Danke schonmal und hier die Logs
MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\E: --> \\.\PhysicalDrive2
\\.\G: --> \\.\PhysicalDrive1
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
232 GB \\.\PhysicalDrive2
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4342
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
24.07.2010 03:38:27
mbam-log-2010-07-24 (03-38-27).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 127049
Laufzeit: 3 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
GMER Logfile: Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-24 03:17:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\INAN\LOKALE~1\Temp\uwaiqaob.sys
---- System - GMER 1.0.15 ----
SSDT BA7265FE ZwCreateKey
SSDT BA7265F4 ZwCreateThread
SSDT BA726603 ZwDeleteKey
SSDT BA72660D ZwDeleteValueKey
SSDT spjs.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spjs.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT BA726612 ZwLoadKey
SSDT spjs.sys ZwOpenKey [0xB9EA80C0]
SSDT BA7265E0 ZwOpenProcess
SSDT BA7265E5 ZwOpenThread
SSDT spjs.sys ZwQueryKey [0xB9EC7108]
SSDT spjs.sys ZwQueryValueKey [0xB9EC6F88]
SSDT BA72661C ZwReplaceKey
SSDT BA726617 ZwRestoreKey
SSDT BA726608 ZwSetValueKey
SSDT BA7265EF ZwTerminateProcess
INT 0x63 ? 8ACCABF8
INT 0x63 ? 8ACCABF8
INT 0x63 ? 8ACCABF8
INT 0x63 ? 8ACCABF8
INT 0x63 ? 89E33BF8
INT 0x63 ? 8ACCABF8
INT 0x83 ? 8AC56BF8
INT 0x83 ? 89E33BF8
INT 0x83 ? 8AC56BF8
INT 0x84 ? 89E33BF8
INT 0xA4 ? 89E33BF8
INT 0xA4 ? 89E33BF8
INT 0xA4 ? 89E33BF8
INT 0xA4 ? 89E33BF8
INT 0xB1 ? 8AC56BF8
INT 0xB1 ? 8AC56BF8
INT 0xB4 ? 89E33BF8
---- Kernel code sections - GMER 1.0.15 ----
? spjs.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB960F360, 0x3535DF, 0xE8000020]
.text USBPORT.SYS!DllUnload B95EF8AC 5 Bytes JMP 89E331D8
.text aes8caia.SYS B9515386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aes8caia.SYS B95153AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aes8caia.SYS B95153C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aes8caia.SYS B95153C9 1 Byte [2E]
.text aes8caia.SYS B95153C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
.text a7tjhdyy.SYS B94DE386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a7tjhdyy.SYS B94DE3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a7tjhdyy.SYS B94DE3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a7tjhdyy.SYS B94DE3C9 1 Byte [2E]
.text a7tjhdyy.SYS B94DE3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB70DAA00]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spjs.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spjs.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spjs.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spjs.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spjs.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spjs.sys
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!KfAcquireSpinLock] 8BEC8B55
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!READ_PORT_UCHAR] 00C73445
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!KeGetCurrentIrql] 00000000
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!KfRaiseIrql] 830C458B
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!KfLowerIrql] C0840CEC
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!HalGetInterruptVector] 053C0D74
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!HalTranslateBusAddress] 57B80974
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!KeStallExecutionProcessor] 8B000000
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!KfReleaseSpinLock] 56C35DE5
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D08758B
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!READ_PORT_USHORT] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8D52FD55
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[HAL.dll!WRITE_PORT_UCHAR] 8D51FE4D
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[WMILIB.SYS!WmiSystemControl] 8D51F84D
IAT \SystemRoot\System32\Drivers\aes8caia.SYS[WMILIB.SYS!WmiCompleteRequest] 5052F455
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\a7tjhdyy.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02A82F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02A82CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02A82D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02A82CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe[2108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe[2108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe[2108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe[2108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\INAN\Desktop\gmer.exe[2152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\INAN\Desktop\gmer.exe[2152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\INAN\Desktop\gmer.exe[2152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\INAN\Desktop\gmer.exe[2152] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AC521F8
Device \FileSystem\Fastfat \FatCdrom 89737500
Device \Driver\usbuhci \Device\USBPDO-0 89E301F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AC541F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AC541F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AC541F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AC541F8
Device \Driver\usbuhci \Device\USBPDO-1 89E301F8
Device \Driver\PCI_PNP9840 \Device\00000052 spjs.sys
Device \Driver\usbuhci \Device\USBPDO-2 89E301F8
Device \Driver\PCI_PNP9840 \Device\00000053 spjs.sys
Device \Driver\usbehci \Device\USBPDO-3 89E071F8
Device \Driver\usbuhci \Device\USBPDO-4 89E301F8
Device \Driver\usbuhci \Device\USBPDO-5 89E301F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 8AC541F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 8AC541F8
Device \Driver\usbuhci \Device\USBPDO-6 89E301F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8ACCB1F8
Device \Driver\usbehci \Device\USBPDO-7 89E071F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8ACCB1F8
Device \Driver\Cdrom \Device\CdRom0 89E2F1F8
Device \Driver\Cdrom \Device\CdRom1 89E2F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\sptd \Device\3634959840 spjs.sys
Device \Driver\sptd \Device\3634803590 spjs.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 897C3500
Device \Driver\NetBT \Device\NetbiosSmb 897C3500
Device \Driver\usbuhci \Device\USBFDO-0 89E301F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{046F0067-BB13-4BBF-A6D0-015E6092474E} 897C3500
Device \Driver\usbuhci \Device\USBFDO-1 89E301F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8522F490-41A6-4DAD-9918-EB9027BDD36D} 897C3500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 897AD1F8
Device \Driver\usbuhci \Device\USBFDO-2 89E301F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 897AD1F8
Device \Driver\usbehci \Device\USBFDO-3 89E071F8
Device \Driver\usbuhci \Device\USBFDO-4 89E301F8
Device \Driver\Ftdisk \Device\FtControl 8ACCB1F8
Device \Driver\usbuhci \Device\USBFDO-5 89E301F8
Device \Driver\usbuhci \Device\USBFDO-6 89E301F8
Device \Driver\usbehci \Device\USBFDO-7 89E071F8
Device \Driver\aes8caia \Device\Scsi\aes8caia1 89DFB500
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 8AC531F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target1Lun0 8AC531F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 8AC531F8
Device \Driver\aes8caia \Device\Scsi\aes8caia1Port6Path0Target0Lun0 89DFB500
Device \Driver\a7tjhdyy \Device\Scsi\a7tjhdyy1 89DC71F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target0Lun0 8AC531F8
Device \FileSystem\Fastfat \Fat 89737500
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 894C9500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 2097733140
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1396145063
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x18 0x44 0x3A 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x38 0x59 0xB9 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1F 0x89 0xEB 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x17 0x7B 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x09 0x98 0x97 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0x1F 0x36 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA0 0x2F 0x5B 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x18 0x44 0x3A 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x38 0x59 0xB9 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1F 0x89 0xEB 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x17 0x7B 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x09 0x98 0x97 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEF 0x1F 0x36 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA0 0x2F 0x5B 0xCD ...
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\NFPP4M5X\www.poppen.de.\flash 0 bytes
File C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\NFPP4M5X\www.poppen.de.\flash\betachat 0 bytes
File C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\NFPP4M5X\www.poppen.de.\flash\betachat\textchat.swf 0 bytes
File C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\NFPP4M5X\www.poppen.de.\flash\betachat\textchat.swf\so_optionBox.sol 52 bytes
File C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.poppen.de.\settings.sol 84 bytes
---- EOF - GMER 1.0.15 ---- --- --- ---
OTL Logfile: Code:
OTL logfile created on: 24.07.2010 03:44:21 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\INAN\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 187,93 Gb Free Space | 63,05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232,88 Gb Total Space | 209,22 Gb Free Space | 89,84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 33,62 Gb Free Space | 7,22% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: INAN-C001EB845A
Current User Name: INAN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010.07.24 00:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\INAN\Desktop\MFTools\OTL.exe
PRC - [2009.08.08 18:10:10 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.10 06:31:34 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.05.28 13:45:00 | 000,132,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.03.30 10:11:14 | 000,120,320 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007.10.19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2002.01.28 14:48:50 | 000,885,760 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\LXSUPMON.EXE
========== Modules (SafeList) ==========
MOD - [2010.07.24 00:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\INAN\Desktop\MFTools\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.10.19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009.08.08 18:10:10 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 06:31:34 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.12.02 23:26:44 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.09.08 19:19:46 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007.10.19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.10.19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.10.19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\INAN\LOKALE~1\Temp\cpuz_x32.sys -- (cpuz129)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010.07.20 15:23:51 | 000,138,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009.12.07 18:32:16 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.10 06:31:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.27 20:26:13 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.01.15 09:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.12.10 21:30:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.21\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008.11.02 10:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008.10.27 15:08:11 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.29 14:35:18 | 000,021,920 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.05.19 09:46:30 | 000,150,568 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.03.24 03:08:14 | 000,331,264 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007.12.17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007.11.27 14:06:42 | 004,630,016 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.10.19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.10.12 04:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 03:56:20 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007.10.11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007.10.11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.08.15 10:22:00 | 000,265,856 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.03.17 11:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.1.20080801
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.12.15 00:55:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.17 17:37:05 | 000,000,000 | ---D | M]
[2009.02.12 01:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Mozilla\Extensions
[2010.06.18 14:00:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Mozilla\Firefox\Profiles\7l0pkonl.default\extensions
[2010.06.18 14:00:49 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Mozilla\Firefox\Profiles\7l0pkonl.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009.09.02 04:11:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Mozilla\Firefox\Profiles\7l0pkonl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.16 13:48:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Mozilla\Firefox\Profiles\7l0pkonl.default\extensions\firefox@tvunetworks.com
[2008.10.27 15:12:40 | 000,000,473 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Mozilla\Firefox\Profiles\7l0pkonl.default\searchplugins\daemon-search.xml
[2010.06.18 13:59:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.02.12 01:40:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.12.18 00:34:33 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2008.12.18 00:34:33 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2008.12.18 00:34:33 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2008.12.18 00:34:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2008.12.18 00:34:33 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2006.08.24 23:07:50 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2006.08.24 23:07:50 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2006.11.10 13:42:00 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.11 00:32:03 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.01.31 16:55:44 | 000,001,050 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - No CLSID value found.
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\INAN\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\vtUlKBSm: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\INAN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\INAN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.18 16:18:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4e836d2c-b7ac-11de-83dd-0022158377a7}\Shell\AutoRun\command - "" = I:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{836098d6-b2c0-11dd-a61f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{836098d6-b2c0-11dd-a61f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{836098d6-b2c0-11dd-a61f-806d6172696f}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe -- File not found
O33 - MountPoints2\{91f6c92e-6fe7-11df-8495-0022158377a7}\Shell - "" = AutoRun
O33 - MountPoints2\{91f6c92e-6fe7-11df-8495-0022158377a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91f6c92e-6fe7-11df-8495-0022158377a7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\automenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)
========== Files/Folders - Created Within 90 Days ==========
[2010.07.24 00:51:22 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.07.24 00:39:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Desktop\MFTools
[2010.07.23 14:29:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\INAN\Recent
[2010.07.23 14:29:37 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.07.22 08:27:40 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\INAN\Desktop\lichtinsdunkel.exe
[2010.07.22 07:49:59 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\INAN\Desktop\ccsetup233.exe
[2010.07.20 16:04:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Malwarebytes
[2010.07.20 16:04:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.20 16:04:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.20 16:04:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.20 16:04:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.20 16:01:43 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\INAN\Desktop\mbam-setup.exe
[2010.07.16 13:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Desktop\Neuer Ordner
[2010.07.14 05:29:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Real
[2010.07.11 14:38:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Desktop\BUS#
[2010.07.09 13:47:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Desktop\julidump
[2010.07.08 16:43:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Desktop\Neuer Ordner (6)
[2010.07.08 16:24:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Desktop\bilder
[2010.06.27 16:05:38 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4
[2010.06.23 03:01:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.05 13:04:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\U3
[2010.05.31 00:24:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Desktop\airsoft
[2010.05.31 00:19:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Desktop\pics
[2010.05.13 12:00:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Eigene Dateien\DVDVideoSoft
[2010.05.13 12:00:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2010.05.13 12:00:02 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.05.13 11:39:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\INAN\Desktop\ildiCD
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010.07.24 03:29:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.24 03:29:09 | 000,206,633 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.07.24 03:28:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.24 03:28:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.24 00:51:23 | 000,000,753 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2010.07.24 00:51:23 | 000,000,597 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\NTREGOPT.lnk
[2010.07.24 00:51:23 | 000,000,578 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\ERUNT.lnk
[2010.07.24 00:45:35 | 011,534,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\INAN\NTUSER.DAT
[2010.07.24 00:45:35 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\INAN\ntuser.ini
[2010.07.24 00:39:19 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\Gmer.zip
[2010.07.24 00:35:47 | 000,410,680 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\Load.exe
[2010.07.23 14:18:12 | 000,023,080 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.07.22 15:03:06 | 000,224,256 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.22 14:45:25 | 001,433,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.22 08:27:40 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\INAN\Desktop\lichtinsdunkel.exe
[2010.07.22 08:21:05 | 000,478,504 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\bootkit_remover.rar
[2010.07.22 07:58:40 | 000,220,088 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Eigene Dateien\cc_20100722_075816.reg
[2010.07.22 07:50:36 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\CCleaner.lnk
[2010.07.22 07:50:04 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\INAN\Desktop\ccsetup233.exe
[2010.07.21 02:59:15 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.21 02:59:15 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.07.21 02:59:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.20 16:04:32 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 16:02:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\INAN\Desktop\mbam-setup.exe
[2010.07.20 15:24:16 | 000,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.07.20 15:23:51 | 000,138,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.07.14 05:56:36 | 001,016,578 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\NMM-MetaData.db
[2010.07.14 05:34:37 | 000,002,317 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia PC Suite.lnk
[2010.07.12 15:09:33 | 000,006,034 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\.recently-used.xbel
[2010.07.09 13:47:22 | 000,000,340 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\MUSIK.lnk
[2010.07.07 03:44:19 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\setup_ldm.iss
[2010.06.30 00:24:56 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2010.06.29 20:24:07 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010.06.27 16:05:41 | 000,001,501 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\Zattoo.lnk
[2010.06.23 03:01:52 | 001,023,428 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 03:01:52 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.23 03:01:52 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 03:01:52 | 000,084,318 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.23 03:01:52 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.21 22:43:39 | 000,002,209 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SmartFTP Client.lnk
[2010.06.11 17:20:32 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010.05.29 02:40:28 | 000,017,252 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\minh.jpg
[2010.05.21 22:45:11 | 003,172,486 | -H-- | M] () -- C:\Dokumente und Einstellungen\INAN\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 22:34:27 | 000,000,195 | ---- | M] () -- C:\Dokumente und Einstellungen\INAN\Desktop\Softair2.html
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.24 01:00:45 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\gmer.exe
[2010.07.24 00:51:23 | 000,000,753 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk
[2010.07.24 00:49:16 | 000,000,597 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\NTREGOPT.lnk
[2010.07.24 00:49:16 | 000,000,578 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\ERUNT.lnk
[2010.07.24 00:39:19 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\Gmer.zip
[2010.07.24 00:36:03 | 000,410,680 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\Load.exe
[2010.07.22 08:21:06 | 000,478,504 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\bootkit_remover.rar
[2010.07.22 07:58:20 | 000,220,088 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Eigene Dateien\cc_20100722_075816.reg
[2010.07.22 07:50:36 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\CCleaner.lnk
[2010.07.20 16:04:32 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.12 15:09:33 | 000,006,034 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\.recently-used.xbel
[2010.07.09 13:47:22 | 000,000,340 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\MUSIK.lnk
[2010.07.07 03:44:19 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\setup_ldm.iss
[2010.06.29 19:33:07 | 007,925,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2010.06.27 16:06:23 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010.05.29 02:39:36 | 000,017,252 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\minh.jpg
[2010.04.26 22:33:45 | 000,000,195 | ---- | C] () -- C:\Dokumente und Einstellungen\INAN\Desktop\Softair2.html
[2010.04.06 02:19:46 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.02.24 19:09:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009.12.07 00:58:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\yedlata.dll
[2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.03.21 00:25:02 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009.02.12 04:01:41 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.02.06 04:44:25 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.01.27 17:49:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.01.15 09:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.01.15 09:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.01.15 09:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.01.15 09:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.01.03 20:17:23 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.11.23 21:15:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.11.16 13:10:24 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008.11.16 13:10:24 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008.11.16 13:10:21 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008.11.16 13:10:21 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008.11.15 23:23:04 | 000,040,872 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008.11.15 23:22:30 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.10.21 15:31:13 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008.10.20 10:36:20 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.10.18 22:19:50 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.10.18 22:09:46 | 000,138,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.10.18 22:05:04 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dfxg11.dll
[2008.10.18 17:13:47 | 000,040,512 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.10.18 17:13:45 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.10.18 16:57:19 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.10.11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.03.29 22:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004.12.14 13:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.14 13:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002.01.24 11:29:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
========== LOP Check ==========
[2010.03.15 18:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AA2DeployClient
[2008.10.18 22:37:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2009.10.23 17:39:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DFX
[2009.10.23 17:22:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.02.05 07:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2010.02.24 17:24:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.03.31 18:00:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2010.05.27 15:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\.purple
[2009.12.07 01:11:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\AnvSoft
[2010.07.09 17:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Azureus
[2009.10.23 17:43:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\DAEMON Tools
[2009.12.13 22:13:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\DeepBurner
[2010.07.11 15:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\gtk-2.0
[2010.07.22 16:43:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\ICQ
[2009.11.17 20:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\JavaEditor
[2010.04.11 15:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\JLC's Software
[2010.03.22 07:15:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Nokia
[2010.03.01 06:57:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Nokia Multimedia Player
[2009.10.29 20:11:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\OpenOffice.org
[2009.03.10 08:17:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\PC Suite
[2010.03.07 16:15:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\TeamViewer
[2009.11.29 19:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Thinstall
[2010.02.20 03:59:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\TS3Client
[2009.12.21 19:44:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\INAN\Anwendungsdaten\Ubisoft
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008.10.18 16:18:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008.12.23 22:47:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.07.21 02:59:15 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2008.04.14 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2004.08.04 00:00:10 | 000,262,448 | ---- | M] () -- C:\cmldr
[2008.10.18 16:18:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008.10.18 16:18:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.10.18 16:18:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 14:00:00 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.07.24 03:28:40 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008.04.14 14:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008.04.14 14:00:00 | 000,072,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008.04.14 14:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008.04.14 14:00:00 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008.04.14 14:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008.04.14 14:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008.04.14 14:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008.04.14 14:00:00 | 000,715,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008.04.14 14:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008.04.14 14:00:00 | 002,981,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.10.18 23:13:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.10.18 23:13:45 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.10.18 23:13:45 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010.07.20 15:23:51 | 000,138,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008.04.14 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 16:35:35
========== Alternate Data Streams ==========
@Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:AC6124CA
< End of report > --- --- ---
Eine Extras.txt wurde nicht erstellt und wenn doch dann leider nicht am selben Ort wie die OTL.txt
Ich hoffe du kannst was finden. (Hab dich mal ge"DU"tzt). |