Trojaner GOZI - Logfiles div. Checks überprüfen (mein PC) Hallo nochmal,
nachdem jetzt in meinem anderen Beitrag durch "nochdigger" mein Arbeitsplatz-PC Firma durchgecheckt wurde und nicht 100%ig geklärt werden konnte, ob der Rechner befallen war, möchte ich jetzt gern meinen eigenen Rechner einer Prüfung durch euch unterziehen.
als erstes die sog. OTL.txt Code:
OTL logfile created on: 24.11.2010 19:11:00 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Downloads\Treiber\Anti-Viren
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 720,00 Mb Available Physical Memory | 70,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,78 Gb Total Space | 70,42 Gb Free Space | 62,99% Space Free | Partition Type: NTFS
Drive D: | 93,16 Gb Total Space | 58,23 Gb Free Space | 62,50% Space Free | Partition Type: NTFS
Drive E: | 7,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: VOICE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\Downloads\Treiber\Anti-Viren\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6-neu\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
========== Modules (SafeList) ==========
MOD - D:\Downloads\Treiber\Anti-Viren\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Emsisoft Anti-Malware\a2hooks32.dll (Emsi Software GmbH)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation)
MOD - C:\Programme\RocketDock\RocketDock.dll ()
========== Win32 Services (SafeList) ==========
SRV - (seclogon) -- C:\WINDOWS\System32\seclogon.dll File not found
SRV - (ERSvc) -- C:\WINDOWS\System32\ersvc.dll File not found
SRV - (CiSvc) -- C:\WINDOWS\System32\cisvc.exe File not found
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6-neu\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (NMSSvc) Intel(R) -- C:\WINDOWS\system32\NMSSvc.Exe (Intel Corporation)
========== Driver Services (SafeList) ==========
DRV - (cpuz132) -- C:\DOKUME~1\ADMINI~1.VOI\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\DOKUME~1\ADMINI~1.VOI\LOKALE~1\Temp\catchme.sys File not found
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (xnacc) -- C:\WINDOWS\system32\drivers\xnacc.sys (Microsoft Corporation)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (NMSCFG) -- C:\WINDOWS\system32\drivers\NMSCFG.SYS (Intel Corporation)
DRV - (NtApm) -- C:\WINDOWS\system32\drivers\NtApm.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 60 C1 9C 43 65 CA 01 [binary data]
IE - HKU\S-1-5-21-1644491937-113007714-1060284298-500\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1644491937-113007714-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: trackmenot@mrl.nyu.edu:0.6.721
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6-neu\lib\deploy\jqs\ff [2010.01.04 22:09:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.09.05 10:40:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.03 18:16:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.03 18:16:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.09.05 10:40:39 | 000,000,000 | ---D | M]
[2010.10.17 19:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Extensions
[2010.10.17 19:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\sm8mras3.default\extensions
[2010.11.24 18:28:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\w4gxt9ki.default\extensions
[2010.04.28 18:58:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\w4gxt9ki.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.17 19:13:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\w4gxt9ki.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010.11.03 17:53:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\w4gxt9ki.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.11 17:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\w4gxt9ki.default\extensions\DTToolbar@toolbarnet.com
[2009.04.10 18:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\w4gxt9ki.default\extensions\moveplayer@movenetworks.com
[2010.03.24 11:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\w4gxt9ki.default\extensions\trackmenot@mrl.nyu.edu
[2010.04.28 18:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\w4gxt9ki.default\extensions\youtube2mp3@mondayx.de
[2010.04.11 17:35:55 | 000,002,059 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla\Firefox\Profiles\w4gxt9ki.default\searchplugins\daemon-search.xml
[2010.11.21 19:42:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2007.03.10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.09.24 18:24:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.24 18:24:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.24 18:24:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.24 18:24:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.24 18:24:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2001.08.18 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6-neu\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6-neu\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1644491937-113007714-1060284298-500..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1644491937-113007714-1060284298-500..\Run: [Servtab] C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Pnpnew\grabus.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: FoFileAssociate = 0
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 1
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.100.40.1 212.100.32.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator.VOICE\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator.VOICE\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.17 23:12:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.01.11 06:29:34 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c0db21e0-b5f1-11df-b096-00040ec1bb64}\Shell - "" = Autorun
O33 - MountPoints2\{c0db21e0-b5f1-11df-b096-00040ec1bb64}\Shell\AutoRun\command - "" = H:\Install_Nokia_Ovi_Suite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: extrad32 - (C:\WINDOWS\system32\clipqsvc.dll) - C:\WINDOWS\System32\clipqsvc.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {027C9BDB-DB14-0208-4C7E-C554615B62E4} - Outlook Express
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Reg Error: Value error.
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {26923b43-4d38-484f-9b9e-de460746276c} -
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {41718F19-1A42-08A7-30D4-DDAC88F3D355} - Vektorgrafik-Rendering (VML)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CAC47D8C-A637-56C9-43BE-213D68F93CED} - Browseranpassungen
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5319626233741312)
========== Files/Folders - Created Within 30 Days ==========
[2010.11.24 19:08:03 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Recent
[2010.11.24 19:07:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Pnpnew
[2010.11.24 18:41:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Malwarebytes
[2010.11.24 18:40:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.24 18:40:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.24 18:40:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.24 18:40:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes
[2010.11.13 14:50:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\skypePM
[2010.11.13 14:48:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.11.13 14:48:17 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.11.13 14:48:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Skype
[2010.11.13 14:48:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Skype
[2010.11.12 20:34:18 | 000,020,328 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\cpuz134_x32.sys
[2010.11.11 20:23:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Lokale Einstellungen\Anwendungsdaten\GaHero
[2010.11.09 21:07:26 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010.11.09 21:07:23 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010.11.09 21:07:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010.11.09 21:07:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010.11.09 21:07:21 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010.11.09 21:07:19 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010.11.09 21:07:17 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010.11.09 21:07:15 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010.11.09 21:07:13 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010.11.09 21:07:04 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010.11.09 21:07:04 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010.11.09 21:06:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010.11.09 21:06:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010.11.09 21:06:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010.11.09 21:06:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010.11.09 21:06:45 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010.11.09 21:06:45 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010.11.09 21:06:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010.11.09 21:06:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010.11.09 21:06:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010.11.09 21:06:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010.11.09 18:56:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Eigene Dateien\Turbo Lister Backup
[2010.11.09 17:31:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Eigene Dateien\Turbo Lister
[2010.11.04 12:40:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Eigene Dateien\gothic3
[2010.11.03 20:16:09 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010.11.03 20:13:15 | 000,000,000 | ---D | C] -- C:\Programme\Sandboxie
[2010.11.03 17:48:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SimFiles
[2010.11.03 13:56:56 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware
[2010.11.03 13:56:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Eigene Dateien\Anti-Malware
[2010.10.26 18:38:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ATI
[2010.10.26 18:38:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\ATI
[2010.10.26 18:38:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Lokale Einstellungen\Anwendungsdaten\ATI
[2010.10.25 21:34:27 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.10.25 21:27:46 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.10.25 21:27:00 | 000,000,000 | ---D | C] -- C:\ATI
[2009.11.02 19:35:55 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.11.24 19:09:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.24 19:09:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.24 18:47:49 | 000,000,641 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\OTL.exe.lnk
[2010.11.24 18:40:57 | 000,000,688 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.24 18:20:51 | 000,495,380 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.24 18:20:51 | 000,470,290 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.24 18:20:51 | 000,103,328 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.24 18:20:51 | 000,085,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.24 13:12:52 | 000,000,310 | -HS- | M] () -- C:\boot.ini
[2010.11.21 15:45:28 | 000,000,198 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Eigene Dateien\playlist.m3u
[2010.11.20 19:36:21 | 000,000,433 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010.11.17 20:08:17 | 014,109,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\Bauplan Bollerwagen.pdf
[2010.11.17 19:53:20 | 000,066,091 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\Rad-Achse_Explosion_x.jpg
[2010.11.13 14:50:18 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.11 20:10:00 | 000,000,703 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\Gametool.exe.lnk
[2010.11.09 17:53:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.11.09 17:53:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.11.04 12:39:02 | 000,001,798 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010.11.04 12:31:08 | 002,176,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\CP_1_7x_Handbuch.pdf
[2010.11.04 12:22:40 | 000,000,768 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Gothic3.lnk
[2010.11.03 19:57:19 | 000,000,623 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\aklogNT+.exe.lnk
[2010.11.03 13:57:22 | 000,000,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Emsisoft Anti-Malware.lnk
[2010.10.31 20:11:56 | 001,757,218 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\CIMG0863.JPG
[2010.10.26 18:36:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.11.24 18:47:49 | 000,000,641 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\OTL.exe.lnk
[2010.11.24 18:40:57 | 000,000,688 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 20:09:30 | 001,757,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\CIMG0863.JPG
[2010.11.21 15:45:28 | 000,000,198 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Eigene Dateien\playlist.m3u
[2010.11.17 20:08:15 | 014,109,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\Bauplan Bollerwagen.pdf
[2010.11.17 19:53:19 | 000,066,091 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\Rad-Achse_Explosion_x.jpg
[2010.11.13 14:50:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.11 20:09:59 | 000,000,703 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\Gametool.exe.lnk
[2010.11.09 17:53:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.11.09 17:53:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.11.04 12:31:06 | 002,176,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\CP_1_7x_Handbuch.pdf
[2010.11.04 12:22:40 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Gothic3.lnk
[2010.11.03 20:14:12 | 000,001,798 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010.11.03 19:57:19 | 000,000,623 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Desktop\aklogNT+.exe.lnk
[2010.11.03 13:57:22 | 000,000,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Emsisoft Anti-Malware.lnk
[2010.10.26 18:36:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.10.25 21:41:59 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010.10.25 18:28:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.08.05 19:03:28 | 000,000,059 | ---- | C] () -- C:\WINDOWS\searchlogic.INI
[2010.08.05 19:03:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\s2oemr15.INI
[2010.05.30 12:13:45 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.05.03 19:49:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\zlib1.dll
[2010.05.03 19:49:25 | 003,817,472 | ---- | C] () -- C:\WINDOWS\SketchUpReader.dll
[2010.03.06 13:41:32 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2010.03.02 19:58:18 | 008,892,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\atscie.msi
[2010.02.25 11:52:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini
[2010.02.24 16:31:20 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.02.24 09:46:30 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.23 15:58:49 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.01.04 21:36:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI
[2009.12.31 14:09:05 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.12.31 14:09:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.12.31 14:09:02 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.12.31 14:09:02 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.12.31 14:09:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.12.31 14:08:57 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.12.20 13:22:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2009.12.20 13:22:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2009.12.20 13:22:13 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2009.11.10 12:16:13 | 000,000,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.11.02 19:41:30 | 000,000,433 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009.11.02 19:36:22 | 000,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009.11.02 19:35:55 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2009.11.02 19:35:55 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2009.11.02 19:35:55 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2009.11.02 19:35:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.11.02 18:44:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.10.26 13:18:44 | 000,177,976 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.07.25 12:43:57 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\fusioncache.dat
[2009.07.23 22:01:45 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\$_hpcst$.hpc
[2009.01.02 17:29:52 | 000,000,017 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\sys386lk.dat
[2009.01.02 17:14:59 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\hhxprot4
[2008.10.21 21:57:53 | 000,016,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002.02.06 08:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002.01.21 14:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
========== LOP Check ==========
[2009.01.02 17:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\10-Sekunden-Haushaltsbuch
[2009.09.11 21:00:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\ApplicationHistory
[2010.02.24 17:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Autodesk
[2009.07.25 12:43:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\BreakSoft
[2010.10.17 19:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Deployment
[2009.07.16 18:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Downloaded Installations
[2010.01.13 23:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\elsterformular
[2010.06.28 19:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Enplase
[2008.10.24 16:59:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Eraser
[2009.08.28 22:46:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\eSupport.com
[2009.02.22 20:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\gotomaxx
[2010.08.29 11:55:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\gtk-2.0
[2010.02.22 14:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Haufe
[2010.10.24 12:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Hettich
[2010.10.17 19:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Lexware
[2009.10.26 11:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Linksys_LLC_-_A_Division_
[2010.02.24 13:25:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mp3tag
[2010.09.01 21:02:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Nokia
[2010.09.01 21:02:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Nokia Ovi Suite
[2008.11.05 22:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\OpenOffice.org
[2010.09.01 19:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\PC Suite
[2010.10.17 19:03:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\pdfforge
[2010.11.24 19:07:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Pnpnew
[2009.11.11 20:19:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Search Settings
[2009.04.13 16:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\SharePod
[2010.10.17 19:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Softonic_Deutsch
[2009.01.02 15:56:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Subsembly
[2010.01.05 22:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\TuneUp Software
[2009.10.26 15:41:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Uniblue
[2010.10.17 19:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2009.02.22 20:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gotomaxx
[2010.10.17 19:03:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Autodesk
[2010.10.17 19:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\BTrieve
[2010.01.13 23:39:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\elsterformular
[2010.10.24 12:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Hettich
[2010.02.22 10:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Lexware
[2010.09.01 19:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Nokia
[2010.09.05 10:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\NokiaInstallerCache
[2010.09.01 19:01:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\OviInstallerCache
[2010.09.01 19:12:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PC Suite
[2010.10.17 19:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Schreinertools
[2010.01.05 22:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TuneUp Software
[2010.07.03 12:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.01.05 22:23:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.01.05 22:12:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.01.02 17:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\10-Sekunden-Haushaltsbuch
[2010.10.17 19:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Adobe
[2010.10.17 19:03:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Ahead
[2010.10.17 19:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Apple
[2010.10.17 19:03:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Apple Computer
[2009.09.11 21:00:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\ApplicationHistory
[2010.10.26 18:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\ATI
[2010.10.17 19:03:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\atitray
[2010.02.24 17:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Autodesk
[2009.07.25 12:43:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\BreakSoft
[2010.10.17 19:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Dell
[2010.10.17 19:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Deployment
[2009.07.16 18:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Downloaded Installations
[2010.10.17 19:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\dvdcss
[2010.01.13 23:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\elsterformular
[2010.06.28 19:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Enplase
[2008.10.24 16:59:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Eraser
[2009.08.28 22:46:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\eSupport.com
[2009.03.08 15:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Google
[2009.02.22 20:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\gotomaxx
[2010.08.29 11:55:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\gtk-2.0
[2010.02.22 14:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Haufe
[2010.10.17 19:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Help
[2010.10.24 12:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Hettich
[2010.10.17 19:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\InstallShield
[2009.11.02 22:13:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Intel
[2010.10.17 19:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Lexware
[2009.10.26 11:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Linksys_LLC_-_A_Division_
[2008.12.14 15:11:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Logitech
[2009.11.02 19:58:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Macromedia
[2010.11.24 18:41:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Malwarebytes
[2009.12.31 14:50:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Media Player Classic
[2010.10.24 13:12:19 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Microsoft
[2010.10.17 19:03:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Move Networks
[2010.10.17 19:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mozilla
[2010.02.24 13:25:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Mp3tag
[2010.09.01 21:02:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Nokia
[2010.09.01 21:02:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Nokia Ovi Suite
[2008.11.05 22:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\OpenOffice.org
[2010.09.01 19:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\PC Suite
[2010.10.17 19:03:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\pdfforge
[2010.11.24 19:07:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Pnpnew
[2009.11.11 20:19:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Search Settings
[2009.04.13 16:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\SharePod
[2010.11.17 21:04:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Skype
[2010.11.17 20:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\skypePM
[2010.10.17 19:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Softonic_Deutsch
[2009.02.05 20:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Sony Ericsson
[2009.01.02 15:56:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Subsembly
[2008.12.05 20:10:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Sun
[2010.10.17 19:03:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\SUPERAntiSpyware.com
[2010.01.05 22:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\TuneUp Software
[2009.10.26 15:41:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Uniblue
[2009.06.26 09:08:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\vlc
[2010.05.08 12:15:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Winamp
< %APPDATA%\*.exe /s >
[2009.08.28 22:46:54 | 000,431,800 | ---- | M] (Copyright © 2009 Phoenix Technologies LTD. All Rights Reserved.) -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\eSupport.com\biosagentplus_40.exe
[2009.08.22 14:55:26 | 000,429,752 | ---- | M] (Copyright © 2009 Phoenix Technologies LTD. All Rights Reserved.) -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\eSupport.com\driveragent_496.exe
[2010.01.15 15:47:55 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
[2010.01.15 15:47:55 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
[2010.01.15 15:47:55 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
[2010.01.15 15:47:55 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
[2010.10.24 12:44:00 | 000,003,584 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2008.10.19 16:36:40 | 000,004,710 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Microsoft\Installer\{560E96B3-356D-4572-9FE3-B44F9AB92622}\_18be6784.exe
[2008.10.19 16:36:40 | 000,004,710 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Microsoft\Installer\{560E96B3-356D-4572-9FE3-B44F9AB92622}\_294823.exe
[2010.09.03 11:36:31 | 068,725,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
[2010.01.23 15:05:00 | 000,583,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\xpdfimport.exe
[2010.11.24 19:07:22 | 000,264,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator.VOICE\Anwendungsdaten\Pnpnew\grabus.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2010.09.30 18:15:01 | 009,081,075 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.09.30 18:15:51 | 018,417,250 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.09.30 18:16:16 | 018,417,250 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\i386\AGP440.SYS
< MD5 for: ATAPI.SYS >
[2010.09.30 18:15:01 | 009,081,075 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.09.30 18:15:51 | 018,417,250 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.09.30 18:16:16 | 018,417,250 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.04.17 14:55:01 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=7BB42E38DACFF3EAE048EB5084E838AE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2001.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.24 16:31:22 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009.11.02 19:40:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.11.02 19:40:51 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.11.02 19:40:51 | 000,348,160 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.11 05:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report > dann die EXTRA.txt: Code:
OTL Extras logfile created on: 24.11.2010 19:11:00 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Downloads\Treiber\Anti-Viren
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 720,00 Mb Available Physical Memory | 70,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,78 Gb Total Space | 70,42 Gb Free Space | 62,99% Space Free | Partition Type: NTFS
Drive D: | 93,16 Gb Total Space | 58,23 Gb Free Space | 62,50% Space Free | Partition Type: NTFS
Drive E: | 7,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: VOICE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = SelectionCADScriptFile] -- "%windir%\system32\notepad.exe" "%1"
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"21:TCP" = 21:TCP:*:Disabled:AutoCAD
"1422:TCP" = 1422:TCP:*:Disabled:AutoCAD II
"2064:TCP" = 2064:TCP:*:Disabled:AutoCAD III
"2080:TCP" = 2080:TCP:*:Disabled:AutoCAD IV
"27000:TCP" = 27000:TCP:*:Disabled:AutoCAD V
"27001:TCP" = 27001:TCP:*:Disabled:AutoCAD VI
"27002:TCP" = 27002:TCP:*:Disabled:AutoCAD VII
"27003:TCP" = 27003:TCP:*:Disabled:acad
"27004:TCP" = 27004:TCP:*:Disabled:AutoCAD VIII
"27005:TCP" = 27005:TCP:*:Disabled:acad ii
"27006:TCP" = 27006:TCP:*:Disabled:acad iii
"27007:TCP" = 27007:TCP:*:Disabled:acad iv
"27008:TCP" = 27008:TCP:*:Disabled:acad v
"27009:TCP" = 27009:TCP:*:Disabled:acad vi
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Java\jre6-neu\launch4j-tmp\aTunes.exe" = C:\Programme\Java\jre6-neu\launch4j-tmp\aTunes.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F59927-CFBE-44D1-8417-7203AD4F1795}" = Gothic 3
"{1F041529-9D46-4EC7-8B0D-3C1F05AFF502}" = PYTHA 18.05 Upgrade
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{280ED870-1DF3-4574-A679-E2C4A8163249}_is1" = Registry System Wizard
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2E1A82A9-4E2E-49A1-9499-F65DDBBE2BE3}" = PYTHA 18.0
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{57DC8980-73DA-481E-AFD4-5E2D44B7F1AD}" = StuffIt Expander 2009
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{72171B59-EA86-4966-B87F-A60B9B17B67C}" = Selection CAD 2008
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2274248-9536-B9E2-0886-84BF1F292219}" = ATI Catalyst Install Manager
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Anti-Twin 2010-02-26 22.20.22" = Anti-Twin (Installation 26.02.2010)
"ATI Display Driver" = ATI Display Driver
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CHIP Powertool_is1" = CHIP Powertool 1.3.3
"Defraggler" = Defraggler
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DXF Export for SketchUp_is1" = DXF Export for SketchUp
"ElsterFormular 11.0.0 11.0.0.***unknown variable buildnummer***" = ElsterFormular 11.0.0
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"Lexmark X1100 Series" = Lexmark X1100 Series
"LTplus SketchUP Plugin 7.1" = LTplus SketchUP Plugin 7.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiRes (remove only)" = MultiRes (remove only)
"NAVIGON Fresh" = NAVIGON Fresh 2.0.2
"Nero - Burning Rom!UninstallKey" = Nero 6
"Nokia Ovi Suite" = Nokia Ovi Suite
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RocketDock_is1" = RocketDock 1.3.5
"Sandboxie" = Sandboxie 3.50
"Schreinertools_is1" = Schreinertools Version 2
"Selection CAD 2008" = Selection CAD 2008
"Selection CAD 2008 SP1" = Selection CAD 2008 SP1
"Tunatic" = Tunatic
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Winamp5MLImpex" = Winamp 5 Media Liabrary Import/Export (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"xp-AntiSpy" = xp-AntiSpy 3.94-1
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1644491937-113007714-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report > und zu guter letzt der Malwarebytes - Report : Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5184
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24.11.2010 21:56:53
mbam-log-2010-11-24 (21-56-53).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 302052
Laufzeit: 1 Stunde(n), 56 Minute(n), 14 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\Programme\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Programme\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Programme\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1604E913-6A48-4CE8-9EA7-5E2F5FA2CFA9}\RP200\A0035016.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1604E913-6A48-4CE8-9EA7-5E2F5FA2CFA9}\RP207\A0041070.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1604E913-6A48-4CE8-9EA7-5E2F5FA2CFA9}\RP225\A0059372.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA640BCC-7D68-47CD-A92C-EF1F1DAC0053}\RP51\A0010554.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA640BCC-7D68-47CD-A92C-EF1F1DAC0053}\RP88\A0020472.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA640BCC-7D68-47CD-A92C-EF1F1DAC0053}\RP18\A0003512.exe (Malware.Packer.T) -> Quarantined and deleted successfully. Ich bedanke mich auch hierbei wieder im voraus bei Euch :dankeschoen: |