Ohje, hatte gehofft, dass es nicht so schlimm ist, aber wenn du nach Onlinebanking und Einkaufen fragst...
Zum Glück schon seit einer Weile nix mehr in die Richtung getan, und seit die Probleme angefangen erst recht nicht, aber da geht einem doch die Pumpe...
Die Ergebnisse:
Extras.txt:OTL Logfile: Code:
OTL Extras logfile created on: 10.12.2010 17:24:07 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.xxxy
1.014,00 Mb Total Physical Memory | 256,00 Mb Available Physical Memory | 25,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,04 Gb Total Space | 18,80 Gb Free Space | 55,21% Space Free | Partition Type: NTFS
Drive D: | 109,00 Gb Total Space | 95,77 Gb Free Space | 87,86% Space Free | Partition Type: NTFS
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-2560240064-2219650222-18370757-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\ChemDraw.exe" = C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\ChemDraw.exe:*:Disabled:ChemBioDraw Ultra 12.0 -- (CambridgeSoft Corp.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\DOKUME~1\xxx\LOKALE~1\Temp\0.7884625415619709.exe" = C:\DOKUME~1\xxx\LOKALE~1\Temp\0.7884625415619709.exe:*:Enabled:ldrsoft -- File not found
"C:\DOKUME~1\xxx\LOKALE~1\Temp\9955054.exe" = C:\DOKUME~1\xxx\LOKALE~1\Temp\9955054.exe:*:Enabled:ldrsoft -- File not found
"C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mssend2\svcnost.exe" = C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mssend2\svcnost.exe:*:Enabled:ldrsoft -- ()
"C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\download2\svcnost.exe" = C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\download2\svcnost.exe:*:Enabled:ldrsoft -- File not found
"C:\Programme\Mozilla Firefox\0.15652874646033776.exe" = C:\Programme\Mozilla Firefox\0.15652874646033776.exe:*:Enabled:ldrsoft -- File not found
"C:\DOKUME~1\xxx\LOKALE~1\Temp\0.8435851736456164.exe" = C:\DOKUME~1\xxx\LOKALE~1\Temp\0.8435851736456164.exe:*:Enabled:ldrsoft -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7498D9-9EF2-4F97-A5DF-755FE0264A8B}" = Brother HL-2030
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50E21B3A-FF06-412D-879B-DEA30815736E}" = OpenOffice.org 2.4
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{BDA1DA40-0234-1000-8123-00E081205B98}" = Bruker Compass DataAnalysis 4.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{E990C0BD-E3BC-47F1-B124-4F33D81B0BC3}" = Ultima2000 e+
"{EE246B64-54FC-42A6-8384-B61546B0C7F8}" = Steganos Safe Home 2007
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"CurveExpert 1.3" = CurveExpert 1.3
"FLV Player" = FLV Player 2.0 (build 25)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Herlitz Druckstudio (Programm)" = Herlitz Druckstudio (Programm)
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"JASCO-BORWIN" = JASCO-BORWIN
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"MDL ISIS Draw 2.5 Standalone" = MDL ISIS Draw 2.5 Standalone
"MestReNova LITE" = MestReNova LITE 5.2.5-4731
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"Scriptdoc" = Windows Script V5.6 Documentation
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows
"SpinWorks" = SpinWorks
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp (nur entfernen)
"WinRAR archiver" = WinRAR
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.12.2010 04:03:04 | Computer Name = xxx | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application paintdotnet.exe, version 3.56.3972.42626, stamp
4ce38705, faulting module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7,
debug? 0, fault address 0x00097dda.
Error - 09.12.2010 05:06:55 | Computer Name = xxx | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.
Error - 09.12.2010 06:47:11 | Computer Name = xxx | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.6402.0, P3 1.95.1449.0, P4 1.95.1449.0, P5 virtool_win32_obfuscator.c, P6
NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 09.12.2010 06:54:36 | Computer Name = xxx | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.6402.0, P3 1.95.1449.0, P4 1.95.1449.0, P5 virtool_win32_obfuscator.c, P6
NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 09.12.2010 06:55:02 | Computer Name = xxx | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.6402.0, P3 1.95.1449.0, P4 1.95.1449.0, P5 virtool_win32_obfuscator.c, P6
NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 09.12.2010 06:55:18 | Computer Name = xxx | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.6402.0, P3 1.95.1449.0, P4 1.95.1449.0, P5 virtool_win32_obfuscator.kn,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 09.12.2010 09:22:37 | Computer Name = xxx | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.6402.0, P3 1.95.1449.0, P4 1.95.1449.0, P5 virtool_win32_obfuscator.c, P6
NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 09.12.2010 09:22:39 | Computer Name = xxx | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.6402.0, P3 1.95.1449.0, P4 1.95.1449.0, P5 virtool_win32_obfuscator.kn,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 09.12.2010 11:05:45 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.50.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.12.2010 11:05:45 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.50.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 09.12.2010 09:20:16 | Computer Name = xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 09.12.2010 09:27:11 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 09.12.2010 09:27:28 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 09.12.2010 09:27:28 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 09.12.2010 09:27:28 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 09.12.2010 09:27:28 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 09.12.2010 09:27:28 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SLEE_14_DRIVER Tcpip
Error - 09.12.2010 10:34:19 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 09.12.2010 11:30:49 | Computer Name = xxx | Source = Microsoft Antimalware | ID = 1008
Description = Fehler in %%861 beim Durchführen von Maßnahmen gegen Spyware oder
andere möglicherweise unerwünschte Software. Im Folgenden finden Sie weitere Innformationen:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/ByteVerify&threatid=2147595887
Benutzer:
NT-AUTORITÄT\SYSTEM Name: Exploit:Java/ByteVerify ID: 2147595887 Schweregrad: Schwerwiegend
Kategorie:
Ausnutzen Pfad: Aktion: %%808 Fehlercode: 0x80508023 Fehlerbeschreibung: Auf diesem
Computer wurde keine Spyware oder andere möglicherweise unerwünschte Software gefunden.
Status: Signaturversion: AV: 1.95.1449.0, AS: 1.95.1449.0 Modulversion: 1.1.6402.0
Error - 09.12.2010 12:18:00 | Computer Name = xxx | Source = Service Control Manager | ID = 7034
Description = Dienst "Marvell Yukon Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
< End of report >
--- --- ---
OTL.txt:OTL Logfile: Code:
OTL logfile created on: 10.12.2010 17:24:07 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 256,00 Mb Available Physical Memory | 25,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,04 Gb Total Space | 18,80 Gb Free Space | 55,21% Space Free | Partition Type: NTFS
Drive D: | 109,00 Gb Total Space | 95,77 Gb Free Space | 87,86% Space Free | Partition Type: NTFS
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - d:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - c:\Programme\Mobile Partner\Mobile Partner.exe ()
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Bruker Daltonik\NTDS\bin\DCOMLibraryService.exe (Bruker Daltonik GmbH)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
PRC - C:\Programme\Steganos Safe Home\SteganosAgent.exe ()
PRC - C:\Programme\Steganos Safe Home\SteganosHotKeyService.exe ()
PRC - C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Programme\Winamp\winampa.exe ()
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\atmaysvr.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\ofofonulohufa.dll ()
MOD - C:\WINDOWS\system32\oledlg.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (NMSAccess) -- d:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (BDal LibrarySearch) -- C:\Programme\Gemeinsame Dateien\Bruker Daltonik\NTDS\bin\DCOMLibraryService.exe (Bruker Daltonik GmbH)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (bpplxmfo) -- C:\WINDOWS\System32\drivers\bpplxmfo.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (VMC326) -- C:\WINDOWS\system32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (SLEE_14_DRIVER) -- C:\WINDOWS\system32\drivers\sleen14.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
DRV - (SampleScanner) -- C:\WINDOWS\system32\drivers\ArtecGT.sys ( )
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2560240064-2219650222-18370757-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKU\S-1-5-21-2560240064-2219650222-18370757-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2560240064-2219650222-18370757-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2560240064-2219650222-18370757-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2560240064-2219650222-18370757-1005\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2560240064-2219650222-18370757-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{AAC1BDAE-5B43-4321-89B6-943D55C88ED8}: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\{AAC1BDAE-5B43-4321-89B6-943D55C88ED8} [2010.12.09 08:44:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{357D46F9-1125-4043-9317-40D3452C0B5C}: C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\{357D46F9-1125-4043-9317-40D3452C0B5C} [2010.12.09 09:02:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.31 12:13:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.31 12:13:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.12.08 14:30:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2010.10.31 14:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2010.10.31 14:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.31 17:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l05g2tf9.default\extensions
[2010.06.20 18:03:55 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\l05g2tf9.default\searchplugins\youtube-videosuche.xml
[2010.12.09 09:03:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.12 10:59:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 10:59:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 10:59:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 10:59:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 10:59:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [MSSE] C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Rcuniyogovitog] C:\WINDOWS\ofofonulohufa.DLL ()
O4 - HKLM..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RemoteControl] C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SAFEHOME Agent] C:\Programme\Steganos Safe Home\SteganosAgent.exe ()
O4 - HKLM..\Run: [SAFEHOME HotKeys] C:\Programme\Steganos Safe Home\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\Winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [ONWERETETR.exe] C:\ONWERETETR.exe\ONWERETETR.exe File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [ONWERETETR.exe] C:\ONWERETETR.exe\ONWERETETR.exe File not found
O4 - HKU\S-1-5-21-2560240064-2219650222-18370757-1005..\Run: [mssend] C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mssend2\svcnost.exe ()
O4 - HKU\S-1-5-21-2560240064-2219650222-18370757-1005..\Run: [PowerBar] File not found
O4 - HKU\S-1-5-21-2560240064-2219650222-18370757-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanPanel.lnk = C:\Programme\ScanPanel\ScnPanel.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2560240064-2219650222-18370757-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Programme\yqrLBdIr–úÌ”Ësmkwykfc.exe\smkwykfc.exe) - C:\Programme\yqrLBdIr–úÌ”Ësmkwykfc.exe\smkwykfc.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.12 12:57:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c4cbfee-7ebd-11de-ae76-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{0c4cbfee-7ebd-11de-ae76-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c4cbfee-7ebd-11de-ae76-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{38cfe831-5373-11de-adf6-ecfcec3812fc}\Shell - "" = AutoRun
O33 - MountPoints2\{38cfe831-5373-11de-adf6-ecfcec3812fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38cfe831-5373-11de-adf6-ecfcec3812fc}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{54b50a40-521c-11de-adf0-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{54b50a40-521c-11de-adf0-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54b50a40-521c-11de-adf0-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{62a09a16-955d-11df-b19b-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{62a09a16-955d-11df-b19b-001377f718b8}\Shell\AutoRun\command - "" = mirk\\okitab.exe
O33 - MountPoints2\{62a09a16-955d-11df-b19b-001377f718b8}\Shell\explore\command - "" = mirk\\\okitab.exe
O33 - MountPoints2\{62a09a16-955d-11df-b19b-001377f718b8}\Shell\open\command - "" = mirk\\\okitab.exe
O33 - MountPoints2\{689840f8-7f48-11de-ae7b-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{689840f8-7f48-11de-ae7b-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{689840f8-7f48-11de-ae7b-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{689840f9-7f48-11de-ae7b-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{689840f9-7f48-11de-ae7b-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{689840f9-7f48-11de-ae7b-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{78d6c5db-7f49-11de-ae7c-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{78d6c5db-7f49-11de-ae7c-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78d6c5db-7f49-11de-ae7c-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{d10d2d06-7b8c-11df-b166-00242cf9542b}\Shell\AutoRun\command - "" = E:\APPInst.exe -- File not found
O33 - MountPoints2\{db447440-b5b8-11de-af1c-f347a1f86408}\Shell - "" = AutoRun
O33 - MountPoints2\{db447440-b5b8-11de-af1c-f347a1f86408}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{db447440-b5b8-11de-af1c-f347a1f86408}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ddf3a976-7bde-11df-b168-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{ddf3a976-7bde-11df-b168-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ddf3a976-7bde-11df-b168-001377f718b8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e8051a90-8f39-11de-aeae-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{e8051a90-8f39-11de-aeae-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8051a90-8f39-11de-aeae-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{f006a52c-81e4-11de-ae82-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{f006a52c-81e4-11de-ae82-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f006a52c-81e4-11de-ae82-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{f1507d42-7f44-11de-ae7a-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{f1507d42-7f44-11de-ae7a-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f1507d42-7f44-11de-ae7a-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{fe9d684e-5394-11de-adf8-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{fe9d684e-5394-11de-adf8-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe9d684e-5394-11de-adf8-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{fe9d6851-5394-11de-adf8-001377f718b8}\Shell - "" = AutoRun
O33 - MountPoints2\{fe9d6851-5394-11de-adf8-001377f718b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe9d6851-5394-11de-adf8-001377f718b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: proxedit - (C:\WINDOWS\system32\atmaysvr.dll) - C:\WINDOWS\system32\atmaysvr.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (15776209447157760)
========== Files/Folders - Created Within 30 Days ==========
[2010.12.10 17:21:29 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.12.09 16:00:13 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.12.09 15:57:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2010.12.09 15:57:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.12.09 15:57:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.12.09 15:57:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.12.09 15:57:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.09 12:06:31 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.12.09 12:06:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.12.09 12:01:33 | 058,570,184 | ---- | C] (COMODO) -- C:\Dokumente und Einstellungen\xxx\Desktop\cfw_installer_x86.exe
[2010.12.09 11:32:53 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.12.09 11:32:53 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.12.09 10:42:17 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.12.09 10:06:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.12.09 10:06:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials
[2010.12.09 09:25:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2010.12.09 08:44:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\{AAC1BDAE-5B43-4321-89B6-943D55C88ED8}
[2010.12.08 15:54:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mssend2
[2010.12.08 12:20:57 | 000,000,000 | ---D | C] -- C:\Programme\win
[2010.12.05 23:37:20 | 000,000,000 | ---D | C] -- C:\Programme\yqrLBdIr–úÌ”Ësmkwykfc.exe
[2010.11.29 10:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010.11.16 23:41:00 | 000,323,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaaut.dll
[2010.11.15 20:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Steganos
[2010.05.14 12:19:22 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ArtecGT.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.12.10 17:22:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.12.10 08:53:57 | 058,570,184 | ---- | M] (COMODO) -- C:\Dokumente und Einstellungen\xxx\Desktop\cfw_installer_x86.exe
[2010.12.10 08:10:36 | 000,002,437 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis.lnk
[2010.12.09 17:24:59 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.12.09 17:23:29 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2010.12.09 17:19:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.09 17:19:17 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.09 15:57:38 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.09 15:39:20 | 000,531,034 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.12.09 15:39:20 | 000,514,754 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.12.09 15:39:20 | 000,107,070 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.12.09 15:39:20 | 000,094,228 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.12.09 12:07:21 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Spybot - Search & Destroy.lnk
[2010.12.09 10:48:09 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cfehakobilobak.dat
[2010.12.09 10:06:29 | 000,000,798 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[2010.12.09 10:06:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.12.09 08:44:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pbaziriyij.bin
[2010.12.09 08:42:12 | 000,048,128 | -H-- | M] () -- C:\WINDOWS\System32\atmaysvr.dll
[2010.12.09 08:29:15 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\spider.sav
[2010.12.08 16:50:25 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010.11.30 14:11:10 | 000,011,577 | ---- | M] () -- C:\WINDOWS\Dusb3ar.ini
[2010.11.30 14:11:10 | 000,002,678 | ---- | M] () -- C:\WINDOWS\Ausba3.INI
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.29 12:47:37 | 000,002,383 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Play Camera.lnk
[2010.11.29 10:22:51 | 000,000,840 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Paint.NET.lnk
[2010.11.25 15:24:58 | 000,018,053 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\DVD Liste.ods
[2010.11.18 17:06:58 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\lkh exmatrikel.doc
[2010.11.16 23:41:00 | 000,323,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaaut.dll
[2010.11.15 16:18:23 | 000,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010.11.15 15:29:41 | 000,003,162 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.12.09 16:00:15 | 000,002,437 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis.lnk
[2010.12.09 15:57:38 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.09 15:34:56 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.09 12:07:21 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Spybot - Search & Destroy.lnk
[2010.12.09 10:11:45 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.12.09 10:06:29 | 000,000,798 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[2010.12.09 08:44:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Cfehakobilobak.dat
[2010.12.09 08:44:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pbaziriyij.bin
[2010.12.09 08:42:12 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\atmaysvr.dll
[2010.11.18 15:05:12 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\lkh exmatrikel.doc
[2010.11.14 11:43:31 | 000,003,162 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010.11.08 00:22:31 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2010.11.08 00:22:31 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2010.11.08 00:22:31 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Lffpx90n.dll
[2010.11.05 07:51:27 | 000,002,794 | ---- | C] () -- C:\WINDOWS\DataAnalysis.INI
[2010.10.07 19:18:28 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010.10.07 19:18:28 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010.10.07 19:18:28 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010.10.07 19:18:28 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010.10.07 19:18:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010.10.07 19:18:27 | 000,009,030 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2010.10.07 19:18:27 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2010.10.07 19:18:00 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.10.07 19:15:37 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010.07.31 16:42:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2010.07.29 15:15:27 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.06.16 09:56:32 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010.06.16 09:50:39 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010.06.16 09:50:38 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010.05.22 20:27:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.05.14 12:19:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\Ausba3.dll
[2010.05.14 12:19:23 | 000,011,577 | ---- | C] () -- C:\WINDOWS\Dusb3ar.ini
[2010.05.14 12:19:23 | 000,002,678 | ---- | C] () -- C:\WINDOWS\Ausba3.INI
[2010.05.14 12:19:23 | 000,000,860 | ---- | C] () -- C:\WINDOWS\ScnPanel.ini
[2010.05.09 18:40:47 | 000,001,630 | ---- | C] () -- C:\WINDOWS\ArtecePlus.ini
[2010.02.15 11:38:50 | 000,003,499 | ---- | C] () -- C:\WINDOWS\LITERAT.INI
[2010.02.06 21:18:46 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2009.12.23 21:05:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\civnet.ini
[2009.08.23 21:41:22 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009.08.23 21:41:14 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009.07.17 19:13:16 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe
[2009.06.21 18:14:49 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.13 19:50:47 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009.06.13 19:50:47 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\EC88C3422E.sys
[2009.06.05 23:23:35 | 000,001,844 | ---- | C] () -- C:\WINDOWS\CURVES.INI
[2009.06.05 23:20:13 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009.06.05 23:10:28 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Admin_KBD.ini
[2009.06.05 23:00:08 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\xxx_KBD.ini
[2009.06.05 01:39:00 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Britta_KBD.ini
[2009.04.14 13:58:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.02.12 20:35:38 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.02.12 20:35:27 | 000,353,280 | ---- | C] () -- C:\WINDOWS\ofofonulohufa.dll
[2009.02.12 20:35:27 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\kb.dll
[2009.02.12 13:10:08 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009.02.12 13:10:08 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini
[2009.02.12 13:10:05 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009.02.12 13:10:05 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009.02.12 13:10:05 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009.02.12 13:10:05 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009.02.12 13:10:05 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009.02.12 13:10:05 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009.02.12 13:10:05 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009.02.12 13:10:05 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009.02.12 13:10:05 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009.02.12 13:10:05 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009.02.12 13:10:05 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009.02.12 13:10:05 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009.02.12 13:10:05 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009.02.12 13:10:05 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009.02.12 13:10:05 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009.02.12 13:10:05 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009.02.12 13:10:05 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009.02.12 13:07:50 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009.02.12 13:07:50 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009.02.12 13:04:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.02.12 13:01:47 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009.02.12 12:49:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.09.17 13:20:08 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000096.DLL
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010.09.09 07:58:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Canneverbe Limited
[2009.06.05 23:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird
[2010.05.07 22:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CambridgeSoft
[2010.07.29 15:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.11.08 00:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Droppix
[2010.01.24 19:45:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.11.08 00:01:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2010.05.07 22:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mestrelab Research S.L
[2010.06.16 10:02:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pdf995
[2010.07.31 18:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2009.02.12 13:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN
[2010.12.09 11:05:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Thunderbird
[2009.08.09 09:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Amazon
[2010.07.29 15:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canneverbe Limited
[2010.01.27 23:47:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Crayon Physics Deluxe
[2010.11.08 00:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Droppix
[2010.12.07 17:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\EndNote
[2009.06.07 19:57:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\FUJIFILM
[2010.12.05 17:07:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQ
[2010.05.07 22:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mestrelab Research S.L
[2010.01.24 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Miranda
[2010.12.08 15:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mssend2
[2010.06.16 09:56:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pdf995
[2010.11.15 20:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Steganos
[2010.10.31 14:15:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird
[2010.12.09 17:24:59 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.12.09 08:41:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe
[2009.08.09 09:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Amazon
[2010.10.07 19:21:54 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Brother
[2010.07.29 15:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canneverbe Limited
[2010.01.27 23:47:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Crayon Physics Deluxe
[2009.07.17 19:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CyberLink
[2010.11.08 00:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Droppix
[2010.12.07 17:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\EndNote
[2009.06.07 19:57:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\FUJIFILM
[2010.06.10 07:43:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Help
[2010.12.05 17:07:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQ
[2009.02.12 13:05:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\InstallShield
[2009.06.06 15:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Macromedia
[2010.12.09 15:57:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2010.05.07 22:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mestrelab Research S.L
[2010.12.09 16:00:15 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Microsoft
[2010.01.24 17:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Miranda
[2009.06.10 20:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla
[2010.12.08 15:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mssend2
[2010.12.09 17:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org2
[2010.06.16 09:56:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pdf995
[2010.11.15 20:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Steganos
[2009.07.19 10:55:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Sun
[2009.06.10 20:49:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Talkback
[2010.10.31 14:15:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird
[2010.06.19 21:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3
[2010.05.28 15:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\WinRAR
< %APPDATA%\*.exe /s >
[2008.04.14 13:00:00 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe\AdobeUpdate .exe
[2010.12.09 16:00:16 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2010.12.08 15:54:23 | 000,157,696 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\mssend2\svcnost.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\45284302CF53953B\cleanup.exe
[2007.10.23 08:22:56 | 003,350,528 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\45284302CF53953B\Launchpad Removal.exe
[2007.10.23 09:05:12 | 004,632,576 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\45284302CF53953B\LaunchPad.exe
[2007.10.23 08:44:48 | 000,054,584 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\45284302CF53953B\U3AccessGrant.exe
[2007.10.23 08:22:56 | 003,350,528 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\temp\Launchpad Removal.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=E98439A61C31BE2F10BC5F69070E462E -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=E98439A61C31BE2F10BC5F69070E462E -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=D9ABB6EA254FD611A5A4F636ADD32B30 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=D9ABB6EA254FD611A5A4F636ADD32B30 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.02.12 13:48:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.02.12 13:48:24 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.02.12 13:48:24 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2010.12.09 08:42:12 | 000,048,128 | -H-- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\atmaysvr.dll
[2008.04.14 13:00:00 | 000,003,584 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kb.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
--- --- --- |
