Trojaner-Board - System Check eingefangen, weiß nicht wie der zu entfernen ist.

OTLOTL Logfile:

Code:

OTL logfile created on: 10.02.2012 15:20:36 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = E:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,59% Memory free

3,83 Gb Paging File | 3,00 Gb Available in Paging File | 78,37% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 111,68 Gb Total Space | 14,53 Gb Free Space | 13,01% Space Free | Partition Type: NTFS

Drive E: | 1004,49 Mb Total Space | 990,13 Mb Free Space | 98,57% Space Free | Partition Type: FAT32

 

Computer Name: NBDELL | User Name: Julian Patras | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - E:\OTL.exe (OldTimer Tools)

PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5PwluBmXK6LfMc.exe ()

PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lBKAySPdSqe.exe ()

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()

PRC - C:\WINDOWS\system32\PSIService.exe ()

PRC - C:\Programme\Apoint\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)

PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)

PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc)

PRC - C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)

PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Programme\Dell Support\DSAgnt.exe (Gteko Ltd.)

PRC - C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)

PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5PwluBmXK6LfMc.exe ()

MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lBKAySPdSqe.exe ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()

MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()

MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()

MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()

MOD - C:\WINDOWS\system32\redmonnt.dll ()

MOD - C:\Programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()

MOD - C:\WINDOWS\system32\PSIService.exe ()

MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()

MOD - C:\Programme\Dell\QuickSet\dadkeyb.dll ()

MOD - C:\Programme\Intel\Wireless\Bin\acAuth.dll ()

MOD - C:\WINDOWS\system32\DLAAPI_W.DLL ()

MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()

MOD - C:\WINDOWS\system32\BrMuSNMP.dll ()

MOD - C:\WINDOWS\system32\LMPCMON.DLL ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (DCService.exe) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe ()

SRV - (ISIS) Package Shell (ISIS) -- C:\WINDOWS\System32\Ruv_isis.exe (Bitpride)

SRV - (W55U01) -- C:\WINDOWS\system32\ibmpmdrv.dll (Oak Technology Inc.)

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (WLANKEEPER) Intel(R) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)

SRV - (NICCONFIGSVC) -- C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

SRV - (STacSV) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)

SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)

DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)

DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DSproct) -- C:\Programme\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)

DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=4070529

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=4070529

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=4070529

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=4070529

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Julian Patras\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Julian Patras\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.04 09:11:16 | 000,000,000 | -H-D | M]

 

 

O1 HOSTS File: ([2011.08.18 06:55:22 | 000,437,468 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.123topsearch.com

O1 - Hosts: 127.0.0.1        123topsearch.com

O1 - Hosts: 127.0.0.1        www.132.com

O1 - Hosts: 127.0.0.1        132.com

O1 - Hosts: 127.0.0.1        www.136136.net

O1 - Hosts: 127.0.0.1        136136.net

O1 - Hosts: 15056 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()

O3 - HKLM\..\Toolbar: (instplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Dokumente und Einstellungen\Julian Patras\Anwendungsdaten\instplugin\toolbar.dll ()

O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()

O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc)

O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [lBKAySPdSqe.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lBKAySPdSqe.exe ()

O4 - HKLM..\Run: [MBGroup] C:\Programme\AmisAVW\BSA\VPMSRun\dll.32\MBGroup.exe (Allianz Versicherung AG)

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RoxioDragToDisc] C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)

O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [DellSupport] C:\Programme\Dell Support\DSAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [ISUSPM] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O8 - Extra context menu item: Download all with Free Download Manager - C:\Programme\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Download selected with Free Download Manager - C:\Programme\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Download video with Free Download Manager - C:\Programme\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Download with Free Download Manager - C:\Programme\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Programme\Risk\Images\stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Programme\Risk\Images\armhelper.ocx (ArmHelper Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240E6A8C-7BF5-4E86-8CF2-5F5F6D956A97}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004.08.13 12:54:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{14a0a486-5002-11e0-a8e7-0019b97b6438}\Shell - "" = AutoRun

O33 - MountPoints2\{14a0a486-5002-11e0-a8e7-0019b97b6438}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{14a0a486-5002-11e0-a8e7-0019b97b6438}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{14a0a48a-5002-11e0-a8e7-0019b97b6438}\Shell - "" = AutoRun

O33 - MountPoints2\{14a0a48a-5002-11e0-a8e7-0019b97b6438}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{14a0a48a-5002-11e0-a8e7-0019b97b6438}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{2bcba6f8-eff6-11e0-aa5f-001b772d750b}\Shell - "" = AutoRun

O33 - MountPoints2\{2bcba6f8-eff6-11e0-aa5f-001b772d750b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{2bcba6f8-eff6-11e0-aa5f-001b772d750b}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.10 15:17:29 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Julian Patras\Recent

[2012.02.10 14:15:45 | 000,040,776 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.02.10 14:11:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.02.10 14:11:43 | 000,020,464 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.02.10 14:11:43 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.02.10 14:04:22 | 000,000,000 | -H-D | C] -- C:\TDSSKiller_Quarantine

[2012.02.10 07:54:25 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Julian Patras\Startmenü\Programme\System Check

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.10 15:24:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.02.10 14:51:01 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.10 14:22:50 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd

[2012.02.10 14:15:45 | 000,040,776 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.02.10 14:11:46 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.10 14:07:25 | 000,000,464 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5PwluBmXK6LfMc

[2012.02.10 14:07:15 | 000,000,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~5PwluBmXK6LfMc

[2012.02.10 14:06:01 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.02.10 14:05:59 | 000,001,086 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.10 14:05:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.02.10 14:05:44 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.10 13:18:55 | 000,508,804 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.02.10 13:18:55 | 000,461,078 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.02.10 13:18:55 | 000,105,784 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.02.10 13:18:55 | 000,079,858 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.02.10 07:54:27 | 000,000,208 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~5PwluBmXK6LfMcr

[2012.02.10 07:54:26 | 000,000,845 | -H-- | M] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\System Check.lnk

[2012.02.10 07:54:16 | 000,350,720 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5PwluBmXK6LfMc.exe

[2012.02.10 07:48:26 | 000,442,368 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lBKAySPdSqe.exe

[2012.02.09 20:33:35 | 001,539,203 | -H-- | M] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\IMG_1932.JPG

[2012.02.09 20:33:24 | 002,252,591 | -H-- | M] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\IMG_1934.JPG

[2012.02.09 20:33:12 | 001,701,774 | -H-- | M] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\IMG_1939.JPG

[2012.02.09 20:33:00 | 001,284,486 | -H-- | M] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\IMG_1940.JPG

[2012.02.02 08:57:00 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.01.26 13:49:17 | 000,435,642 | -H-- | M] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\RB 06-07 Patras-Gottlob-LV.pdf

[2012.01.26 13:48:49 | 000,027,632 | -H-- | M] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\Deko Hochzeit.pdf

[2012.01.24 19:46:37 | 000,000,766 | -H-- | M] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\Windows Media Player.lnk

[2012.01.12 21:00:50 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.10 14:11:46 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.10 13:58:25 | 000,002,163 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk

[2012.02.10 13:58:25 | 000,001,887 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk

[2012.02.10 13:58:25 | 000,001,874 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Handbuch.lnk

[2012.02.10 13:58:25 | 000,001,807 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RUVIS-PC.lnk

[2012.02.10 13:58:25 | 000,001,584 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk

[2012.02.10 13:58:25 | 000,001,522 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2012.02.10 13:58:25 | 000,000,726 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mobile Partner.lnk

[2012.02.10 13:58:12 | 000,002,307 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 6.0.lnk

[2012.02.10 13:58:12 | 000,001,908 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSN.lnk

[2012.02.10 13:58:12 | 000,001,846 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Safari.lnk

[2012.02.10 13:58:12 | 000,001,830 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk

[2012.02.10 13:58:12 | 000,001,771 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows-Desktopsuche.lnk

[2012.02.10 13:58:12 | 000,001,681 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PowerDVD DX.lnk

[2012.02.10 13:58:12 | 000,000,662 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Movie Maker.lnk

[2012.02.10 13:58:12 | 000,000,621 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Messenger.lnk

[2012.02.10 13:14:06 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys

[2012.02.10 07:54:27 | 000,000,304 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~5PwluBmXK6LfMc

[2012.02.10 07:54:27 | 000,000,208 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~5PwluBmXK6LfMcr

[2012.02.10 07:54:26 | 000,000,845 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\System Check.lnk

[2012.02.10 07:54:21 | 000,000,464 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5PwluBmXK6LfMc

[2012.02.10 07:54:16 | 000,350,720 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5PwluBmXK6LfMc.exe

[2012.02.10 07:51:27 | 000,442,368 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lBKAySPdSqe.exe

[2012.02.10 07:48:38 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd

[2012.02.09 20:33:33 | 001,539,203 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\IMG_1932.JPG

[2012.02.09 20:33:21 | 002,252,591 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\IMG_1934.JPG

[2012.02.09 20:33:09 | 001,701,774 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\IMG_1939.JPG

[2012.02.09 20:32:58 | 001,284,486 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\IMG_1940.JPG

[2012.01.26 13:49:15 | 000,435,642 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\RB 06-07 Patras-Gottlob-LV.pdf

[2012.01.26 13:48:48 | 000,027,632 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\Deko Hochzeit.pdf

[2012.01.24 19:46:37 | 000,000,766 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Desktop\Windows Media Player.lnk

[2011.10.24 18:52:03 | 000,002,352 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.10.20 18:31:19 | 000,245,093 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Lokale Einstellungen\Anwendungsdaten\census.cache

[2011.10.20 18:31:15 | 000,196,904 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Lokale Einstellungen\Anwendungsdaten\ars.cache

[2011.10.20 18:16:28 | 000,000,036 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache

[2011.04.27 18:07:01 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011.04.27 18:06:34 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\System32\bd8085dn.dat

[2011.04.27 18:04:39 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL

[2011.04.27 18:04:38 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI

[2011.04.27 18:04:35 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\System32\BRADM08A.DAT

[2011.04.27 18:04:33 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2011.04.27 17:57:56 | 000,031,864 | -H-- | C] () -- C:\WINDOWS\maxlink.ini

[2010.04.20 11:51:05 | 000,003,584 | RH-- | C] () -- C:\WINDOWS\System32\pkgs_fra.dll

[2010.04.20 11:51:05 | 000,003,584 | RH-- | C] () -- C:\WINDOWS\System32\pkgs_enu.dll

[2010.04.20 11:51:05 | 000,003,584 | RH-- | C] () -- C:\WINDOWS\System32\pkgs_ell.dll

[2010.04.20 11:51:05 | 000,003,584 | RH-- | C] () -- C:\WINDOWS\System32\pkgs_deu.dll

[2010.04.20 11:51:05 | 000,002,560 | RH-- | C] () -- C:\WINDOWS\System32\pkgs_jpn.dll

[2010.04.20 11:51:05 | 000,002,048 | RH-- | C] () -- C:\WINDOWS\System32\pkgs_chs.dll

[2009.12.21 15:41:59 | 000,039,648 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009.07.07 10:33:26 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\iefgdic.ini

[2009.03.25 11:09:45 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\BS2Druck.ini

[2009.01.10 21:00:23 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2009.01.10 21:00:23 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe

[2008.12.08 18:34:53 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2008.09.06 09:07:28 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat

[2008.07.23 17:27:58 | 000,005,184 | -H-- | C] () -- C:\WINDOWS\vfrx.ini

[2008.07.18 17:29:46 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2008.06.28 10:52:10 | 000,006,344 | -H-- | C] () -- C:\WINDOWS\alias.ini

[2008.05.19 18:47:31 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\MyHeritage.INI

[2008.05.19 18:36:39 | 000,454,656 | -H-- | C] () -- C:\WINDOWS\System32\PaintX.dll

[2008.04.22 16:41:22 | 000,000,675 | -H-- | C] () -- C:\WINDOWS\VFORTSCH.INI

[2008.04.22 14:55:11 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\AFORTSCH.INI

[2008.04.22 14:46:11 | 000,000,033 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Anwendungsdaten\bvvAppl.ini

[2008.04.22 13:58:12 | 000,000,601 | -H-- | C] () -- C:\WINDOWS\caf.ini

[2008.04.22 13:53:54 | 000,012,400 | -H-- | C] () -- C:\WINDOWS\Tabaus.ini

[2008.04.22 13:53:54 | 000,003,348 | -H-- | C] () -- C:\WINDOWS\VPMS.ini

[2008.04.18 08:05:49 | 000,691,545 | -H-- | C] () -- C:\WINDOWS\unins000.exe

[2008.04.18 08:05:49 | 000,002,554 | -H-- | C] () -- C:\WINDOWS\unins000.dat

[2008.04.16 11:39:28 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\LICENSE.DAT

[2008.03.31 13:48:39 | 000,275,456 | -H-- | C] () -- C:\WINDOWS\System32\Tab32d20.dll

[2008.03.31 13:48:39 | 000,153,088 | -H-- | C] () -- C:\WINDOWS\System32\Imp32d20.dll

[2008.02.15 19:48:43 | 000,000,126 | -H-- | C] () -- C:\WINDOWS\disney.ini

[2008.02.15 19:48:39 | 000,000,208 | -H-- | C] () -- C:\WINDOWS\disneysy.ini

[2007.12.12 11:53:22 | 000,000,178 | -H-- | C] () -- C:\WINDOWS\hpbafd.ini

[2007.10.14 14:19:56 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\System32\Stbss.ini

[2007.10.10 17:38:18 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\WirelessFTP.INI

[2007.09.16 10:14:47 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL

[2007.09.16 10:14:15 | 000,011,776 | -H-- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll

[2007.07.30 15:59:55 | 004,245,008 | -H-- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll

[2007.07.30 15:59:55 | 000,247,824 | -H-- | C] () -- C:\WINDOWS\System32\prgiso.dll

[2007.07.30 15:59:55 | 000,013,840 | -H-- | C] () -- C:\WINDOWS\System32\wnaspi32.dll

[2007.07.23 10:10:16 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\System32\SI.bin

[2007.06.28 10:57:48 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\iltwain.ini

[2007.06.28 10:57:32 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\wh2robo.dll

[2007.06.28 10:57:11 | 000,049,152 | RH-- | C] () -- C:\WINDOWS\System32\LMPCINST.DLL

[2007.06.28 10:57:11 | 000,006,144 | RH-- | C] () -- C:\WINDOWS\System32\LMPCMON.DLL

[2007.06.20 12:59:22 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2007.06.05 12:20:32 | 000,177,704 | -H-- | C] () -- C:\WINDOWS\System32\PSIService.exe

[2007.06.02 10:54:35 | 000,119,808 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007.06.01 18:48:39 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\DOCS.INI

[2007.06.01 18:25:45 | 000,000,972 | -H-- | C] () -- C:\WINDOWS\conaslpm.ini

[2007.06.01 18:23:00 | 000,005,009 | -H-- | C] () -- C:\WINDOWS\axavfr32.ini

[2007.06.01 18:23:00 | 000,000,351 | -H-- | C] () -- C:\WINDOWS\axabt.ini

[2007.06.01 18:23:00 | 000,000,150 | -H-- | C] () -- C:\WINDOWS\conasvk.INI

[2007.06.01 18:23:00 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\axae.ini

[2007.06.01 17:36:17 | 000,000,409 | -H-- | C] () -- C:\WINDOWS\allianzl.ini

[2007.06.01 17:35:48 | 000,001,636 | -H-- | C] () -- C:\WINDOWS\ODBC.INI

[2007.06.01 15:47:56 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2007.06.01 14:37:31 | 000,000,146 | -H-- | C] () -- C:\Dokumente und Einstellungen\Julian Patras\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2007.05.29 11:45:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\tosOBEX.INI

[2007.05.29 11:45:46 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini

[2007.05.29 11:42:49 | 000,056,056 | -H-- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2007.05.29 11:42:49 | 000,000,898 | -H-- | C] () -- C:\WINDOWS\wininit.ini

[2007.05.29 11:40:12 | 000,319,488 | -H-- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

[2007.05.29 11:10:17 | 000,910,304 | -H-- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2007.05.29 11:10:17 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll

[2007.05.29 11:10:16 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\setpwr32.exe

[2007.05.29 11:09:17 | 000,001,503 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007.02.09 16:41:46 | 000,598,016 | -H-- | C] () -- C:\WINDOWS\System32\pdf_java.dll

[2007.02.09 16:29:45 | 000,018,432 | -H-- | C] () -- C:\WINDOWS\System32\regtools.dll

[2007.02.05 14:48:36 | 000,016,828 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007.02.05 14:48:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007.02.05 14:48:28 | 000,016,562 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007.02.05 13:24:28 | 000,018,271 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2007.02.05 13:24:26 | 000,099,999 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2006.11.07 04:25:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini

[2006.09.16 23:36:50 | 000,520,192 | -H-- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006.09.16 23:36:50 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2006.09.08 08:30:44 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\System32\detoured.dll

[2005.12.07 11:31:00 | 000,202,752 | RH-- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2005.09.02 14:44:08 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005.07.22 21:30:20 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004.08.13 13:04:30 | 000,000,945 | -H-- | C] () -- C:\WINDOWS\orun32.ini

[2004.08.13 12:59:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004.08.13 12:52:23 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004.08.13 12:51:43 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004.08.13 12:47:33 | 000,004,756 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004.08.13 12:46:51 | 000,227,000 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004.08.13 12:40:53 | 000,508,804 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2004.08.13 12:40:53 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2004.08.13 12:40:53 | 000,105,784 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2004.08.13 12:40:53 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2004.08.13 12:40:41 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004.08.13 12:40:39 | 000,461,078 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004.08.13 12:40:39 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004.08.13 12:40:39 | 000,079,858 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004.08.13 12:40:39 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004.08.13 12:40:37 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004.08.13 12:40:36 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004.08.13 12:40:35 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

[2004.08.13 12:40:30 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004.08.13 12:40:30 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2004.08.13 12:40:22 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004.08.13 12:40:14 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004.07.20 17:04:02 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004.01.15 14:43:28 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[1997.05.12 23:00:00 | 001,664,272 | -H-- | C] () -- C:\WINDOWS\System32\MSO97V.DLL

[1997.05.12 23:00:00 | 000,022,016 | -H-- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1997.05.12 23:00:00 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\System32\MSORFS.DLL

[1997.05.12 23:00:00 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:90E3641D

@Alternate Data Stream - 96 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3F2F06F2

@Alternate Data Stream - 95 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C07A6A6B

@Alternate Data Stream - 94 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:89C2A42C

@Alternate Data Stream - 152 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F854B030

@Alternate Data Stream - 149 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:550179F5

@Alternate Data Stream - 144 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B54102AD

@Alternate Data Stream - 142 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:949E3D1B

@Alternate Data Stream - 141 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BB709C37

@Alternate Data Stream - 140 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:03D08225

@Alternate Data Stream - 136 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F84B8DB5

@Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:ED45A20F

@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:87F524B2

@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:478FEFC3

@Alternate Data Stream - 131 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FDDD8917

@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B894C266

@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5E3FBF9D

@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4D066AD2

@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3AE22B1A

@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:33A7CC67

@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5F538558

@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:444C53BA

@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E2CB42C9

@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B1EEADE7

@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:ADE16379

@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D26DD363

@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8F925134

@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:30C46519

@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:273A8657

@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:20451762

@Alternate Data Stream - 123 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D8F9D810

@Alternate Data Stream - 123 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8776F88E

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9B285B76

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9AB56A06

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:87FA5E8A

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3313EA24

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F65733F1

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:981349EA

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:96F344DB

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8EEE3BBB

@Alternate Data Stream - 120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:700CD00E

@Alternate Data Stream - 120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6CBAF5F3

@Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFA00BA4

@Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C6EBC69

@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:81ED9272

@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2FF4577A

@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0F0A5896

@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F880DE59

@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D88D995C

@Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:41099CE9

@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:861A898F

@Alternate Data Stream - 107 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A42A9F39

@Alternate Data Stream - 107 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:164FA86E

@Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F50F1555

@Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9AB338B9

@Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:848CC150

@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:37CE0F2E

@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:EA34E08F

@Alternate Data Stream - 101 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:439E3411

@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DCF7E75A
 

< End of report >

--- --- ---

EXTRA!OTL Logfile:

Code:

OTL Extras logfile created on: 10.02.2012 15:20:36 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = E:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,59% Memory free

3,83 Gb Paging File | 3,00 Gb Available in Paging File | 78,37% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 111,68 Gb Total Space | 14,53 Gb Free Space | 13,01% Space Free | Partition Type: NTFS

Drive E: | 1004,49 Mb Total Space | 990,13 Mb Free Space | 98,57% Space Free | Partition Type: FAT32

 

Computer Name: NBDELL | User Name: Julian Patras | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"5900:TCP" = 5900:TCP:*:Enabled:vnc5900

"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"1433:TCP" = 1433:TCP:*:Enabled:SQL 1433

"54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe:*:Enabled:VHV Java Virtual Machine

"C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe:*:Enabled:VHV Java Virtual Machine

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Dokumente und Einstellungen\Julian Patras\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe" = C:\Dokumente und Einstellungen\Julian Patras\Lokale Einstellungen\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000

"C:\Programme\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe" = C:\Programme\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V

"C:\Programme\Tomragames\Battleship\jre\bin\javaw.exe" = C:\Programme\Tomragames\Battleship\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary

"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)

"C:\Dokumente und Einstellungen\Julian Patras\Lokale Einstellungen\Temp\Rar$EX00.844\repeater.exe" = C:\Dokumente und Einstellungen\Julian Patras\Lokale Einstellungen\Temp\Rar$EX00.844\repeater.exe:*:Enabled:distributer

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console -- (Microsoft Corporation)

"C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\VHVKommunikationszentrale.exe:*:Enabled:VHV Java Virtual Machine

"C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe" = C:\Programme\VHV Hannover\VPL_APPS\Versandzentrale\jre\bin\javaw.exe:*:Enabled:VHV Java Virtual Machine

"C:\Programme\Allianz Leben\AllianzProgramm\azl\ltech\jre\1.6.0\bin\javaw.exe" = C:\Programme\Allianz Leben\AllianzProgramm\azl\ltech\jre\1.6.0\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\Allianz Leben\AllianzProgramm\azl\ltech\compass\firebird\bin\fbserver.exe" = C:\Programme\Allianz Leben\AllianzProgramm\azl\ltech\compass\firebird\bin\fbserver.exe:*:Enabled:Firebird SQL Server -- (Firebird Project)

"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Dokumente und Einstellungen\Julian Patras\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Dokumente und Einstellungen\Julian Patras\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)

"C:\WINDOWS\TEMP\{939A95FF-0545-417A-AEA6-34A5418B6744}\dbeng11.exe" = C:\WINDOWS\TEMP\{939A95FF-0545-417A-AEA6-34A5418B6744}\dbeng11.exe:*:Enabled:Adaptive Server Anywhere Database Engine

"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Programme\Skype\Skype.exe" = C:\Programme\Skype\Skype.exe:*:Enabled:Skype  -- (Skype Technologies S.A.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite

"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 26

"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{334B6B44-2C7F-4AC0-A215-E780541CE033}" = Paragon Drive Copy 2007

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3BB7DDB1-23A5-489D-8F96-292FB224BA90}" = AXA Beratungstechnologie

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{411974B1-21F1-4DB6-AD36-8890B6D4F84D}" = RV-SysInfo

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{7148F0A8-6813-11D6-A77B-00B0D0142100}" = Java 2 Runtime Environment, SE v1.4.2_10

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.02

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{85530EE5-B265-4F84-BD2A-DE2BBBC990B7}" = Beratungsprogramme W&W-Konzern

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{939A95FF-0545-417A-AEA6-34A5418B6744}" = RUVIS-PC

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A00000000002}" = Adobe Reader 6.0.2 - Deutsch

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1)

"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem  (02/15/2007 3.1)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner (remove only)

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup" = DivX-Setup

"Drachenkrieg_is1" = Drachenkrieg (with media and plugins), version 1.1.23

"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)

"Family Tree Builder" = MyHeritage Family Tree Builder

"Finanzplaner" = Finanzplaner

"Free Download Manager_is1" = Free Download Manager 2.5

"FreePDF_XP" = FreePDF XP (Remove only)

"GoogleVideoPlayer" = Google Video Player

"GPL Ghostscript 8.63" = GPL Ghostscript 8.63

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"ie8" = Windows Internet Explorer 8

"LabelMANAGER" = LabelMANAGER

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mobile Partner" = Mobile Partner

"Nokia PC Suite" = Nokia PC Suite

"OpenAL" = OpenAL

"ProInst" = Intel(R) PROSet/Wireless Software

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"Skype" = Skype 5.2

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20

"Ultravnc2_is1" = UltraVNC 1.0.4 RC14

"Viewer97" = Microsoft Word Viewer 97

"VLC media player" = VLC media player 0.9.6

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 10.02.2012 08:23:11 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:23:11.609]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

Error - 10.02.2012 08:23:41 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:23:41.656]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

Error - 10.02.2012 08:24:11 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:24:11.687]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

Error - 10.02.2012 08:24:41 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:24:41.718]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

Error - 10.02.2012 08:25:11 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:25:11.750]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

Error - 10.02.2012 08:25:41 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:25:41.796]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

Error - 10.02.2012 08:26:11 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:26:11.828]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

Error - 10.02.2012 08:26:41 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:26:41.875]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

Error - 10.02.2012 08:27:11 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:27:11.921]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

Error - 10.02.2012 08:27:41 | Computer Name = NBDELL | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/02/10 13:27:41.953]: [00000780]: GetDeviceIpAddress:

 GetAddressByName [BRN001BA95FA9D2] Error  

 

[ OSession Events ]

Error - 24.11.2008 06:06:59 | Computer Name = NBDELL | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 318

 seconds with 300 seconds of active time.  This session ended with a crash.

 

Error - 24.11.2008 06:11:00 | Computer Name = NBDELL | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 24.11.2008 06:12:26 | Computer Name = NBDELL | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 45

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 24.11.2008 06:13:40 | Computer Name = NBDELL | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 10.02.2012 08:56:20 | Computer Name = NBDELL | Source = Service Control Manager | ID = 7023

Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem 

Fehler beendet:   %%127

 

Error - 10.02.2012 08:57:51 | Computer Name = NBDELL | Source = Service Control Manager | ID = 7023

Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem 

Fehler beendet:   %%127

 

Error - 10.02.2012 08:58:34 | Computer Name = NBDELL | Source = Service Control Manager | ID = 7023

Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem 

Fehler beendet:   %%127

 

Error - 10.02.2012 08:58:34 | Computer Name = NBDELL | Source = Service Control Manager | ID = 7023

Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem 

Fehler beendet:   %%127

 

Error - 10.02.2012 08:59:22 | Computer Name = NBDELL | Source = Service Control Manager | ID = 7023

Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem 

Fehler beendet:   %%127

 

Error - 10.02.2012 09:00:54 | Computer Name = NBDELL | Source = Service Control Manager | ID = 7023

Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem 

Fehler beendet:   %%127

 

Error - 10.02.2012 09:02:25 | Computer Name = NBDELL | Source = Service Control Manager | ID = 7023

Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem 

Fehler beendet:   %%127

 

Error - 10.02.2012 09:03:56 | Computer Name = NBDELL | Source = Service Control Manager | ID = 7023

Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem 

Fehler beendet:   %%127

 

Error - 10.02.2012 09:06:06 | Computer Name = NBDELL | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   Pcmcia

 

Error - 10.02.2012 09:06:09 | Computer Name = NBDELL | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

 

< End of report >

--- --- ---

so, sry hat etwas gedauert bis ich wieder weitermachen konnte.

hier noch die fehlenden Files.

Und ja, ich habe wieder Zugriff auf den desktop.

10:27:20.0328 0348 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
10:27:20.0562 0348 ============================================================
10:27:20.0562 0348 Current date / time: 2012/02/11 10:27:20.0562
10:27:20.0562 0348 SystemInfo:
10:27:20.0562 0348
10:27:20.0562 0348 OS Version: 5.1.2600 ServicePack: 3.0
10:27:20.0562 0348 Product type: Workstation
10:27:20.0562 0348 ComputerName: NBDELL
10:27:20.0562 0348 UserName: Julian Patras
10:27:20.0562 0348 Windows directory: C:\WINDOWS
10:27:20.0562 0348 System windows directory: C:\WINDOWS
10:27:20.0562 0348 Processor architecture: Intel x86
10:27:20.0562 0348 Number of processors: 2
10:27:20.0562 0348 Page size: 0x1000
10:27:20.0562 0348 Boot type: Normal boot
10:27:20.0562 0348 ============================================================
10:27:23.0015 0348 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:27:23.0015 0348 Drive \Device\Harddisk1\DR3 - Size: 0x3EE80000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:27:23.0015 0348 \Device\Harddisk0\DR0:
10:27:23.0015 0348 MBR used
10:27:23.0015 0348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x36E8E, BlocksNum 0xDF5C933
10:27:23.0015 0348 \Device\Harddisk1\DR3:
10:27:23.0015 0348 MBR used
10:27:23.0015 0348 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x1F73C0
10:27:23.0046 0348 Initialize success
10:27:23.0046 0348 ============================================================
10:27:27.0328 0456 ============================================================
10:27:27.0328 0456 Scan started
10:27:27.0328 0456 Mode: Manual;
10:27:27.0328 0456 ============================================================
10:27:28.0296 0456 Abiosdsk - ok
10:27:28.0375 0456 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:27:28.0375 0456 abp480n5 - ok
10:27:28.0437 0456 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:27:28.0437 0456 ACPI - ok
10:27:28.0484 0456 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:27:28.0484 0456 ACPIEC - ok
10:27:28.0609 0456 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:27:28.0609 0456 adpu160m - ok
10:27:28.0671 0456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:27:28.0671 0456 aec - ok
10:27:28.0718 0456 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:27:28.0718 0456 AegisP - ok
10:27:28.0765 0456 AFD (1d495ee1d3a836801d1fd816ff4a93f9) C:\WINDOWS\System32\drivers\afd.sys
10:27:28.0765 0456 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 1d495ee1d3a836801d1fd816ff4a93f9, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9
10:27:28.0765 0456 AFD ( Virus.Win32.ZAccess.c ) - infected
10:27:28.0765 0456 AFD - detected Virus.Win32.ZAccess.c (0)
10:27:28.0828 0456 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:27:28.0828 0456 agp440 - ok
10:27:28.0937 0456 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:27:28.0937 0456 agpCPQ - ok
10:27:29.0000 0456 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:27:29.0000 0456 Aha154x - ok
10:27:29.0046 0456 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:27:29.0046 0456 aic78u2 - ok
10:27:29.0078 0456 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:27:29.0078 0456 aic78xx - ok
10:27:29.0109 0456 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:27:29.0109 0456 AliIde - ok
10:27:29.0187 0456 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:27:29.0187 0456 alim1541 - ok
10:27:29.0296 0456 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:27:29.0296 0456 amdagp - ok
10:27:29.0343 0456 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:27:29.0343 0456 amsint - ok
10:27:29.0390 0456 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
10:27:29.0406 0456 ApfiltrService - ok
10:27:29.0437 0456 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
10:27:29.0437 0456 APPDRV - ok
10:27:29.0500 0456 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:27:29.0500 0456 Arp1394 - ok
10:27:29.0609 0456 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:27:29.0609 0456 asc - ok
10:27:29.0640 0456 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:27:29.0640 0456 asc3350p - ok
10:27:29.0656 0456 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:27:29.0656 0456 asc3550 - ok
10:27:29.0703 0456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:27:29.0703 0456 AsyncMac - ok
10:27:29.0734 0456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:27:29.0734 0456 atapi - ok
10:27:29.0828 0456 Atdisk - ok
10:27:29.0890 0456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:27:29.0890 0456 Atmarpc - ok
10:27:29.0937 0456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:27:29.0937 0456 audstub - ok
10:27:30.0062 0456 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
10:27:30.0062 0456 avgio - ok
10:27:30.0109 0456 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:27:30.0109 0456 avgntflt - ok
10:27:30.0250 0456 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:27:30.0250 0456 avipbb - ok
10:27:30.0312 0456 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:27:30.0328 0456 b57w2k - ok
10:27:30.0375 0456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:27:30.0375 0456 Beep - ok
10:27:30.0421 0456 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:27:30.0421 0456 cbidf - ok
10:27:30.0625 0456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:27:30.0625 0456 cbidf2k - ok
10:27:30.0812 0456 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:27:30.0843 0456 cd20xrnt - ok
10:27:30.0875 0456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:27:30.0875 0456 Cdaudio - ok
10:27:30.0968 0456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:27:30.0968 0456 Cdfs - ok
10:27:31.0015 0456 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:27:31.0015 0456 Cdrom - ok
10:27:31.0031 0456 Changer - ok
10:27:31.0062 0456 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:27:31.0062 0456 CmBatt - ok
10:27:31.0062 0456 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:27:31.0062 0456 CmdIde - ok
10:27:31.0109 0456 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:27:31.0109 0456 Compbatt - ok
10:27:31.0156 0456 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:27:31.0156 0456 Cpqarray - ok
10:27:31.0203 0456 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:27:31.0218 0456 dac2w2k - ok
10:27:31.0312 0456 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:27:31.0312 0456 dac960nt - ok
10:27:31.0406 0456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:27:31.0406 0456 Disk - ok
10:27:31.0468 0456 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
10:27:31.0468 0456 DLABMFSM - ok
10:27:31.0484 0456 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:27:31.0500 0456 DLABOIOM - ok
10:27:31.0500 0456 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:27:31.0515 0456 DLACDBHM - ok
10:27:31.0531 0456 DLADResM (a8dab4d53fb6dc4977c1ca3d28001053) C:\WINDOWS\system32\DLA\DLADResM.SYS
10:27:31.0531 0456 DLADResM - ok
10:27:31.0625 0456 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:27:31.0625 0456 DLAIFS_M - ok
10:27:31.0687 0456 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:27:31.0687 0456 DLAOPIOM - ok
10:27:31.0718 0456 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:27:31.0718 0456 DLAPoolM - ok
10:27:31.0734 0456 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
10:27:31.0734 0456 DLARTL_M - ok
10:27:31.0765 0456 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:27:31.0765 0456 DLAUDFAM - ok
10:27:31.0796 0456 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:27:31.0796 0456 DLAUDF_M - ok
10:27:31.0921 0456 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:27:31.0937 0456 dmboot - ok
10:27:32.0031 0456 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:27:32.0031 0456 dmio - ok
10:27:32.0109 0456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:27:32.0109 0456 dmload - ok
10:27:32.0171 0456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:27:32.0171 0456 DMusic - ok
10:27:32.0234 0456 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:27:32.0234 0456 dpti2o - ok
10:27:32.0265 0456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:27:32.0265 0456 drmkaud - ok
10:27:32.0343 0456 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:27:32.0359 0456 DRVMCDB - ok
10:27:32.0406 0456 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:27:32.0406 0456 DRVNDDM - ok
10:27:32.0546 0456 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Programme\Dell Support\GTAction\triggers\DSproct.sys
10:27:32.0546 0456 DSproct - ok
10:27:32.0609 0456 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:27:32.0609 0456 E100B - ok
10:27:32.0687 0456 ewusbnet (4fd02e31eac2cbc81eb08a1ce81e73a2) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
10:27:32.0687 0456 ewusbnet - ok
10:27:32.0765 0456 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
10:27:32.0765 0456 ew_hwusbdev - ok
10:27:32.0843 0456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:27:32.0843 0456 Fastfat - ok
10:27:32.0906 0456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:27:32.0906 0456 Fdc - ok
10:27:32.0937 0456 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:27:32.0937 0456 Fips - ok
10:27:32.0984 0456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:27:32.0984 0456 Flpydisk - ok
10:27:33.0031 0456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:27:33.0031 0456 FltMgr - ok
10:27:33.0140 0456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:27:33.0140 0456 Fs_Rec - ok
10:27:33.0171 0456 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:27:33.0187 0456 Ftdisk - ok
10:27:33.0234 0456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:27:33.0234 0456 GEARAspiWDM - ok
10:27:33.0281 0456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:27:33.0281 0456 Gpc - ok
10:27:33.0328 0456 guardian2 (0e1fd1ea2837d6b7a1d7b6c928014d05) C:\WINDOWS\system32\Drivers\oz776.sys
10:27:33.0328 0456 guardian2 - ok
10:27:33.0359 0456 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:27:33.0359 0456 HDAudBus - ok
10:27:33.0437 0456 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:27:33.0437 0456 HidUsb - ok
10:27:33.0546 0456 hotcore3 (4bab16afc2b0029e09c67daa8ec722a2) C:\WINDOWS\system32\drivers\hotcore3.sys
10:27:33.0546 0456 hotcore3 - ok
10:27:33.0609 0456 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:27:33.0609 0456 hpn - ok
10:27:33.0671 0456 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:27:33.0671 0456 HSFHWAZL - ok
10:27:33.0812 0456 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:27:33.0843 0456 HSF_DPV - ok
10:27:33.0937 0456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:27:33.0953 0456 HTTP - ok
10:27:34.0062 0456 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
10:27:34.0062 0456 huawei_enumerator - ok
10:27:34.0125 0456 hwdatacard (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
10:27:34.0125 0456 hwdatacard - ok
10:27:34.0187 0456 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:27:34.0187 0456 i2omgmt - ok
10:27:34.0281 0456 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:27:34.0296 0456 i2omp - ok
10:27:34.0343 0456 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:27:34.0343 0456 i8042prt - ok
10:27:34.0734 0456 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:27:34.0984 0456 ialm - ok
10:27:35.0125 0456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:27:35.0125 0456 Imapi - ok
10:27:35.0187 0456 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:27:35.0187 0456 ini910u - ok
10:27:35.0234 0456 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:27:35.0234 0456 IntelIde - ok
10:27:35.0281 0456 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:27:35.0281 0456 intelppm - ok
10:27:35.0328 0456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:27:35.0328 0456 Ip6Fw - ok
10:27:35.0375 0456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:27:35.0375 0456 IpFilterDriver - ok
10:27:35.0500 0456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:27:35.0500 0456 IpInIp - ok
10:27:35.0546 0456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:27:35.0546 0456 IpNat - ok
10:27:35.0562 0456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:27:35.0562 0456 IPSec - ok
10:27:35.0609 0456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:27:35.0609 0456 IRENUM - ok
10:27:35.0640 0456 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:27:35.0640 0456 isapnp - ok
10:27:35.0671 0456 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:27:35.0671 0456 Kbdclass - ok
10:27:35.0796 0456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:27:35.0796 0456 kmixer - ok
10:27:35.0828 0456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:27:35.0828 0456 KSecDD - ok
10:27:35.0843 0456 lbrtfdc - ok
10:27:35.0875 0456 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
10:27:35.0875 0456 MBAMProtector - ok
10:27:35.0921 0456 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:27:35.0921 0456 mdmxsdk - ok
10:27:35.0984 0456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:27:35.0984 0456 mnmdd - ok
10:27:36.0031 0456 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:27:36.0031 0456 Modem - ok
10:27:36.0140 0456 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:27:36.0140 0456 Mouclass - ok
10:27:36.0203 0456 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:27:36.0203 0456 mouhid - ok
10:27:36.0281 0456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:27:36.0281 0456 MountMgr - ok
10:27:36.0328 0456 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:27:36.0328 0456 mraid35x - ok
10:27:36.0390 0456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:27:36.0390 0456 MRxDAV - ok
10:27:36.0468 0456 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:27:36.0484 0456 MRxSmb - ok
10:27:36.0640 0456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:27:36.0640 0456 Msfs - ok
10:27:36.0687 0456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:27:36.0687 0456 MSKSSRV - ok
10:27:36.0718 0456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:27:36.0718 0456 MSPCLOCK - ok
10:27:36.0750 0456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:27:36.0750 0456 MSPQM - ok
10:27:36.0796 0456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:27:36.0796 0456 mssmbios - ok
10:27:36.0843 0456 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:27:36.0859 0456 Mup - ok
10:27:37.0031 0456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:27:37.0031 0456 NDIS - ok
10:27:37.0093 0456 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:27:37.0093 0456 NdisTapi - ok
10:27:37.0125 0456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:27:37.0125 0456 Ndisuio - ok
10:27:37.0140 0456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:27:37.0156 0456 NdisWan - ok
10:27:37.0187 0456 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:27:37.0187 0456 NDProxy - ok
10:27:37.0328 0456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:27:37.0328 0456 NetBIOS - ok
10:27:37.0359 0456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:27:37.0359 0456 NetBT - ok
10:27:37.0546 0456 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
10:27:37.0625 0456 NETw4x32 - ok
10:27:37.0781 0456 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:27:37.0781 0456 NIC1394 - ok
10:27:37.0828 0456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:27:37.0828 0456 Npfs - ok
10:27:37.0875 0456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:27:37.0890 0456 Ntfs - ok
10:27:38.0031 0456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:27:38.0031 0456 Null - ok
10:27:38.0140 0456 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:27:38.0171 0456 nv - ok
10:27:38.0281 0456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:27:38.0281 0456 NwlnkFlt - ok
10:27:38.0296 0456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:27:38.0296 0456 NwlnkFwd - ok
10:27:38.0343 0456 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:27:38.0343 0456 ohci1394 - ok
10:27:38.0390 0456 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
10:27:38.0406 0456 Parport - ok
10:27:38.0421 0456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:27:38.0421 0456 PartMgr - ok
10:27:38.0468 0456 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:27:38.0468 0456 ParVdm - ok
10:27:38.0515 0456 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:27:38.0515 0456 PCI - ok
10:27:38.0609 0456 PCIDump - ok
10:27:38.0671 0456 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:27:38.0671 0456 PCIIde - ok
10:27:38.0734 0456 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:27:38.0734 0456 Pcmcia - ok
10:27:38.0734 0456 PDCOMP - ok
10:27:38.0750 0456 PDFRAME - ok
10:27:38.0765 0456 PDRELI - ok
10:27:38.0781 0456 PDRFRAME - ok
10:27:38.0859 0456 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:27:38.0875 0456 perc2 - ok
10:27:38.0890 0456 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:27:38.0890 0456 perc2hib - ok
10:27:39.0031 0456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:27:39.0031 0456 PptpMiniport - ok
10:27:39.0046 0456 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:27:39.0046 0456 PSched - ok
10:27:39.0109 0456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:27:39.0125 0456 Ptilink - ok
10:27:39.0187 0456 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:27:39.0187 0456 PxHelp20 - ok
10:27:39.0234 0456 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:27:39.0234 0456 ql1080 - ok
10:27:39.0296 0456 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:27:39.0296 0456 Ql10wnt - ok
10:27:39.0390 0456 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:27:39.0390 0456 ql12160 - ok
10:27:39.0437 0456 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:27:39.0437 0456 ql1240 - ok
10:27:39.0468 0456 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:27:39.0468 0456 ql1280 - ok
10:27:39.0578 0456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:27:39.0578 0456 RasAcd - ok
10:27:39.0640 0456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:27:39.0640 0456 Rasl2tp - ok
10:27:39.0703 0456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:27:39.0703 0456 RasPppoe - ok
10:27:39.0718 0456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:27:39.0718 0456 Raspti - ok
10:27:39.0765 0456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:27:39.0765 0456 Rdbss - ok
10:27:39.0781 0456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:27:39.0781 0456 RDPCDD - ok
10:27:39.0828 0456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:27:39.0828 0456 rdpdr - ok
10:27:39.0906 0456 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:27:39.0906 0456 RDPWD - ok
10:27:39.0984 0456 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:27:39.0984 0456 redbook - ok
10:27:40.0031 0456 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
10:27:40.0031 0456 ROOTMODEM - ok
10:27:40.0078 0456 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:27:40.0078 0456 s24trans - ok
10:27:40.0171 0456 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
10:27:40.0171 0456 SDDMI2 - ok
10:27:40.0218 0456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:27:40.0218 0456 Secdrv - ok
10:27:40.0328 0456 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:27:40.0328 0456 serenum - ok
10:27:40.0406 0456 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
10:27:40.0406 0456 Serial - ok
10:27:40.0484 0456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:27:40.0484 0456 Sfloppy - ok
10:27:40.0500 0456 Simbad - ok
10:27:40.0546 0456 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:27:40.0546 0456 sisagp - ok
10:27:40.0593 0456 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:27:40.0593 0456 Sparrow - ok
10:27:40.0687 0456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:27:40.0687 0456 splitter - ok
10:27:40.0734 0456 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:27:40.0750 0456 sr - ok
10:27:40.0796 0456 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:27:40.0796 0456 Srv - ok
10:27:40.0843 0456 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:27:40.0843 0456 ssmdrv - ok
10:27:40.0937 0456 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
10:27:40.0937 0456 STHDA - ok
10:27:41.0078 0456 StillCam (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:27:41.0078 0456 StillCam - ok
10:27:41.0156 0456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:27:41.0156 0456 swenum - ok
10:27:41.0187 0456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:27:41.0187 0456 swmidi - ok
10:27:41.0234 0456 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:27:41.0234 0456 symc810 - ok
10:27:41.0250 0456 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:27:41.0265 0456 symc8xx - ok
10:27:41.0281 0456 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:27:41.0281 0456 sym_hi - ok
10:27:41.0312 0456 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:27:41.0312 0456 sym_u3 - ok
10:27:41.0421 0456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:27:41.0421 0456 sysaudio - ok
10:27:41.0484 0456 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:27:41.0500 0456 Tcpip - ok
10:27:41.0531 0456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:27:41.0531 0456 TDPIPE - ok
10:27:41.0578 0456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:27:41.0578 0456 TDTCP - ok
10:27:41.0593 0456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:27:41.0593 0456 TermDD - ok
10:27:41.0734 0456 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
10:27:41.0734 0456 TosIde - ok
10:27:41.0812 0456 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
10:27:41.0812 0456 tosporte - ok
10:27:41.0875 0456 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
10:27:41.0875 0456 tosrfbd - ok
10:27:41.0906 0456 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
10:27:41.0906 0456 tosrfbnp - ok
10:27:41.0953 0456 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
10:27:41.0953 0456 Tosrfcom - ok
10:27:42.0031 0456 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
10:27:42.0031 0456 Tosrfhid - ok
10:27:42.0125 0456 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
10:27:42.0125 0456 tosrfnds - ok
10:27:42.0171 0456 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
10:27:42.0171 0456 Tosrfusb - ok
10:27:42.0218 0456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:27:42.0218 0456 Udfs - ok
10:27:42.0328 0456 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:27:42.0328 0456 ultra - ok
10:27:42.0437 0456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:27:42.0437 0456 Update - ok
10:27:42.0531 0456 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:27:42.0531 0456 USBAAPL - ok
10:27:42.0609 0456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:27:42.0625 0456 usbccgp - ok
10:27:42.0687 0456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:27:42.0687 0456 usbehci - ok
10:27:42.0703 0456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:27:42.0703 0456 usbhub - ok
10:27:42.0750 0456 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:27:42.0750 0456 usbprint - ok
10:27:42.0781 0456 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:27:42.0781 0456 usbscan - ok
10:27:42.0796 0456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:27:42.0796 0456 USBSTOR - ok
10:27:42.0875 0456 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:27:42.0875 0456 usbuhci - ok
10:27:42.0953 0456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:27:42.0953 0456 VgaSave - ok
10:27:43.0015 0456 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:27:43.0015 0456 viaagp - ok
10:27:43.0062 0456 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:27:43.0062 0456 ViaIde - ok
10:27:43.0125 0456 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:27:43.0125 0456 VolSnap - ok
10:27:43.0265 0456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:27:43.0281 0456 Wanarp - ok
10:27:43.0390 0456 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:27:43.0406 0456 Wdf01000 - ok
10:27:43.0437 0456 WDICA - ok
10:27:43.0562 0456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:27:43.0562 0456 wdmaud - ok
10:27:43.0671 0456 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:27:43.0687 0456 winachsf - ok
10:27:43.0843 0456 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:27:43.0843 0456 WmiAcpi - ok
10:27:43.0875 0456 xcpip - ok
10:27:43.0890 0456 xpsec - ok
10:27:43.0937 0456 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:27:44.0156 0456 \Device\Harddisk0\DR0 - ok
10:27:44.0156 0456 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR3
10:27:44.0171 0456 \Device\Harddisk1\DR3 - ok
10:27:44.0171 0456 Boot (0x1200) (8a249a573daa49d0c188971aa35de444) \Device\Harddisk0\DR0\Partition0
10:27:44.0171 0456 \Device\Harddisk0\DR0\Partition0 - ok
10:27:44.0187 0456 Boot (0x1200) (e5245cea7914a446c8db6c321bb0a7ee) \Device\Harddisk1\DR3\Partition0
10:27:44.0187 0456 \Device\Harddisk1\DR3\Partition0 - ok
10:27:44.0187 0456 ============================================================
10:27:44.0187 0456 Scan finished
10:27:44.0187 0456 ============================================================
10:27:44.0203 2588 Detected object count: 1
10:27:44.0203 2588 Actual detected object count: 1
10:28:10.0703 2588 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
10:28:11.0093 2588 Backup copy found, using it..
10:28:11.0093 2588 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
10:28:14.0515 2588 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
11:55:48.0750 3812 Deinitialize success

und hier noch der von ComboFix

Combofix Logfile:

Code:

ComboFix 12-02-11.01 - Julian Patras 12.02.2012  16:18:24.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2038.1618 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Julian Patras\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

c:\dokumente und einstellungen\Julian Patras\Anwendungsdaten\.#

c:\dokumente und einstellungen\Julian Patras\Anwendungsdaten\instplugin\toOLbar.dll

c:\dokumente und einstellungen\Julian Patras\WINDOWS

C:\install.exe

c:\programme\skype\skype.exe

c:\windows\$NtUninstallKB23092$

c:\windows\$NtUninstallKB23092$\2109613962\@

c:\windows\$NtUninstallKB23092$\2109613962\cfg.ini

c:\windows\$NtUninstallKB23092$\2109613962\Desktop.ini

c:\windows\$NtUninstallKB23092$\2109613962\L\pkbmgnwr

c:\windows\$NtUninstallKB23092$\2109613962\U\00000001.@

c:\windows\$NtUninstallKB23092$\2109613962\U\00000002.@

c:\windows\$NtUninstallKB23092$\2109613962\U\00000004.@

c:\windows\$NtUninstallKB23092$\2109613962\U\80000000.@

c:\windows\$NtUninstallKB23092$\2109613962\U\80000004.@

c:\windows\$NtUninstallKB23092$\2109613962\U\80000032.@

c:\windows\$NtUninstallKB23092$\2109613962\version

c:\windows\$NtUninstallKB23092$\3053870164

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\IsUn0407.exe

c:\windows\system\mfc42loc.dll

c:\windows\system32\CddbCdda.dll

.

Infizierte Kopie von c:\windows\system32\drivers\cdrom.sys wurde gefunden und desinfiziert 

Kopie von - The cat found it :) wurde wiederhergestellt 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AMSERVICE

-------\Service_AMService

-------\Service_xcpip

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-12 bis 2012-02-12  ))))))))))))))))))))))))))))))

.

.

2012-02-12 14:25 . 2008-04-13 18:40        62976        ----a-w-        c:\windows\system32\drivers\cdrom.sys

2012-02-11 10:57 . 2012-02-11 10:57        --------        d-----w-        C:\_OTL

2012-02-10 13:11 . 2012-02-10 13:11        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2012-02-10 13:11 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-10 13:04 . 2012-02-11 09:28        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-02-10 07:20 . 2012-02-10 07:20        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache

2012-02-10 06:48 . 2012-02-12 13:20        0        --sha-w-        c:\windows\system32\dds_trash_log.cmd

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-12 13:18 . 2004-08-13 11:40        138496        ----a-w-        c:\windows\system32\drivers\afd.sys

2012-02-10 15:13 . 2004-08-13 11:40        456320        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-11-25 21:57 . 2004-08-13 11:40        293888        ----a-w-        c:\windows\system32\winsrv.dll

2011-11-24 06:11 . 2011-06-26 07:52        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 14:40 . 2004-08-13 11:40        1859712        ----a-w-        c:\windows\system32\win32k.sys

2011-11-20 06:12 . 2004-08-13 11:40        61952        ----a-w-        c:\windows\system32\packager.exe

2011-11-16 14:21 . 2004-08-13 11:40        354816        ----a-w-        c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2004-08-13 11:40        152064        ----a-w-        c:\windows\system32\schannel.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\programme\Dell Support\DSAgnt.exe" [2006-08-28 395776]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ISUSPM"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\programme\Apoint\Apoint.exe" [2007-04-15 159744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]

"Dell QuickSet"="c:\programme\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]

"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"RoxioDragToDisc"="c:\programme\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PDVDDXSrv"="c:\programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"MBGroup"="c:\programme\AmisAVW\BSA\VPMSRun\dll.32\MBGroup.exe" [2001-09-12 57344]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"PCSuiteTrayApplication"="c:\programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

"Corel File Shell Monitor"="c:\programme\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]

"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]

"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]

"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-12 1122304]

"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Nokia.PCSync"="c:\programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

.

c:\dokumente und einstellungen\Julian Patras\Startmenü\Programme\Autostart\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programme\\UltraVNC\\vncviewer.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Allianz Leben\\AllianzProgramm\\azl\\ltech\\jre\\1.6.0\\bin\\javaw.exe"=

"c:\\Programme\\Allianz Leben\\AllianzProgramm\\azl\\ltech\\compass\\firebird\\bin\\fbserver.exe"=

"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Dokumente und Einstellungen\\Julian Patras\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

"3389:TCP"= 3389:TCP:Remote Desktop

"1433:TCP"= 1433:TCP:SQL 1433

"54925:UDP"= 54925:UDP:Brother Network Scanner

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [30.07.2007 15:59 38448]

R2 DCService.exe;DCService.exe;c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe [08.05.2010 12:48 229376]

R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [10.02.2012 14:11 652360]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [16.03.2011 20:18 63616]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.02.2012 14:11 20464]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [28.01.2010 08:59 135664]

S2 ISIS;Package Shell (ISIS);c:\windows\System32\Ruv_isis.exe -s --> c:\windows\System32\Ruv_isis.exe -s [?]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [16.03.2011 20:18 101504]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [16.03.2011 20:18 117504]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [28.01.2010 08:59 135664]

S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

W55U01

acrsch2svc

GV600_4

db2das00

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 11:34]

.

2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-28 07:59]

.

2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-28 07:59]

.

2010-07-13 c:\windows\Tasks\Install_NSS.job

- c:\programme\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=4070529

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download all with Free Download Manager - file://c:\programme\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\programme\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\programme\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\programme\Free Download Manager\dllink.htm

IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-15118789.sys

SafeBoot-96840506.sys

SafeBoot-97284274.sys

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programme\DivX\DivXCodecUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-02-12 16:40

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Micro Focus]

@Denied: (C D) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'explorer.exe'(2512)

c:\windows\system32\webcheck.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\programme\Intel\Wireless\Bin\EvtEng.exe

c:\programme\Intel\Wireless\Bin\S24EvMon.exe

c:\programme\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\System32\SCardSvr.exe

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Dell\QuickSet\NICCONFIGSVC.exe

c:\windows\system32\PSIService.exe

c:\programme\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\igfxsrvc.exe

c:\programme\Apoint\ApMsgFwd.exe

c:\programme\Apoint\HidFind.exe

c:\programme\Apoint\Apntex.exe

c:\programme\Brother\ControlCenter3\brccMCtl.exe

c:\programme\Intel\Wireless\Bin\Dot1XCfg.exe

c:\programme\iPod\bin\iPodService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-12  16:47:52 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-02-12 15:47

.

Vor Suchlauf: 22 Verzeichnis(se), 15.639.945.216 Bytes frei

Nach Suchlauf: 24 Verzeichnis(se), 16.609.722.368 Bytes frei

.

- - End Of File - - 48A3A9D3B394112EF9B2C7778128203E

--- --- ---

Achja noch was.

Beim öffnen vom IE, und beim Seiten wechsel bekomme ich nun immer die Meldung:
Sicherheitshinweis
Sie sind im Begriff sich Seiten über eine sichere Internetverbindung anzeigen zu lassen.
Keine der Informationen, die Sie mit dieser Seite austaschen, kann von anderen Personen im Web gesehen werden.

So das sollte es gewesen sein, danke schonmal für Deine Hilfe