Trojaner-Board - windos recovery Festplatte beschädigt Alles Ganz schwarz

Desktop ganz schwarz Windows recovery blockiert alles bin voll verzweifelt was muss ich tun

Hallo,
seit dem starten meines Computer heute morgen wird mir dieses problem angezeigt. Alle Daten sind im Nichts verschwunden.
Alles ist Schwarz ich weiss jetzt nur nicht wie ich es beseitigen soll ich hoffe ihr könnt mir so schnell wie möglich helfen
MFG

Kadan76

Hallo,
seit dem starten meines Computer heute morgen wird mir dieses problem angezeigt. Alle Daten sind im Nichts verschwunden, dass die Festplatte beschädigt ist und ich führe zurzeit ein Scan durch mit Malwarebytes und ich würde mich so freuen wenn ihr mir erklären/helfen könnt was ich tun muss um es zu entfernen ..er zeigt zwar beim Scan keine bösartigen sachen aber windows recovery ist noch aufm dektops und ist alles noch schwarz .. ich bitte um hilfe

MFG
Kadan76

Betriebssystemname Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
Betriebssystemhersteller Microsoft Corporation
Systemname KADA-87B679F42F
Systemhersteller K8N4V
Systemmodell K8NF4G-VSTA
Systemtyp X86-basierter PC
Prozessor x86 Family 15 Model 44 Stepping 2 AuthenticAMD ~1607 Mhz
BIOS-Version/-Datum American Megatrends Inc. P1.10, 12.05.2006
SMBIOS-Version 2.3
Windows-Verzeichnis C:\WINDOWS
Systemverzeichnis C:\WINDOWS\system32
Startgerät \Device\HarddiskVolume1
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "5.1.2600.5512 (xpsp.080413-2111)"
Benutzername KADA-87B679F42F\Kada
Zeitzone Westeuropäische Sommerzeit
Gesamter realer Speicher 1.024,00 MB
Verfügbarer realer Speicher 381,56 MB
Gesamter virtueller Speicher 2,00 GB
Verfügbarer virtueller Speicher 1,95 GB
Größe der Auslagerungsdatei 2,26 GB
Auslagerungsdatei C:\pagefile.sys

OTLOTL Logfile:

Code:

OTL logfile created on: 22.05.2011 21:40:58 - Run 1

OTL by OldTimer - Version 3.2.23.0     Folder = C:\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

959,23 Mb Total Physical Memory | 384,45 Mb Available Physical Memory | 40,08% Memory free

2,26 Gb Paging File | 1,69 Gb Available in Paging File | 74,67% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 76,68 Gb Total Space | 60,84 Gb Free Space | 79,34% Space Free | Partition Type: NTFS

 

Computer Name: KADA-87B679F42F | User Name: Kada | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.05.22 21:26:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe

PRC - [2011.04.01 16:58:37 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe

PRC - [2011.03.28 16:05:28 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.03.28 16:05:15 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.03.28 16:05:04 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011.03.28 16:05:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.03.28 16:05:02 | 000,539,304 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe

PRC - [2011.03.28 16:05:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010.10.26 14:48:14 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

PRC - [2010.10.26 14:46:10 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

PRC - [2008.06.09 04:38:28 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\LGAutorunService.exe

PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.09.25 10:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Programme\FlashGet\flashget.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.05.22 21:26:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe

MOD - [2008.04.14 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

MOD - [2007.05.18 18:13:08 | 000,053,329 | ---- | M] (www.flashget.com) -- C:\Programme\FlashGet\fgmgr.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Unknown | Stopped] --  -- (SSHNAS)

SRV - File not found [Auto | Stopped] --  -- (MnetFream)

SRV - File not found [Disabled | Stopped] --  -- (HidServ)

SRV - [2011.04.01 16:58:37 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2011.03.28 16:05:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.03.28 16:05:04 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011.03.28 16:05:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.03.28 16:05:02 | 000,539,304 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)

SRV - [2010.10.26 14:46:10 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2010.10.26 14:43:56 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Dokumente und Einstellungen\Kada\Desktop\TOM TOM\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2008.06.09 04:38:28 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\LGAutorunService.exe -- (LG SCSI Commander)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)

DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)

DRV - [2011.04.01 16:59:05 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.04.01 16:59:05 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.04.01 16:59:04 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)

DRV - [2011.03.28 16:05:28 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)

DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010.11.14 23:43:49 | 000,008,960 | ---- | M] (China) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ApsS88.sys -- (ApsS88)

DRV - [2010.10.07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2010.06.17 15:22:41 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.05.12 15:53:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB)

DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)

DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2006.03.16 14:24:06 | 004,249,088 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3

FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3

 

 

 

[2011.01.16 18:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Extensions

[2011.01.16 18:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com

[2010.11.16 23:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions

[2010.08.27 01:09:53 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}

[2010.10.08 01:57:24 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

[2010.11.16 23:45:24 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.11.16 23:35:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.05.24 00:52:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

O1 HOSTS File: ([2010.11.14 16:12:29 | 000,000,108 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.360.cn

O1 - Hosts: 127.0.0.1 upload.360safe.com

O1 - Hosts: 127.0.0.1 upload-b.360safe.com

O1 - Hosts: 127.0.0.1 www.rising.com

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()

O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.01.10 21:55:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{34ea52e6-6b2e-11df-a473-0030849b5ab9}\Shell - "" = AutoRun

O33 - MountPoints2\{34ea52e6-6b2e-11df-a473-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{34ea52e6-6b2e-11df-a473-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe

O33 - MountPoints2\{415a6774-218e-11e0-a5a6-0030849b5ab9}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe

O33 - MountPoints2\{9e038bb1-3c9d-11df-a41b-00081b02f23b}\Shell - "" = AutoRun

O33 - MountPoints2\{9e038bb1-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9e038bb1-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe

O33 - MountPoints2\{9e038bb2-3c9d-11df-a41b-00081b02f23b}\Shell - "" = AutoRun

O33 - MountPoints2\{9e038bb2-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9e038bb2-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe

O33 - MountPoints2\{9e038bb5-3c9d-11df-a41b-00081b02f23b}\Shell - "" = AutoRun

O33 - MountPoints2\{9e038bb5-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9e038bb5-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe

O33 - MountPoints2\{ced0009a-ff60-11de-9dd9-0030849b5ab9}\Shell - "" = AutoRun

O33 - MountPoints2\{ced0009a-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ced0009a-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe

O33 - MountPoints2\{ced0009b-ff60-11de-9dd9-0030849b5ab9}\Shell - "" = AutoRun

O33 - MountPoints2\{ced0009b-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ced0009b-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe

O33 - MountPoints2\{f05f4659-fe22-11de-9dcf-0030849b5ab9}\Shell - "" = AutoRun

O33 - MountPoints2\{f05f4659-fe22-11de-9dcf-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f05f4659-fe22-11de-9dcf-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe

O33 - MountPoints2\{fbee3ada-abb3-11df-a514-0030849b5ab9}\Shell - "" = AutoRun

O33 - MountPoints2\{fbee3ada-abb3-11df-a514-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fbee3ada-abb3-11df-a514-0030849b5ab9}\Shell\AutoRun\command - "" = F:\NPSAI.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.22 19:04:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Malwarebytes

[2011.05.22 19:04:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.05.22 19:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.05.22 19:04:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.05.22 19:04:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.05.22 19:04:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.05.22 18:54:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kada\Recent

[2011.05.22 18:23:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2011.05.22 18:22:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Eigene Dateien\Simply Super Software

[2011.05.22 18:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trojan Remover

[2011.05.22 18:21:56 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll

[2011.05.22 18:21:49 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover

[2011.05.22 18:21:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Simply Super Software

[2011.05.22 18:21:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software

[2011.05.22 17:16:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft

[2011.05.22 17:16:44 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer

[2011.05.21 20:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011.05.21 20:40:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Avira

[2011.05.21 20:33:09 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys

[2011.05.21 20:33:09 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwim.sys

[2011.05.21 19:54:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Kada\Startmenü\Programme\Windows XP Recovery

[2011.05.18 23:20:46 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2011.04.30 21:41:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Desktop\KEMSEL

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.22 21:49:11 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011.05.22 21:47:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.05.22 21:06:01 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1580818891-725345543-1003UA.job

[2011.05.22 19:13:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mncxvs.sys

[2011.05.22 19:04:26 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.22 18:54:19 | 001,007,108 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Eigene Dateien\rkill.com

[2011.05.22 18:51:55 | 000,000,120 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19455780

[2011.05.22 18:48:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.05.22 17:29:21 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk

[2011.05.22 16:06:03 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1580818891-725345543-1003Core.job

[2011.05.22 09:45:49 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\CCleaner.lnk

[2011.05.21 21:51:21 | 000,000,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19455780

[2011.05.21 20:29:18 | 000,000,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19455780r

[2011.05.21 19:54:33 | 000,000,829 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Windows XP Recovery.lnk

[2011.05.20 18:58:01 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.05.20 18:58:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.05.20 18:58:01 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.05.20 18:58:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.05.19 18:03:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011.05.18 07:24:20 | 000,262,189 | ---- | M] () -- C:\WINDOWS\System32\nvapps.zyx

[2011.05.18 07:24:02 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.05.09 17:57:18 | 000,431,898 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\CCF09052011_00002.jpg

[2011.05.04 17:27:42 | 000,736,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\NiNO BÜLÜD MANN.JPG

[2011.04.27 23:42:29 | 000,027,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Briefkopf Vorlage KEMSEL.odt

[2011.04.23 22:30:18 | 000,904,175 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Kiefernweg3.JPG

[2011.04.23 22:29:40 | 000,676,741 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Kiefernweg 3.JPG

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.05.22 19:13:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mncxvs.sys

[2011.05.22 19:04:26 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.22 18:56:40 | 001,007,108 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Eigene Dateien\rkill.com

[2011.05.22 18:21:56 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2011.05.22 18:21:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2011.05.22 18:21:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2011.05.22 18:21:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2011.05.22 17:29:21 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk

[2011.05.21 19:54:34 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19455780r

[2011.05.21 19:54:34 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19455780

[2011.05.21 19:54:33 | 000,000,829 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Windows XP Recovery.lnk

[2011.05.21 19:54:31 | 000,000,400 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19455780

[2011.05.09 17:57:17 | 000,431,898 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\CCF09052011_00002.jpg

[2011.05.04 17:28:46 | 000,736,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\NiNO BÜLÜD MANN.JPG

[2011.05.02 20:37:22 | 000,301,077 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\dfgdfgfg.JPG

[2011.04.27 23:42:29 | 000,027,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Briefkopf Vorlage KEMSEL.odt

[2011.04.23 22:30:18 | 000,904,175 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Kiefernweg3.JPG

[2011.04.23 22:29:40 | 000,676,741 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Kiefernweg 3.JPG

[2011.03.05 17:00:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.08.20 00:41:13 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\$_hpcst$.hpc

[2010.06.12 22:02:48 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe

[2010.06.12 22:02:48 | 000,003,953 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2010.05.30 01:22:59 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.04.01 13:40:31 | 000,221,291 | ---- | C] () -- C:\WINDOWS\Imei_dll.dll

[2010.04.01 13:40:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\Sublock.dll

[2010.03.31 16:36:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\LGAutorunService.exe

[2010.03.31 16:36:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SendScsiCmd.dll

[2010.03.20 04:33:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010.03.02 15:00:03 | 000,072,072 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2010.02.22 18:51:07 | 000,017,196 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010.02.02 11:29:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010.01.14 12:42:29 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2010.01.13 21:26:34 | 000,000,371 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2010.01.13 21:26:34 | 000,000,149 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2010.01.13 21:26:16 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010.01.13 21:26:16 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2010.01.13 21:25:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat

[2010.01.12 17:11:25 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010.01.10 22:43:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat

[2010.01.10 22:04:57 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2010.01.10 22:04:57 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010.01.10 21:58:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.01.10 21:52:32 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010.01.10 21:45:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.01.10 21:42:18 | 000,379,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009.05.30 00:42:20 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll

[2009.03.11 21:01:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll

[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008.04.14 14:00:00 | 000,448,470 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2008.04.14 14:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008.04.14 14:00:00 | 000,079,910 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2008.04.14 14:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008.04.14 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2005.10.10 22:49:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2005.10.10 22:49:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2005.10.10 22:49:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2005.10.10 22:49:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2005.10.10 22:49:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2005.10.10 22:49:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2005.10.10 22:49:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2005.10.10 22:49:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2005.10.10 22:49:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2005.10.10 22:49:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005.10.10 22:49:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:92F194E416C66343

@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9

 

< End of report >

--- --- ---

ExtrasOTL Logfile:
[CODE]OTL Extras logfile created on: 22.05.2011 21:40:58 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

959,23 Mb Total Physical Memory | 384,45 Mb Available Physical Memory | 40,08% Memory free
2,26 Gb Paging File | 1,69 Gb Available in Paging File | 74,67% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76,68 Gb Total Space | 60,84 Gb Free Space | 79,34% Space Free | Partition Type: NTFS

Computer Name: KADA-87B679F42F | User Name: Kada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" = C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Premium Security Suite
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"FlashGet" = FlashGet 1.9.6.1073
"Flatcast_is1" = Flatcast Viewer Plugin 5.0.356
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nero 9 Lite_is1" = Nero 9.0.9.4 Lite
"NVIDIA Drivers" = NVIDIA Drivers
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17.05.2011 11:19:44 | Computer Name = KADA-87B679F42F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wordpad.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 18.05.2011 17:20:50 | Computer Name = KADA-87B679F42F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0xc0337425.

Error - 20.05.2011 12:45:38 | Computer Name = KADA-87B679F42F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.18702, Fehleradresse 0x000a9c54.

Error - 22.05.2011 15:10:58 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.

Error - 22.05.2011 15:11:06 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.

Error - 22.05.2011 15:11:51 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.

Error - 22.05.2011 15:11:53 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.

Error - 22.05.2011 15:11:53 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.

Error - 22.05.2011 15:11:54 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.

Error - 22.05.2011 15:11:55 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.

[ System Events ]
Error - 22.05.2011 12:51:49 | Computer Name = KADA-87B679F42F | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Bonjour-Dienst" wurde mit folgendem dienstspezifischem
Fehler beendet: 4294967295 (0xFFFFFFFF).

Error - 22.05.2011 12:51:49 | Computer Name = KADA-87B679F42F | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126

Error - 22.05.2011 12:54:42 | Computer Name = KADA-87B679F42F | Source = Service Control Manager | ID = 7034
Description = Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 22.05.2011 15:10:58 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 22.05.2011 15:11:06 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 22.05.2011 15:11:51 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 22.05.2011 15:11:53 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 22.05.2011 15:11:53 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 22.05.2011 15:11:54 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 22.05.2011 15:11:55 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Mbam-log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6641

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.05.2011 22:02:00
mbam-log-2011-05-22 (22-02-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 172775
Laufzeit: 30 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Nein 3 scans hab ich durchgeführt

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6641

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.05.2011 19:12:07
mbam-log-2011-05-22 (19-12-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 139408
Laufzeit: 5 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 97
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{67631EC8-241F-475E-ADCE-A1A777D744FE} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\5NZQ29B3L2 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LKGGOPABUH (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360delays.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360realpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiarp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSetMgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSMain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\engineserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FrameworkService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KABackReport.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KavStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kppserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwstray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxedefend.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxescore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxeserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxetray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LiveUpdate360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcinsupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfevtps.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nbmanti.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorRtp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDrNetMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegGuide.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rssafety.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udaterui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Uplive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XsClient.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\APSX85 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DOGKILLER (Worm.Megania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oVlLshwOTG (Rogue.WindowsRecoveryConsole) -> Value: oVlLshwOTG -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\ovllshwotg.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\19455780.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6641

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.05.2011 19:40:12
mbam-log-2011-05-22 (19-40-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|G:\|)
Durchsuchte Objekte: 172607
Laufzeit: 26 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6641

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.05.2011 22:02:00
mbam-log-2011-05-22 (22-02-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 172775
Laufzeit: 30 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)