Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mauszeiger (touchpad) ruckt und klicken geht nicht (https://www.trojaner-board.de/93092-mauszeiger-touchpad-ruckt-klicken-geht.html)

Aehndiehmähn 21.11.2010 21:58

Mauszeiger (touchpad) ruckt und klicken geht nicht
 
Hallo,

melde mich innerhalb kürzester Zeit mit einem weiteren Problem. Nutze auch ein Laptop von hp. Der Mauzeiger ruckelt (flackert) und wandert ständig nach links. Außerdem funktioniert das Klicken nicht - tippen auf das pad (muss ständig die Knöpfe benutzen). Der Mauszeiger friert ein und erst wenn ich doppel die Tabulator-taste drücke, reagiert der Mauszeiger wieder .... für ne rel. kurze zeit.
Ziemlich nervig, das Ganze. Wäre für Hilfe äußerst dankbar.

Gruß
Aehndiehmähn


Hier das log-file von MBAM
Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5164

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

21.11.2010 19:58:52
mbam-log-2010-11-21 (19-58-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162499
Laufzeit: 9 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0       
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und das von defogger

Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:04 on 21/11/2010 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=

... außerdem das von GMER

[code]
GMER Logfile:
Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-21 21:28:06
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.892C
Running: gmer.exe; Driver: C:\DOKUME~1\User\LOKALE~1\Temp\kglcrfod.sys


---- System - GMER 1.0.15 ----

SSDT            F8BC6876                                                          ZwCreateKey
SSDT            F8BC686C                                                          ZwCreateThread
SSDT            F8BC687B                                                          ZwDeleteKey
SSDT            F8BC6885                                                          ZwDeleteValueKey
SSDT            F8BC688A                                                          ZwLoadKey
SSDT            F8BC6858                                                          ZwOpenProcess
SSDT            F8BC685D                                                          ZwOpenThread
SSDT            F8BC6894                                                          ZwReplaceKey
SSDT            F8BC688F                                                          ZwRestoreKey
SSDT            F8BC6880                                                          ZwSetValueKey

---- User code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetSysColor      7E368E78 5 Bytes  JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetSysColorBrush  7E368EAB 5 Bytes  JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!SetScrollInfo    7E369056 7 Bytes  JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetScrollInfo    7E370DA2 7 Bytes  JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!ShowScrollBar    7E37F2B3 5 Bytes  JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetScrollPos      7E37F6C4 5 Bytes  JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!SetScrollPos      7E37F710 5 Bytes  JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetScrollRange    7E37F747 5 Bytes  JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!SetScrollRange    7E37F95B 5 Bytes  JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!EnableScrollBar  7E3B7DDD 7 Bytes  JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                            ino_fltr.sys (CA eTrust Antivirus/InoculateIT File System Filter Driver for Windows 2000/XP/2003/Computer Associates)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                            wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                            eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device          \FileSystem\Cdfs \Cdfs                                            DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

--- --- ---


... dnn noch das von otl:

[code]
GMER Logfile:
Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-21 21:28:06
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.892C
Running: gmer.exe; Driver: C:\DOKUME~1\User\LOKALE~1\Temp\kglcrfod.sys


---- System - GMER 1.0.15 ----

SSDT            F8BC6876                                                          ZwCreateKey
SSDT            F8BC686C                                                          ZwCreateThread
SSDT            F8BC687B                                                          ZwDeleteKey
SSDT            F8BC6885                                                          ZwDeleteValueKey
SSDT            F8BC688A                                                          ZwLoadKey
SSDT            F8BC6858                                                          ZwOpenProcess
SSDT            F8BC685D                                                          ZwOpenThread
SSDT            F8BC6894                                                          ZwReplaceKey
SSDT            F8BC688F                                                          ZwRestoreKey
SSDT            F8BC6880                                                          ZwSetValueKey

---- User code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetSysColor      7E368E78 5 Bytes  JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetSysColorBrush  7E368EAB 5 Bytes  JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!SetScrollInfo    7E369056 7 Bytes  JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetScrollInfo    7E370DA2 7 Bytes  JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!ShowScrollBar    7E37F2B3 5 Bytes  JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetScrollPos      7E37F6C4 5 Bytes  JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!SetScrollPos      7E37F710 5 Bytes  JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!GetScrollRange    7E37F747 5 Bytes  JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!SetScrollRange    7E37F95B 5 Bytes  JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe
.text          C:\WINDOWS\SMINST\Scheduler.exe[3288] USER32.dll!EnableScrollBar  7E3B7DDD 7 Bytes  JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                            ino_fltr.sys (CA eTrust Antivirus/InoculateIT File System Filter Driver for Windows 2000/XP/2003/Computer Associates)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                            wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                            eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device          \FileSystem\Cdfs \Cdfs                                            DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

--- --- ---


... jetzt noch OTL:

OTL Logfile:
Code:

OTL logfile created on: 21.11.2010 21:31:23 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Dokumente und Einstellungen\All Users\Desktop\MFtools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
503,00 Mb Total Physical Memory | 227,00 Mb Available Physical Memory | 45,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,45 Gb Total Space | 34,29 Gb Free Space | 70,78% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 0,58 Gb Free Space | 7,85% Space Free | Partition Type: NTFS
 
Computer Name: PC219294001211 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.21 19:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools\OTL.exe
PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.08.02 16:09:32 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.17 13:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LogMeInSystray.exe
PRC - [2006.10.12 03:10:54 | 000,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
PRC - [2006.02.15 16:43:16 | 000,892,928 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006.02.14 10:56:08 | 000,122,880 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\HPQ\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2005.12.23 12:44:26 | 000,491,606 | ---- | M] () -- C:\Programme\HPQ\Shared\HpqToaster.exe
PRC - [2005.12.18 17:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2005.08.31 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.06.22 11:02:32 | 000,614,400 | ---- | M] () -- C:\Programme\TCM\TCM COMBO SET\PS2USBKbdDrv.exe
PRC - [2005.05.20 09:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe
PRC - [2005.04.28 10:57:18 | 000,286,720 | ---- | M] () -- C:\Programme\TCM\TCM COMBO SET\MouseDrv.exe
PRC - [2004.06.25 23:17:44 | 000,504,080 | ---- | M] (Computer Associates International, Inc.) -- C:\Programme\CA\eTrust Antivirus\Realmon.exe
PRC - [2004.06.25 23:17:06 | 000,254,224 | ---- | M] (Computer Associates International, Inc.) -- C:\Programme\CA\eTrust Antivirus\InoTask.exe
PRC - [2004.06.25 23:16:54 | 000,241,936 | ---- | M] (Computer Associates International, Inc.) -- C:\Programme\CA\eTrust Antivirus\InoRT.exe
PRC - [2004.06.25 23:16:50 | 000,139,536 | ---- | M] (Computer Associates International, Inc.) -- C:\Programme\CA\eTrust Antivirus\InoRpc.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.21 19:30:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools\OTL.exe
MOD - [2006.08.25 16:46:44 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.02 16:09:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2007.05.25 14:21:48 | 000,112,200 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Programme\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2007.04.17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2005.12.18 17:26:54 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.10 23:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004.08.10 20:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)
SRV - [2004.06.25 23:17:06 | 000,254,224 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Programme\CA\eTrust Antivirus\InoTask.exe -- (InoTask)
SRV - [2004.06.25 23:16:54 | 000,241,936 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Programme\CA\eTrust Antivirus\InoRT.exe -- (InoRT)
SRV - [2004.06.25 23:16:50 | 000,139,536 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Programme\CA\eTrust Antivirus\InoRpc.exe -- (InoRPC)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2010.08.02 16:09:46 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.08.02 16:09:46 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.08.28 09:33:50 | 000,228,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.05.25 14:22:30 | 000,083,552 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007.04.17 13:00:32 | 000,012,992 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007.04.05 10:55:14 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2006.03.30 13:39:48 | 000,130,432 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2006.02.28 14:36:20 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006.02.09 02:00:04 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2006.02.09 02:00:04 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.01.30 02:00:04 | 001,120,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.01.19 14:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006.01.19 14:50:14 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.01.19 08:45:00 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005.09.19 13:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.09.19 13:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.09.19 13:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005.08.31 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.08.31 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.08.31 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.08.31 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.08.31 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.08.31 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.08.31 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.08.30 02:30:00 | 000,088,752 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005.08.25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.08.25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.08.12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005.01.07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.06.06 05:06:16 | 000,152,704 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2003.12.08 17:55:14 | 000,019,712 | R--- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2002.02.08 04:50:36 | 000,047,056 | ---- | M] (Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windsl.sys -- (WinDSLp)
DRV - [2002.02.08 04:50:36 | 000,047,056 | ---- | M] (Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windsl.sys -- (WinDSLa) WinDSL-Adapter  (PPP-over-Ethernet)
DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001.08.17 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
O1 HOSTS File: ([2004.08.04 09:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Realtime Monitor] C:\Programme\CA\eTrust Antivirus\Realmon.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [WinDSL MTU-Adjust] C:\WINDOWS\System32\WinDSL_MTU.exe (Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG)
O4 - HKLM..\Run: [WireLessKeyboard ] C:\Programme\TCM\TCM COMBO SET\PS2USBKbdDrv.exe ()
O4 - HKLM..\Run: [WireLessMouse ] C:\Programme\TCM\TCM COMBO SET\MouseDrv.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DVD Check.lnk = C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159792647250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.07.28 00:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.21 20:20:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Desktop\Gmer
[2010.11.21 20:16:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\User\IETldCache
[2010.11.21 20:13:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.11.21 19:47:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.11.21 19:46:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.11.21 19:34:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
[2010.11.21 19:32:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.21 19:32:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.21 19:32:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.21 19:32:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.11.21 19:28:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools
[2010.11.21 16:50:08 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010.11.21 16:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.11.21 16:37:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Avira
[2010.11.21 15:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.11.21 15:07:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.11.21 15:07:52 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.11.21 15:07:52 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.21 15:07:52 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.11.21 15:07:52 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.11.21 15:07:48 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.11.21 15:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.11.21 14:16:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010.11.21 14:16:17 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2010.11.21 14:16:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010.11.21 14:16:07 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2010.11.21 14:15:43 | 000,000,000 | ---D | C] -- C:\5372837de9a417bcca39ce86
[2010.11.21 14:12:42 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 6.0
[2010.11.21 11:34:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Opera
[2010.11.19 16:23:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.21 20:16:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.21 20:16:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.21 20:16:01 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.21 20:04:52 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2010.11.21 19:46:52 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\NTREGOPT.lnk
[2010.11.21 19:46:52 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\ERUNT.lnk
[2010.11.21 19:41:43 | 000,460,016 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.21 19:41:43 | 000,442,078 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.21 19:41:43 | 000,085,342 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.21 19:41:43 | 000,072,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.21 19:32:11 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 19:30:17 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\defogger.exe
[2010.11.21 19:30:13 | 000,288,107 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Gmer.zip
[2010.11.21 16:51:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.11.21 16:51:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.11.21 16:51:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.11.21 15:28:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.11.21 15:11:22 | 000,368,693 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Panther-a19027128.jpg
[2010.11.21 15:08:07 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.11.21 14:48:33 | 000,004,359 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.11.21 14:28:51 | 000,001,684 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Haufe ImmobilienVerwaltung.lnk
[2010.11.21 14:22:11 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.21 12:10:18 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Microsoft Office Word 2003.lnk
[2010.11.21 12:08:37 | 000,019,968 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\test.doc
[2010.11.21 11:34:28 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2010.11.08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\gmer.exe
 
========== Files Created - No Company Name ==========
 
[2010.11.21 20:04:52 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable
[2010.11.21 19:46:52 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\NTREGOPT.lnk
[2010.11.21 19:46:52 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\ERUNT.lnk
[2010.11.21 19:32:11 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 19:30:17 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\defogger.exe
[2010.11.21 19:30:12 | 000,288,107 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Gmer.zip
[2010.11.21 16:51:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010.11.21 16:51:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.11.21 16:20:31 | 527,880,192 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.21 15:11:22 | 000,368,693 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Panther-a19027128.jpg
[2010.11.21 15:08:07 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.11.21 14:28:51 | 000,001,684 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Haufe ImmobilienVerwaltung.lnk
[2010.11.21 12:08:37 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\test.doc
[2010.11.21 11:34:28 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2010.11.08 10:32:38 | 000,296,448 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\gmer.exe
[2007.08.31 06:13:33 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Pcbh32.INI
[2007.08.30 14:06:18 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2007.08.30 14:06:18 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2007.08.30 14:06:18 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL
[2007.08.30 14:06:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2007.08.30 14:06:17 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA100VC7.dll
[2007.08.30 14:06:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll
[2007.08.30 14:06:17 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2007.08.30 14:06:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\LxUtl10.dll
[2007.08.30 14:06:15 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\LxImport50VC7.dll
[2007.08.30 14:06:15 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\LxImport40VC7.dll
[2007.08.29 16:13:21 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.29 14:25:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\KMIET.INI
[2007.08.29 13:54:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\Xsearch.INI
[2007.08.29 13:54:52 | 000,000,040 | ---- | C] () -- C:\WINDOWS\rvg.INI
[2007.08.29 13:46:29 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SHISETUP.SYS
[2007.02.04 13:11:42 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.02.02 22:57:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\suecmdial.dll
[2006.10.02 13:31:11 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.10.02 11:44:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.10.02 11:44:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.10.02 11:44:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.10.02 11:44:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.10.02 11:44:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.10.02 11:44:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.10.02 11:43:28 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.10.02 11:43:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DSwitch.txt
[2006.10.02 11:43:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\AtStart.txt
[2006.10.02 11:43:27 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\QSwitch.txt
[2006.07.07 23:27:18 | 000,030,064 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.12.01 20:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.11.09 11:18:38 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2005.11.09 11:17:36 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2005.11.09 11:17:28 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2005.11.09 11:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005.11.09 11:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005.11.09 11:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2004.08.07 06:32:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.07 06:25:50 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.07 06:13:54 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.04 09:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.06.01 10:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2004.05.06 13:07:32 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\dnt26VC7.dll
[2004.05.06 13:05:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc26VC7.dll
[2004.05.06 13:04:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dntvm26VC7.dll
[2003.09.05 11:25:54 | 000,237,623 | ---- | C] () -- C:\WINDOWS\System32\dnt26.dll
[2003.09.05 11:25:52 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm26.dll
[2003.09.05 11:03:30 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc26.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.11.06 14:23:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter.dll
[2001.12.13 12:30:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SBSPAINT.DLL
[2001.10.28 16:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[1998.05.07 03:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2007.08.30 14:10:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2007.02.04 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ICQ Toolbar
[2007.09.03 22:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Kingston
[2007.02.04 21:48:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Opera
[2006.10.02 13:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\PDFCreator
[2006.10.02 20:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\SampleView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2007.02.05 00:06:17 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006.10.02 11:34:47 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004.08.04 09:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2010.11.21 20:16:01 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys
[2007.08.29 13:52:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.11.21 14:29:06 | 000,002,456 | ---- | M] () -- C:\IVInstall.log
[2007.08.29 13:52:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.08.04 09:00:00 | 000,047,564 | -HS- | M] () -- C:\NTDETECT.COM
[2004.08.04 09:00:00 | 000,251,184 | -HS- | M] () -- C:\NTLDR
[2010.11.21 20:16:00 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2004.08.07 06:13:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.07.06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004.06.01 13:55:56 | 000,061,952 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp35z.dll
[2007.05.25 14:22:18 | 000,030,784 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2007.04.09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008.07.06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2010.11.18 12:53:20 | 000,001,714 | -H-- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.08.07 08:01:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.08.07 08:01:00 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.08.07 08:01:00 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\system32\user32.dll /md5 >
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2004.08.04 09:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=D569240A22421D5F670BB6FB6DD522B5 -- C:\WINDOWS\system32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2004.08.04 09:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=B3ADA72D1E3E10A8F6430669DFC38ED0 -- C:\WINDOWS\system32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 09:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-21 19:14:25

< End of report >

--- --- ---


... schließlich noch extras.txt

OTL Logfile:
Code:

OTL Extras logfile created on: 21.11.2010 21:31:23 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Dokumente und Einstellungen\All Users\Desktop\MFtools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
503,00 Mb Total Physical Memory | 227,00 Mb Available Physical Memory | 45,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,45 Gb Total Space | 34,29 Gb Free Space | 70,78% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 0,58 Gb Free Space | 7,85% Space Free | Partition Type: NTFS
 
Computer Name: PC219294001211 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler  -- ()
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 H1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{418EF145-944B-4EBC-A755-9F15AEDFB08B}" = Print Server Support
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = TIPCI
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}" = TCM Combo Set
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{7423FE19-2218-499B-A90F-CA6A126B93AD}_is1" = ImmobilienVerwaltung 2011 (11.0.0.0)
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8C17851D-8495-4827-8E9A-52722E2EEE7B}" = Lexware Dao 350 Dao 360
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 C3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97D125ED-AD7E-42FB-A1C1-6779BBD62F55}" = WinFam 5.7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}" = HP Notebook Accessories Product Tour
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe  1.4.62.1
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 E1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC55BD24-C1A6-4397-8EA3-2F30E74BDA2B}" = CA eTrust Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB0781F5-06D2-49BB-87B5-00F3B834FC3B}" = HP User Guides 0015
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F49F760A-05DD-4424-BE2B-E084B9FDA9C0}" = Lexware buchhalter 2006
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"7-Zip" = 7-Zip 4.65
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Deubner Verlag GmbH & Co. KG CD-ROM Praxishandbuch Famil 4.5" = Deubner Verlag GmbH & Co. KG CD-ROM Praxishandbuch Famil 4.5
"ERUNT_is1" = ERUNT 1.1j
"HaufeReader" = HaufeReader
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}" = TCM Combo Set
"IWW RVG" = IWW - RVG professionell
"KHB_BH_M" = Lexware know how buchhaltung mini
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NetCologne NetDSL" = NetCologne NetDSL-Installationsdateien entfernen
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VERLAG C_H_ BECK PROZESSFORMULARBUCH 1_0" = Verlag C.H. Beck Prozessformularbuch 1.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BRAGO" = CD-ROM BRAGO
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.03.2010 07:06:37 | Computer Name = PC219294001211 | Source = ESENT | ID = 623
Description = Catalog Database (1308) Der Versionsspeicher für Instanz 0 hat seine
 maximale Größe von 16 MB erreicht. Wahrscheinlich verhindert eine lange andauernde
 Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn. Aktualisierungen
 werden zurückgewiesen, bis für die betreffende Transaktion ein vollständiger Commit-
 oder Rollbackvorgang durchgeführt wurde.    Mögliche lange andauernde Transaktion:    Sitzungs-ID:
 0x02A203C0    Sitzungskontext: 0x00000000    Thread-ID des Sitzungskontextes: 0x00000574
 
Error - 18.11.2010 08:15:28 | Computer Name = PC219294001211 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 9.10.8679.0, fehlgeschlagenes
 Modul opera.dll, Version 9.10.8679.0, Fehleradresse 0x00007080.
 
Error - 18.11.2010 08:16:21 | Computer Name = PC219294001211 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 9.10.8679.0, fehlgeschlagenes
 Modul opera.dll, Version 9.10.8679.0, Fehleradresse 0x00007080.
 
Error - 18.11.2010 08:48:46 | Computer Name = PC219294001211 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 9.10.8679.0, fehlgeschlagenes
 Modul opera.dll, Version 9.10.8679.0, Fehleradresse 0x00007080.
 
Error - 18.11.2010 12:49:41 | Computer Name = PC219294001211 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 9.10.8679.0, fehlgeschlagenes
 Modul opera.dll, Version 9.10.8679.0, Fehleradresse 0x00007080.
 
Error - 19.11.2010 06:18:41 | Computer Name = PC219294001211 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 9.10.8679.0, fehlgeschlagenes
 Modul opera.dll, Version 9.10.8679.0, Fehleradresse 0x00007080.
 
Error - 19.11.2010 06:31:45 | Computer Name = PC219294001211 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 9.10.8679.0, fehlgeschlagenes
 Modul opera.dll, Version 9.10.8679.0, Fehleradresse 0x00007080.
 
Error - 21.11.2010 06:31:28 | Computer Name = PC219294001211 | Source = MsiInstaller | ID = 11321
Description = Product: Opera 10.63 -- Error 1321.The Installer has insufficient
privileges to modify the file C:\Programme\Opera\opera.exe.
 
Error - 21.11.2010 06:31:38 | Computer Name = PC219294001211 | Source = MsiInstaller | ID = 11321
Description = Product: Opera 10.63 -- Error 1321.The Installer has insufficient
privileges to modify the file C:\Programme\Opera\opera.dll.
 
Error - 21.11.2010 07:07:11 | Computer Name = PC219294001211 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 21.11.2010 11:17:52 | Computer Name = PC219294001211 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  AFD  avgio  avipbb  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  ssmdrv  Tcpip
 
Error - 21.11.2010 11:19:48 | Computer Name = PC219294001211 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 21.11.2010 14:35:07 | Computer Name = PC219294001211 | Source = Service Control Manager | ID = 7034
Description = Dienst "eTrust Antivirus-Echtzeitserver" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 21.11.2010 14:35:07 | Computer Name = PC219294001211 | Source = Service Control Manager | ID = 7034
Description = Dienst "eTrust Antivirus-Jobserver" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 21.11.2010 14:35:07 | Computer Name = PC219294001211 | Source = Service Control Manager | ID = 7034
Description = Dienst "eTrust Antivirus-RPC-Server" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 21.11.2010 14:35:07 | Computer Name = PC219294001211 | Source = Service Control Manager | ID = 7034
Description = Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
Error - 21.11.2010 14:35:07 | Computer Name = PC219294001211 | Source = Service Control Manager | ID = 7034
Description = Dienst "LogMeIn Maintenance Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 21.11.2010 14:35:08 | Computer Name = PC219294001211 | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
 
Error - 21.11.2010 14:35:08 | Computer Name = PC219294001211 | Source = Service Control Manager | ID = 7034
Description = Dienst "LogMeIn" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
 
Error - 21.11.2010 14:35:08 | Computer Name = PC219294001211 | Source = Service Control Manager | ID = 7034
Description = Dienst "hpqwmiex" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
 
< End of report >

--- --- ---

Gruß
Aehndiehmähn

cosinus 22.11.2010 12:18

Teste erstmal, ob das Problem unabhängig vom Touchpad ist. Hast du das auch wenn eine (USB-)Maus verwendet wird?

Aehndiehmähn 22.11.2010 15:47

Werde ich machen .... muss aber erst mal eine auftreiben :dummguck: - ich würde mich dann wieder melden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131