.0937 2284        perc2hib - ok

22:26:35.0000 2284        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:26:35.0140 2284        PptpMiniport - ok

22:26:35.0171 2284        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

22:26:35.0312 2284        Processor - ok

22:26:35.0343 2284        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

22:26:35.0484 2284        PSched - ok

22:26:35.0500 2284        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:26:35.0656 2284        Ptilink - ok

22:26:35.0687 2284        pwd_2k          (a57885ecdee5719a776a4202737fe347) C:\WINDOWS\system32\drivers\pwd_2k.sys

22:26:35.0718 2284        pwd_2k ( UnsignedFile.Multi.Generic ) - warning

22:26:35.0718 2284        pwd_2k - detected UnsignedFile.Multi.Generic (1)

22:26:35.0750 2284        PxHelp20        (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys

22:26:35.0781 2284        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

22:26:35.0781 2284        PxHelp20 - detected UnsignedFile.Multi.Generic (1)

22:26:35.0796 2284        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

22:26:35.0937 2284        ql1080 - ok

22:26:35.0953 2284        Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

22:26:36.0140 2284        Ql10wnt - ok

22:26:36.0156 2284        ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

22:26:36.0296 2284        ql12160 - ok

22:26:36.0312 2284        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

22:26:36.0468 2284        ql1240 - ok

22:26:36.0484 2284        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

22:26:36.0640 2284        ql1280 - ok

22:26:36.0671 2284        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:26:36.0828 2284        RasAcd - ok

22:26:36.0859 2284        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:26:37.0015 2284        Rasl2tp - ok

22:26:37.0031 2284        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:26:37.0187 2284        RasPppoe - ok

22:26:37.0203 2284        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:26:37.0343 2284        Raspti - ok

22:26:37.0375 2284        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:26:37.0515 2284        Rdbss - ok

22:26:37.0531 2284        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:26:37.0687 2284        RDPCDD - ok

22:26:37.0718 2284        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:26:37.0875 2284        rdpdr - ok

22:26:37.0921 2284        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

22:26:37.0968 2284        RDPWD - ok

22:26:38.0000 2284        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:26:38.0156 2284        redbook - ok

22:26:38.0218 2284        RT61 - ok

22:26:38.0234 2284        RTL8023xp       (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

22:26:38.0328 2284        RTL8023xp - ok

22:26:38.0359 2284        RxFilter        (2b3cc40e5586ac5724df83c257a69f69) C:\WINDOWS\system32\DRIVERS\RxFilter.sys

22:26:38.0390 2284        RxFilter ( UnsignedFile.Multi.Generic ) - warning

22:26:38.0390 2284        RxFilter - detected UnsignedFile.Multi.Generic (1)

22:26:38.0437 2284        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:26:38.0593 2284        Secdrv - ok

22:26:38.0625 2284        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

22:26:38.0781 2284        Serial - ok

22:26:38.0812 2284        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:26:38.0953 2284        Sfloppy - ok

22:26:38.0968 2284        Simbad - ok

22:26:39.0015 2284        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

22:26:39.0156 2284        sisagp - ok

22:26:39.0187 2284        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

22:26:39.0328 2284        SLIP - ok

22:26:39.0359 2284        Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

22:26:39.0437 2284        Sparrow - ok

22:26:39.0484 2284        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

22:26:39.0640 2284        splitter - ok

22:26:39.0671 2284        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

22:26:39.0812 2284        sr - ok

22:26:39.0859 2284        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

22:26:39.0921 2284        Srv - ok

22:26:39.0968 2284        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:26:40.0125 2284        streamip - ok

22:26:40.0140 2284        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:26:40.0281 2284        swenum - ok

22:26:40.0312 2284        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

22:26:40.0453 2284        swmidi - ok

22:26:40.0484 2284        symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

22:26:40.0640 2284        symc810 - ok

22:26:40.0656 2284        symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

22:26:40.0796 2284        symc8xx - ok

22:26:40.0812 2284        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

22:26:40.0953 2284        sym_hi - ok

22:26:40.0968 2284        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

22:26:41.0125 2284        sym_u3 - ok

22:26:41.0171 2284        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

22:26:41.0312 2284        sysaudio - ok

22:26:41.0390 2284        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:26:41.0484 2284        Tcpip - ok

22:26:41.0515 2284        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:26:41.0656 2284        TDPIPE - ok

22:26:41.0687 2284        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:26:41.0843 2284        TDTCP - ok

22:26:41.0859 2284        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:26:42.0000 2284        TermDD - ok

22:26:42.0031 2284        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys

22:26:42.0171 2284        TosIde - ok

22:26:42.0218 2284        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:26:42.0359 2284        Udfs - ok

22:26:42.0390 2284        ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

22:26:42.0468 2284        ultra - ok

22:26:42.0515 2284        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:26:42.0656 2284        Update - ok

22:26:42.0718 2284        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

22:26:42.0859 2284        usbaudio - ok

22:26:42.0890 2284        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:26:43.0031 2284        usbccgp - ok

22:26:43.0062 2284        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:26:43.0203 2284        usbehci - ok

22:26:43.0218 2284        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:26:43.0359 2284        usbhub - ok

22:26:43.0375 2284        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

22:26:43.0515 2284        usbohci - ok

22:26:43.0546 2284        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:26:43.0703 2284        usbprint - ok

22:26:43.0734 2284        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:26:43.0875 2284        usbscan - ok

22:26:43.0921 2284        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:26:44.0046 2284        USBSTOR - ok

22:26:44.0062 2284        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:26:44.0218 2284        VgaSave - ok

22:26:44.0250 2284        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

22:26:44.0390 2284        viaagp - ok

22:26:44.0406 2284        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

22:26:44.0562 2284        ViaIde - ok

22:26:44.0578 2284        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

22:26:44.0734 2284        VolSnap - ok

22:26:44.0828 2284        VX3000          (e26744e5dd71a16e80d4dd5a286b8423) C:\WINDOWS\system32\DRIVERS\VX3000.sys

22:26:44.0968 2284        VX3000 - ok

22:26:45.0015 2284        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:26:45.0171 2284        Wanarp - ok

22:26:45.0203 2284        wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

22:26:45.0250 2284        wanatw - ok

22:26:45.0328 2284        WDICA - ok

22:26:45.0390 2284        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

22:26:45.0546 2284        wdmaud - ok

22:26:45.0656 2284        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:26:45.0812 2284        WSTCODEC - ok

22:26:45.0859 2284        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

22:26:46.0015 2284        \Device\Harddisk0\DR0 - ok

22:26:46.0015 2284        Boot (0x1200)   (558ad5e109a98dc819d137e19fc17fb2) \Device\Harddisk0\DR0\Partition0

22:26:46.0015 2284        \Device\Harddisk0\DR0\Partition0 - ok

22:26:46.0015 2284        ============================================================

22:26:46.0015 2284        Scan finished

22:26:46.0015 2284        ============================================================

22:26:46.0156 1644        Detected object count: 11

22:26:46.0156 1644        Actual detected object count: 11

22:27:15.0062 1644        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0062 1644        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0062 1644        AIDA32Driver ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0062 1644        AIDA32Driver ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0062 1644        BDFSDRV ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0062 1644        BDFSDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0078 1644        BDRSDRV ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0078 1644        BDRSDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0078 1644        cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0078 1644        cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0078 1644        drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0078 1644        drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0078 1644        dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0078 1644        dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0093 1644        mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0093 1644        mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0093 1644        pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0093 1644        pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0093 1644        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0093 1644        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:27:15.0093 1644        RxFilter ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:15.0093 1644        RxFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Guten Abend Arne,

bin heute etws später unterwegs und habe Combofix ausgeführt.

Gruß von
Johannes

Hier die Logdatei

[code]
Combofix Logfile:

Code:

ComboFix 11-12-22.04 - *** 22.12.2011  22:17:47.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.418 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe

AV: BitDefender 8 AntiVirus + AntiSpam *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\IsUn0407.exe

c:\windows\system32\oobe\isperror

c:\windows\system32\oobe\isperror\ispcnerr.htm

c:\windows\system32\oobe\isperror\ispdtone.htm

c:\windows\system32\oobe\isperror\isphdshk.htm

c:\windows\system32\oobe\isperror\ispins.htm

c:\windows\system32\oobe\isperror\ispnoanw.htm

c:\windows\system32\oobe\isperror\isppberr.htm

c:\windows\system32\oobe\isperror\ispphbsy.htm

c:\windows\system32\oobe\isperror\ispsbusy.htm

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-22 bis 2011-12-22  ))))))))))))))))))))))))))))))

.

.

2011-12-21 22:36 . 2011-12-21 22:37        --------        dc-h--w-        c:\windows\ie8

2011-12-21 20:11 . 2011-12-21 20:11        43992        ----a-w-        c:\programme\Mozilla Firefox\mozutils.dll

2011-12-21 20:11 . 2011-12-21 20:11        626688        ----a-w-        c:\programme\Mozilla Firefox\msvcr80.dll

2011-12-21 20:11 . 2011-12-21 20:11        548864        ----a-w-        c:\programme\Mozilla Firefox\msvcp80.dll

2011-12-21 20:11 . 2011-12-21 20:11        479232        ----a-w-        c:\programme\Mozilla Firefox\msvcm80.dll

2011-12-20 21:45 . 2011-12-20 21:45        --------        d-----w-        c:\programme\ESET

2011-12-20 20:07 . 2011-12-20 20:07        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes

2011-12-20 20:07 . 2011-12-20 20:07        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-12-20 20:07 . 2011-12-20 21:24        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-12-20 20:07 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-18 18:40 . 2010-09-18 06:52        954368        ------w-        c:\windows\system32\dllcache\mfc40.dll

2011-12-18 18:40 . 2010-09-18 06:52        953856        ------w-        c:\windows\system32\dllcache\mfc40u.dll

2011-12-18 18:40 . 2010-08-23 16:11        617472        ------w-        c:\windows\system32\dllcache\comctl32.dll

2011-12-18 18:38 . 2010-11-02 15:17        40960        ------w-        c:\windows\system32\dllcache\ndproxy.sys

2011-12-18 18:37 . 2011-06-24 14:10        139656        ------w-        c:\windows\system32\dllcache\rdpwd.sys

2011-12-18 18:37 . 2011-04-21 13:37        105472        ------w-        c:\windows\system32\dllcache\mup.sys

2011-12-18 18:36 . 2011-07-08 14:02        10496        ------w-        c:\windows\system32\dllcache\ndistapi.sys

2011-12-18 18:35 . 2010-10-11 14:59        45568        ------w-        c:\windows\system32\dllcache\wab.exe

2011-12-04 08:06 . 2011-12-04 08:06        --------        d-sh--w-        c:\dokumente und einstellungen\***\IETldCache

2011-12-03 23:04 . 2011-08-16 10:45        6144        ------w-        c:\windows\system32\dllcache\iecompat.dll

2011-12-03 23:03 . 2011-11-04 19:13        602112        ------w-        c:\windows\system32\dllcache\msfeeds.dll

2011-12-03 23:03 . 2011-11-04 19:13        55296        ------w-        c:\windows\system32\dllcache\msfeedsbs.dll

2011-12-03 23:03 . 2011-11-04 19:13        12800        ------w-        c:\windows\system32\dllcache\xpshims.dll

2011-12-03 23:03 . 2011-11-04 19:13        247808        ------w-        c:\windows\system32\dllcache\ieproxy.dll

2011-12-03 23:03 . 2011-11-04 19:13        743424        ------w-        c:\windows\system32\dllcache\iedvtool.dll

2011-12-03 23:03 . 2011-11-04 19:13        2000384        ------w-        c:\windows\system32\dllcache\iertutil.dll

2011-12-03 23:03 . 2011-11-04 19:13        11081728        ------w-        c:\windows\system32\dllcache\ieframe.dll

2011-12-03 22:49 . 2011-07-15 13:29        456320        ------w-        c:\windows\system32\dllcache\mrxsmb.sys

2011-12-03 22:48 . 2011-12-03 22:48        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-03 22:26 . 2011-12-03 22:26        --------        d-----w-        c:\windows\l2schemas

2011-12-03 22:26 . 2011-12-03 22:26        --------        d-----w-        c:\windows\system32\de

2011-12-03 22:26 . 2011-12-03 22:26        --------        d-----w-        c:\windows\system32\bits

2011-12-03 20:25 . 2008-04-14 02:22        21504        ----a-w-        c:\windows\system32\hidserv.dll

2011-12-03 20:25 . 2008-04-14 01:58        14720        ----a-w-        c:\windows\system32\drivers\kbdhid.sys

2011-12-03 19:40 . 2011-12-03 19:40        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\InstallShield

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 14:40 . 2011-05-14 15:58        1859712        ----a-w-        c:\windows\system32\win32k.sys

2011-11-04 19:13 . 2011-05-14 15:58        916992        ----a-w-        c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2011-05-14 15:58        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2011-11-04 19:13 . 2011-05-14 15:58        43520        ------w-        c:\windows\system32\licmgr10.dll

2011-11-04 11:23 . 2004-08-11 17:47        385024        ------w-        c:\windows\system32\html.iec

2011-11-01 16:07 . 2011-05-14 15:58        1288704        ----a-w-        c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2011-05-14 15:58        33280        ----a-w-        c:\windows\system32\csrsrv.dll

2011-10-26 10:49 . 2011-05-14 15:58        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-10-26 10:49 . 2011-05-14 15:58        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2011-05-14 15:59        186880        ----a-w-        c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2011-05-14 15:58        692736        ----a-w-        c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2011-05-14 15:59        604160        ----a-w-        c:\windows\system32\crypt32.dll

2011-09-26 10:41 . 2008-07-29 18:59        614912        ----a-w-        c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2004-08-11 17:47        23040        ----a-w-        c:\windows\system32\oleaccrc.dll

2011-09-26 10:41 . 2004-08-11 17:47        220160        ----a-w-        c:\windows\system32\oleacc.dll

2011-12-21 20:11 . 2011-05-06 21:31        121816        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]

"EA Core"="c:\programme\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]

"Ulead AutoDetector v2"="c:\programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]

"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]

"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"LifeCam"="c:\programme\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2005-11-07 417792]

"BDNewsAgent"="c:\programme\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 8192]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

WiFi Station.lnk - c:\programme\Hercules\WiFi Station\WifiStation.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2006-01-30 07:53        49152        ----a-w-        c:\apps\Softex\OmniPass\OPXPGina.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\Ahead\\SIPPS\\SIPPS.exe"=

"%ProgramFiles%\\sipgate X-Lite\\sipgateXLite.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Programme\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Programme\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Programme\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Programme\\AOL 9.0\\waol.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\EA Sports\\FIFA 11\\Game\\fifa.exe"=

"c:\\Programme\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Programme\\Roxio\\WinOnCD 8\\Digital Home\\RoxUpnpServer.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

.

R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2011 21:07 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2011 21:07 22216]

S3 AIDA32Driver;AIDA32Driver;c:\programme\AIDA32 - Enterprise System Information\aida32.sys [23.02.2004 04:07 3584]

S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [07.02.2011 21:22 281728]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-04 c:\windows\Tasks\Erweiterte Garantie.job

- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = file:///C:/APPS/IE/offline/ger.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\w6ghrm33.default\

FF - prefs.js: browser.startup.homepage - www.google.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-12-22 22:23

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(676)

c:\windows\system32\sockspy.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\apps\Softex\OmniPass\opxpgina.dll

.

- - - - - - - > 'lsass.exe'(732)

c:\windows\system32\sockspy.dll

.

Zeit der Fertigstellung: 2011-12-22  22:24:38

ComboFix-quarantined-files.txt  2011-12-22 21:24

.

Vor Suchlauf: 15 Verzeichnis(se), 216.665.464.832 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 226.418.909.184 Bytes frei

.

- - End Of File - - 8FF9DA13118CE76A69510DE0EE2CB4A2

--- --- ---