| 
 Infektion mit diverser Malware
 Guten Morgen, 
vor ein paar Tagen hat mir Avira eine Vireninfektion angezeigt (Logfiles siehe unten). Das System wurde auch merklich langsamer, insbesondere Firefox hat auf Eingaben nur sehr verzögert reagiert, ebenso beim Seitenaufbau.  
Hatte Firefox neu installiert und diverse nicht mehr benötigte Software deinstalliert.  
Ein Lauf von Malwarebytes hat dann weitere Infektionen ergeben. Nachdem die betroffenen Dateien in Quarantäne verschoben wurden, wird beim Systemstart die Meldung angezeigt:   Code: 
 Fehler beim Laden von C:\users\***\tloadF4.dllDas angegebene Modul wurde nicht gefunden.
 Das System läuft aber; scheinbar jetzt nach dem letzten Malwarebytes-Lauf auch wieder schneller.  
Jetzt wüsste ich gerne, wie ich da weiter vorgehen soll.  
OTL:   Code: 
 OTL logfile created on: 28.05.2011 04:50:48 - Run 2OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\***\Desktop
 Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
 Internet Explorer (Version = 7.0.6002.18005)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,04% Memory free
 4,24 Gb Paging File | 3,37 Gb Available in Paging File | 79,45% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 74,52 Gb Total Space | 34,88 Gb Free Space | 46,81% Space Free | Partition Type: NTFS
 Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
 
 Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
 PRC - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
 PRC - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 PRC - [2010.11.03 15:31:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 PRC - [2010.10.10 18:15:46 | 001,265,664 | ---- | M] (www.bid-o-matic.org) -- C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe
 PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
 PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 PRC - [2008.07.09 18:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
 PRC - [2008.06.25 04:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
 PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
 PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
 PRC - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 PRC - [2008.03.17 08:17:31 | 005,320,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
 PRC - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
 PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
 PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
 PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
 PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
 PRC - [2007.10.12 06:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
 PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
 PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
 PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
 PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
 PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
 PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
 ========== Modules (SafeList) ==========
 
 MOD - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
 MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
 ========== Win32 Services (SafeList) ==========
 
 SRV - File not found [Unknown | Stopped] --  -- (WPFFontCache_v0400)
 SRV - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 SRV - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
 SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 SRV - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - [2011.03.16 16:47:13 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
 DRV - [2010.11.22 21:23:06 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
 DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
 DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 DRV - [2008.06.03 23:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
 DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
 DRV - [2008.05.01 03:09:59 | 007,448,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
 DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
 DRV - [2008.03.21 21:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 DRV - [2007.11.16 06:09:03 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
 DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
 DRV - [2007.08.03 21:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
 DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
 DRV - [2006.12.15 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
 DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
 IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 ========== FireFox ==========
 
 
 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.27 20:42:17 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.27 21:14:42 | 000,000,000 | ---D | M]
 
 [2011.05.27 20:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
 [2011.05.27 21:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
 [2009.05.15 20:13:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
 File not found (No name found) --
 [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
 [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
 [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
 [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
 [2010.07.19 19:47:11 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
 [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
 O1 HOSTS File: ([2009.06.05 23:13:00 | 000,307,170 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
 O1 - Hosts: 127.0.0.1       localhost
 O1 - Hosts: ::1             localhost
 O1 - Hosts: 127.0.0.1        www.007guard.com
 O1 - Hosts: 127.0.0.1        007guard.com
 O1 - Hosts: 127.0.0.1        008i.com
 O1 - Hosts: 127.0.0.1        www.008k.com
 O1 - Hosts: 127.0.0.1        008k.com
 O1 - Hosts: 127.0.0.1        www.00hq.com
 O1 - Hosts: 127.0.0.1        00hq.com
 O1 - Hosts: 127.0.0.1        010402.com
 O1 - Hosts: 127.0.0.1        www.032439.com
 O1 - Hosts: 127.0.0.1        032439.com
 O1 - Hosts: 127.0.0.1        www.0scan.com
 O1 - Hosts: 127.0.0.1        0scan.com
 O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
 O1 - Hosts: 127.0.0.1        1000gratisproben.com
 O1 - Hosts: 127.0.0.1        www.1001namen.com
 O1 - Hosts: 127.0.0.1        1001namen.com
 O1 - Hosts: 127.0.0.1        100888290cs.com
 O1 - Hosts: 127.0.0.1        www.100888290cs.com
 O1 - Hosts: 127.0.0.1        100sexlinks.com
 O1 - Hosts: 127.0.0.1        www.100sexlinks.com
 O1 - Hosts: 127.0.0.1        10sek.com
 O1 - Hosts: 127.0.0.1        www.10sek.com
 O1 - Hosts: 127.0.0.1        www.1-2005-search.com
 O1 - Hosts: 10575 more lines...
 O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found.
 O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
 O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
 O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
 O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
 O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
 O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
 O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
 O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe ()
 O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
 O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
 O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 O4 - HKCU..\Run: [NvCplDaemonTool]  File not found
 O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
 O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
 O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk = C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
 O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
 O13 - gopher Prefix: missing
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
 O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
 ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
 ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
 ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
 ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
 ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
 ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
 ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
 ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
 ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
 ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
 ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
 ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
 ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
 ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
 ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
 ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
 NetSvcs: FastUserSwitchingCompatibility -  File not found
 NetSvcs: Ias -  File not found
 NetSvcs: Nla -  File not found
 NetSvcs: Ntmssvc -  File not found
 NetSvcs: NWCWorkstation -  File not found
 NetSvcs: Nwsapagent -  File not found
 NetSvcs: SRService -  File not found
 NetSvcs: WmdmPmSp -  File not found
 NetSvcs: LogonHours -  File not found
 NetSvcs: PCAudit -  File not found
 NetSvcs: helpsvc -  File not found
 NetSvcs: uploadmgr -  File not found
 
 
 CREATERESTOREPOINT
 Restore point Set: OTL Restore Point
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2011.05.28 04:23:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbam logdateien
 [2011.05.28 04:19:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\avira ereignisse
 [2011.05.28 04:14:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD
 [2011.05.27 22:44:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
 [2011.05.27 20:22:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DriverCure
 [2011.05.27 20:22:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ParetoLogic
 [2011.05.27 20:22:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
 [2011.05.27 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
 [2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
 [2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
 [2011.05.27 19:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
 [2011.05.27 19:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
 [2011.05.27 19:51:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
 [2011.05.27 19:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
 [2011.05.27 19:49:44 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
 [2011.05.27 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware
 [2011.05.26 15:57:37 | 005,249,448 | ---- | C] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe
 [2011.05.16 17:05:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\rechtssoziologie
 [2011.05.04 22:56:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SnapDragon Games
 [2011.05.04 22:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\SnapDragon Games
 [2011.04.29 17:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
 [2011.04.29 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
 [2011.04.29 14:58:30 | 000,000,000 | -H-D | C] -- C:\Config.Msi
 [2011.04.29 14:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
 [2011.04.29 14:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
 [2008.06.03 23:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
 ========== Files - Modified Within 30 Days ==========
 
 [2011.05.28 04:23:49 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.001
 [2011.05.28 04:16:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
 [2011.05.28 04:16:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
 [2011.05.28 04:15:10 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.dat
 [2011.05.28 04:13:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2011.05.28 00:31:16 | 000,000,272 | ---- | M] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf
 [2011.05.27 22:45:55 | 000,302,080 | ---- | M] () -- C:\Users\***\Desktop\ksdu5jyf.exe
 [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
 [2011.05.27 22:18:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
 [2011.05.27 22:13:44 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
 [2011.05.27 22:05:07 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
 [2011.05.27 22:05:07 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
 [2011.05.27 22:05:07 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
 [2011.05.27 22:05:07 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 [2011.05.27 20:42:21 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 [2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
 [2011.05.27 20:22:20 | 000,000,909 | ---- | M] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk
 [2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
 [2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
 [2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
 [2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
 [2011.05.27 19:52:19 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
 [2011.05.27 19:31:57 | 000,323,216 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json
 [2011.05.26 20:39:33 | 000,047,584 | ---- | M] () -- C:\Users\***\Desktop\werbung.jpg
 [2011.05.26 15:58:24 | 005,249,448 | ---- | M] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe
 [2011.05.15 17:27:03 | 000,057,800 | ---- | M] () -- C:\Users\***\Desktop\alle affen gaffen.jpg
 [2011.05.14 14:46:09 | 000,388,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 [2011.05.14 03:20:35 | 000,105,656 | ---- | M] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg
 [2011.05.13 00:49:56 | 003,575,463 | ---- | M] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3
 [2011.05.12 14:16:00 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe
 [2011.05.11 19:14:42 | 004,267,781 | ---- | M] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3
 [2011.05.10 13:31:25 | 000,008,120 | ---- | M] () -- C:\Users\***\Desktop\denglisch.rtf
 [2011.05.09 20:40:14 | 000,000,548 | ---- | M] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk
 [2011.05.09 15:41:36 | 001,887,144 | ---- | M] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf
 [2011.05.05 15:57:52 | 000,107,077 | ---- | M] () -- C:\Users\***\Desktop\claudia roth preis.pdf
 [2011.05.02 22:11:27 | 005,068,826 | ---- | M] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3
 [2011.05.02 21:54:13 | 000,050,061 | ---- | M] () -- C:\Users\***\Desktop\zimmer.jpg
 [2011.04.29 17:43:13 | 000,148,340 | ---- | M] () -- C:\Windows\hphins33.dat
 [2011.04.29 15:29:03 | 001,316,262 | ---- | M] () -- C:\Users\***\Desktop\dj169en.exe
 [2011.04.29 15:16:27 | 000,175,504 | ---- | M] () -- C:\Windows\hphins26.dat
 [2011.04.29 15:01:47 | 000,175,517 | ---- | M] () -- C:\Windows\hphins26.dat.temp
 
 ========== Files Created - No Company Name ==========
 
 [2011.05.28 00:31:16 | 000,000,272 | ---- | C] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf
 [2011.05.27 22:45:24 | 000,302,080 | ---- | C] () -- C:\Users\***\Desktop\ksdu5jyf.exe
 [2011.05.27 22:13:44 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
 [2011.05.27 21:25:49 | 000,006,739 | ---- | C] () -- C:\Users\***\Documents\wavepurity.ini.bak
 [2011.05.27 20:42:21 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
 [2011.05.27 20:42:21 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 [2011.05.27 20:23:18 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
 [2011.05.27 20:22:20 | 000,000,909 | ---- | C] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk
 [2011.05.27 20:22:20 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
 [2011.05.27 20:22:20 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
 [2011.05.27 20:22:20 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
 [2011.05.27 19:52:36 | 000,000,220 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
 [2011.05.27 19:52:19 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
 [2011.05.27 19:31:56 | 000,323,216 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json
 [2011.05.26 20:39:32 | 000,047,584 | ---- | C] () -- C:\Users\***\Desktop\werbung.jpg
 [2011.05.15 17:25:38 | 000,057,800 | ---- | C] () -- C:\Users\***\Desktop\alle affen gaffen.jpg
 [2011.05.14 03:20:35 | 000,105,656 | ---- | C] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg
 [2011.05.13 00:49:54 | 003,575,463 | ---- | C] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3
 [2011.05.11 19:14:37 | 004,267,781 | ---- | C] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3
 [2011.05.09 20:40:14 | 000,000,548 | ---- | C] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk
 [2011.05.09 15:41:29 | 001,887,144 | ---- | C] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf
 [2011.05.05 15:57:50 | 000,107,077 | ---- | C] () -- C:\Users\***\Desktop\claudia roth preis.pdf
 [2011.05.02 22:10:44 | 005,068,826 | ---- | C] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3
 [2011.05.02 21:54:13 | 000,050,061 | ---- | C] () -- C:\Users\***\Desktop\zimmer.jpg
 [2011.04.29 17:38:11 | 000,148,340 | ---- | C] () -- C:\Windows\hphins33.dat
 [2011.04.29 17:38:11 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
 [2011.04.29 15:28:55 | 001,316,262 | ---- | C] () -- C:\Users\***\Desktop\dj169en.exe
 [2011.04.29 15:13:52 | 000,175,517 | ---- | C] () -- C:\Windows\hphins26.dat.temp
 [2011.04.29 15:13:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat.temp
 [2011.04.29 14:57:48 | 000,175,504 | ---- | C] () -- C:\Windows\hphins26.dat
 [2011.04.29 14:57:48 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
 [2010.08.03 20:43:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
 [2010.08.03 20:42:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
 [2010.05.20 12:36:28 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\qvjsge.dat
 [2010.04.07 22:46:32 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
 [2010.04.07 22:42:44 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI
 [2009.04.30 14:34:46 | 000,000,167 | ---- | C] () -- C:\Windows\ODBCINST.INI
 [2009.02.10 20:55:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
 [2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
 [2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
 [2008.12.06 19:36:56 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
 [2008.10.18 18:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 [2008.10.18 15:08:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
 [2008.09.24 04:46:36 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.001
 [2008.09.24 04:46:34 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.dat
 [2008.09.24 04:40:32 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
 [2008.09.24 04:40:21 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
 [2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
 [2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 [2008.04.16 11:30:52 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
 [2008.04.16 11:30:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
 [2008.04.16 11:30:52 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
 [2008.04.16 11:30:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 [2008.04.16 11:01:43 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
 [2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
 [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
 [2006.11.02 14:44:53 | 000,388,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
 [2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
 [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
 [2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
 [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
 [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
 [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
 [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
 ========== LOP Check ==========
 
 [2009.09.22 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.config
 [2011.05.27 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
 [2011.05.28 04:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
 [2011.05.27 21:20:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON
 [2011.05.27 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure
 [2011.03.11 00:27:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
 [2011.02.24 18:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
 [2010.03.30 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
 [2011.05.27 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze
 [2010.05.02 17:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
 [2010.05.01 15:29:31 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
 [2008.10.18 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
 [2011.05.27 20:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ParetoLogic
 [2009.09.07 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qualcomm
 [2011.01.08 04:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER
 [2011.05.27 19:52:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
 [2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
 [2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
 [2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
 [2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
 [2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
 [2009.02.05 18:04:07 | 000,021,986 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
 ========== Purity Check ==========
 
 
 
 ========== Custom Scans ==========
 
 
 < %SYSTEMDRIVE%\*. >
 [2008.10.18 15:15:02 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
 [2008.09.24 04:49:22 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
 [2010.08.03 21:17:07 | 000,000,000 | -HSD | M] -- C:\Boot
 [2011.05.28 03:09:18 | 000,000,000 | -H-D | M] -- C:\Config.Msi
 [2010.03.11 16:57:36 | 000,000,000 | ---D | M] -- C:\ct
 [2009.04.13 00:45:19 | 000,000,000 | ---D | M] -- C:\cwplayer
 [2008.10.18 15:01:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
 [2011.05.05 00:40:23 | 000,000,000 | ---D | M] -- C:\dos
 [2008.10.30 16:21:34 | 000,000,000 | ---D | M] -- C:\logs
 [2011.05.09 20:40:20 | 000,000,000 | ---D | M] -- C:\minimoog
 [2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
 [2009.06.15 17:51:29 | 000,000,000 | ---D | M] -- C:\postda
 [2011.05.27 22:17:50 | 000,000,000 | R--D | M] -- C:\Program Files
 [2011.05.27 21:40:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
 [2008.12.06 19:12:12 | 000,000,000 | ---D | M] -- C:\qb
 [2010.04.07 22:46:14 | 000,000,000 | ---D | M] -- C:\SIERRA
 [2011.05.28 04:52:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
 [2008.10.18 15:08:26 | 000,000,000 | R--D | M] -- C:\Users
 [2011.01.25 22:10:35 | 000,000,000 | ---D | M] -- C:\vst
 [2011.05.27 22:13:44 | 000,000,000 | ---D | M] -- C:\Windows
 [2009.09.22 18:03:02 | 000,000,000 | ---D | M] -- C:\xtender
 
 < %PROGRAMFILES%\*.exe >
 
 < %LOCALAPPDATA%\*.exe >
 
 < %systemroot%\*. /mp /s >
 
 
 < MD5 for: EXPLORER.EXE  >
 [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
 [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
 [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
 [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
 [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
 [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
 [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
 [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
 < MD5 for: REGEDIT.EXE  >
 [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
 [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
 < MD5 for: USERINIT.EXE  >
 [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
 [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
 < MD5 for: WININIT.EXE  >
 [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
 [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
 < MD5 for: WINLOGON.EXE  >
 [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
 [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 [2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-28 01:09:47
 
 <           >
 
 ========== Alternate Data Streams ==========
 
 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:C10F9B26
 
 < End of report >
 Extras:   Code: 
 OTL Extras logfile created on: 28.05.2011 00:31:21 - Run 1OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\***\Desktop
 Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
 Internet Explorer (Version = 7.0.6002.18005)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,37% Memory free
 4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,48% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 74,52 Gb Total Space | 34,36 Gb Free Space | 46,11% Space Free | Partition Type: NTFS
 Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
 
 Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Extra Registry (SafeList) ==========
 
 
 ========== File Associations ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
 [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
 .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 ========== Shell Spawning ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
 batfile [open] -- "%1" %*
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
 exefile [open] -- "%1" %*
 helpfile [open] -- Reg Error: Key error.
 hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
 htmlfile [edit] -- Reg Error: Key error.
 htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
 InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
 piffile [open] -- "%1" %*
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
 Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
 ========== Security Center Settings ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 "cval" = 1
 "UacDisableNotify" = 0
 "InternetSettingsDisableNotify" = 0
 "AutoUpdateDisableNotify" = 0
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 "AntiVirusOverride" = 1
 "AntiSpywareOverride" = 0
 "FirewallOverride" = 0
 "VistaSp1" = Reg Error: Unknown registry data type -- File not found
 "VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
 ========== Firewall Settings ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 ========== Authorized Applications List ==========
 
 
 ========== Vista Active Open Ports Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 "{2C44C9B8-6FA2-4E57-96A1-F1A613941342}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 "{3912536B-2707-456D-B4A9-2E0BFBD13EB7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 "{43D4CF31-CC80-4003-B456-01462B3E2027}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 "{65400965-145C-4B37-B8BA-CB160F537165}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 "{CFA048CA-6731-4CE0-80BC-D81F5DEA2B0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 "{EED069AF-F199-4E20-9267-EAEDDF1439CD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 "{F51C7C49-D339-4A1B-8135-E733D223F48D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 "{FD47045D-17EB-473A-B22C-298DFEEBB612}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
 ========== Vista Active Application Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 "{15B82674-B505-418A-B1C7-5A943354E1E5}" = protocol=6 | dir=in | app=c:\program files\ftp explorer\ftpx.exe |
 "{7ED725E5-9CB9-43CF-A0DC-29A6160CA23B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 "{95024D4A-F3B6-40DA-A908-5A53B05EDFB3}" = protocol=17 | dir=in | app=c:\program files\ftp explorer\ftpx.exe |
 "{B280AB1F-4344-43A8-8E2E-44F59A1F5B57}" = dir=in | app=c:\program files\asustek\asusdvd\powerdvd.exe |
 "{EB73C2B2-0F81-4953-AF29-0DF69B4B66BB}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
 "{F7B4AB7F-75DB-454A-B183-A901836CC404}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
 "TCP Query User{149C703E-0CD0-42C2-A9CD-EBC7B9B6B1BB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
 "TCP Query User{37E0E16A-5102-4D19-94F2-F35F52D8F047}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
 "TCP Query User{B723F0A3-2454-4230-B1B4-F3D8BADF0C00}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 "TCP Query User{D642D53B-3EA7-4D11-A8E2-59C21CCFB754}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
 "TCP Query User{F7DB53C0-EC2F-4B0E-AADE-196AF5290D80}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 "UDP Query User{1FFBB0E6-A643-4B21-94D0-AE23BF915D21}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
 "UDP Query User{99A4B196-54E2-4581-B7A6-863E97366FFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 "UDP Query User{CE1D5C9B-B9B0-4BCE-A409-77C7F304637E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
 "UDP Query User{D353F28E-A797-43FD-9FFB-71A9B614F9BA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 "UDP Query User{ED3BB049-97F1-44BC-B548-C355A98E645B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "{01F4EF69-CFE4-49D7-9459-3873D0FB2BDA}" = SmartFTP Client German (Germany) MUI
 "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
 "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
 "{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
 "{0BC990FA-89D8-4F70-AFA9-0C01557FB7B3}" = SmartFTP Client
 "{167F938F-5AD3-40e2-B05D-2B7C6F0FDE48}" = HP Deskjet D1500 Printer Driver 10.0 Rel .3
 "{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
 "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
 "{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
 "{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
 "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
 "{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
 "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
 "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
 "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
 "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
 "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
 "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
 "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
 "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
 "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
 "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
 "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
 "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
 "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
 "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
 "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
 "{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
 "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
 "Agere Systems Soft Modem" = Agere Systems HDA Modem
 "Ashampoo WinOptimizer 4 FREE_is1" = Ashampoo WinOptimizer 4 FREE
 "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
 "Audacity_is1" = Audacity 1.2.6
 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
 "Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
 "Biet-O-Matic v2.8.3" = Biet-O-Matic v2.8.3
 "Caesar 3" = Caesar 3
 "HijackThis" = HijackThis 2.0.2
 "ImgBurn" = ImgBurn
 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
 "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
 "Native Instruments Pro-53 Demo" = Native Instruments Pro-53 Demo
 "NVIDIA Drivers" = NVIDIA Drivers
 "Security Task Manager" = Security Task Manager 1.7h
 "Sierra-Dienstprogramme" = Sierra-Dienstprogramme
 "SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
 "SynTPDeinstKey" = Synaptics Pointing Device Driver
 "Tone Stack Calculator" = Tone Stack Calculator
 "Uniblue RegistryBooster" = Uniblue RegistryBooster
 
 ========== Last 10 Event Log Errors ==========
 
 [ Application Events ]
 Error - 20.05.2011 06:32:54 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
 Description =
 
 Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
 Description =
 
 Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
 Description =
 
 Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
 Description =
 
 Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
 Description =
 
 Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
 Description =
 
 Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
 Description =
 
 Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
 Description =
 
 Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
 Description =
 
 Error - 22.05.2011 19:04:26 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
 Description = Programm firefox.exe, Version 1.9.2.3909 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 39c  Anfangszeit: 01cc187c6c279488  Zeitpunkt der Beendigung:
 60
 
 [ System Events ]
 Error - 27.05.2011 15:42:40 | Computer Name = ***-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 27.05.2011 15:45:37 | Computer Name = ***-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 27.05.2011 15:45:39 | Computer Name = ***-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 27.05.2011 15:46:04 | Computer Name = ***-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 27.05.2011 15:46:05 | Computer Name = ***-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 27.05.2011 15:51:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 27.05.2011 16:12:33 | Computer Name = ***-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 27.05.2011 16:22:22 | Computer Name = ***-PC | Source = DCOM | ID = 10016
 Description =
 
 Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
 Description =
 
 Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
 Description =
 
 
 < End of report >
 gmer:   Code: 
 GMER 1.0.15.15627 - hxxp://www.gmer.netRootkit scan 2011-05-28 04:10:25
 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
 Running: ksdu5jyf.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys
 
 
 ---- Kernel code sections - GMER 1.0.15 ----
 
 ?               System32\drivers\fvxllon.sys                                             Das System kann den angegebenen Pfad nicht finden. !
 .text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                 section is writeable [0x8BC04340, 0x3DC4A7, 0xE8000020]
 
 ---- User code sections - GMER 1.0.15 ----
 
 .text           C:\Program Files\Mozilla Firefox\firefox.exe[2644] ntdll.dll!LdrLoadDll  77AE93A8 5 Bytes  JMP 011F1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
 
 ---- Devices - GMER 1.0.15 ----
 
 AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 AttachedDevice  \FileSystem\fastfat \Fat                                                 fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 AttachedDevice  \FileSystem\fastfat \Fat                                                 AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
 
 ---- Files - GMER 1.0.15 ----
 
 File            C:\ADSM_PData_0150                                                       0 bytes
 File            C:\ADSM_PData_0150\DB                                                    0 bytes
 File            C:\ADSM_PData_0150\DB\SI.db                                              624 bytes
 File            C:\ADSM_PData_0150\DB\UL.db                                              16 bytes
 File            C:\ADSM_PData_0150\DB\VL.db                                              16 bytes
 File            C:\ADSM_PData_0150\DB\_avt                                               512 bytes
 File            C:\ADSM_PData_0150\DragWait.exe                                          253952 bytes executable
 File            C:\ADSM_PData_0150\_avt                                                  512 bytes
 File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86              0 bytes
 File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys    29752 bytes executable
 File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt         512 bytes
 
 ---- EOF - GMER 1.0.15 ----
 Neuestes mbam-Log:   Code: 
 Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.org
 
 Datenbank Version: 6694
 
 Windows 6.0.6002 Service Pack 2
 Internet Explorer 7.0.6002.18005
 
 28.05.2011 00:22:42
 mbam-log-2011-05-28 (00-22-25).txt
 
 Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
 Durchsuchte Objekte: 265425
 Laufzeit: 1 Stunde(n), 34 Minute(n), 19 Sekunde(n)
 
 Infizierte Speicherprozesse: 0
 Infizierte Speichermodule: 0
 Infizierte Registrierungsschlüssel: 0
 Infizierte Registrierungswerte: 1
 Infizierte Dateiobjekte der Registrierung: 0
 Infizierte Verzeichnisse: 0
 Infizierte Dateien: 4
 
 Infizierte Speicherprozesse:
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Speichermodule:
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Registrierungsschlüssel:
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Registrierungswerte:
 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> No action taken.
 
 Infizierte Dateiobjekte der Registrierung:
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Verzeichnisse:
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Dateien:
 c:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskd60.dll (Heuristics.Shuriken) -> No action taken.
 c:\Users\***\tloadF4.dll (Heuristics.Shuriken) -> No action taken.
 c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\E45NVVOV\about[1].exe (Heuristics.Shuriken) -> No action taken.
 c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
 Ältere mbam-Logs und Avira-Ereignisse sind im Anhang. |