Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Wiederherstellung nach Windows Recovery unvollständig (https://www.trojaner-board.de/99533-wiederherstellung-windows-recovery-unvollstaendig.html)

Blitzknall 24.05.2011 21:02
Wiederherstellung nach Windows Recovery unvollständig
 
Guten Abend!

Ich habe mir vor einigen Tagen den Windows Recovery Trojaner gefangen. Nachdem ich dann dieses Forum gefunden habe, konnte ich ihn dann auch entfernen über folgende Schritte:
1. Über RKill alles stillgelegt
2. Mit Malwarebytes Anti Malware einen vollständigen Scan ausgeführt
3. Danach mit Unhide.exe versucht, alles wieder sichtbar zu machen.

Hier fängt mein eigentliches Problem an. Der Computer fährt hoch, die Programme funktionieren. ABER: der Desktop ist weiterhin schwarz, Kontextmenü öffnen über Maus geht nicht, Eigenschaften von Anzeige (Systemsteuerung) bzw. Desktop ist inaktiv (=es läßt sich kein Hintergrund auswählen), die Programme im Start Ordner wurden nicht alle wieder hergestellt, und die meisten Ordner dort sind leer....
Die Programme sind alle noch auf der Festplatte und funktionieren auch, nur ist der Desktop weiterhin eine Wüste.

Hier ist das Logfile von Malwarebytes:
Code:
Malwarebytes' Anti-Malware 1.25
Datenbank Version: 1062
Windows 5.1.2600 Service Pack 3

16:16:08 24.05.2011
mbam-log-05-14-2011 (16-16-08).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 74096
Laufzeit: 1 hour(s), 2 minute(s), 0 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und hier von OTL:
Code:
OTL Extras logfile created on: 24.05.2011 20:49:21 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Dokumente und Einstellungen\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 70,26 Mb Available Physical Memory | 13,75% Memory free
1,22 Gb Paging File | 0,82 Gb Available in Paging File | 67,60% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,46 Gb Total Space | 30,81 Gb Free Space | 21,18% Space Free | Partition Type: NTFS
 
Computer Name: ROCKETMAN | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "C:\Programme\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"Disable Config" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3587:TCP" = 3587:TCP:*:Enabled:Windows-Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3587:TCP" = 3587:TCP:*:Enabled:Windows-Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1054:TCP" = 1054:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Netscape\Netscape\Netscp.exe" = C:\Programme\Netscape\Netscape\Netscp.exe:*:Enabled:Netscape -- (Mozilla, Netscape)
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\WINDOWS\neos.exe" = C:\WINDOWS\neos.exe:*:Enabled:enable
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F068BC-CE2C-4564-81E2-8E19219F9A65}" = ACDSee 3.1 (SR-1) Standard
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}" = XP-Clean Express
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89EC8757-A934-11D6-8732-00105A376200}" = mapserver 4 COM-Module
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}" = Buhl finance - tax 2007 Standard
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F45E494-BFFB-4E85-B821-59BF40636640}" = Buhl finance - tax money
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A47A282E-70C4-40F6-A9C4-C1712D68975C}" = Symantec Real Time Storage Protection Component
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}" = PENTAX USB DISK Device
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F850185A-1BB1-41E8-8438-ABE28DFF5A9B}" = DA920GE
"Acoustica Premium Edition_is1" = Acoustica Premium Edition 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Akamai" = Akamai NetSession Interface
"Apogee" = Apogee
"Audacity_is1" = Audacity 1.2.3
"Audio Converter Pro" = River Past Audio Converter Pro
"AutoCAD R14.0 - Deutsch Deinstaller" = AutoCAD R14.0 - Deutsch
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CYCAS3_is1" = CYCAS 3.90 public for Windows
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"Dell AIO Printer A920" = Dell AIO Printer A920
"Earthworm Jim" = Earthworm Jim (Remove only, requires CD)
"FLVPlayer" = FLV Player 1.3.3
"FreePDF_XP" = FreePDF XP (Remove only)
"FTDICOMM" = G-Wiz USB-to-Serial Converter Drivers
"GUIPEP front end to PROPEP/MPEP" = GUIPEP front end to PROPEP/MPEP
"G-Wiz FlightView" = G-Wiz FlightView
"HijackThis" = HijackThis 2.0.2
"idnmitigationapis" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® software" = Indeo® software
"InfoRapid KnowledgeMap" = InfoRapid KnowledgeMap
"Install_is1" = Setup 1.0
"Java Web Start" = Java Web Start
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.1)" = Netscape (7.1)
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"nlsdownlevelmapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Spyware Doctor" = Spyware Doctor 7.0
"ST4UNST #2" = GDL_Propep
"ST4UNST #3" = GDL_Propep (C:\Programme\GDL_Propep\)
"ST6UNST #1" = SubSync
"SubtitleWorkshop" = Subtitle Workshop
"SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordToPDF_is1" = WordToPDF 2.4
"wRASP" = wRASP
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2011 08:18:26 | Computer Name = ROCKETMAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ccSvcHst.exe, Version 106.2.0.21, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 06.05.2011 12:57:42 | Computer Name = ROCKETMAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 06.05.2011 15:14:47 | Computer Name = ROCKETMAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ccSvcHst.exe, Version 106.2.0.21, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000673be.
 
Error - 07.05.2011 10:52:25 | Computer Name = ROCKETMAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17096, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 07.05.2011 20:05:51 | Computer Name = ROCKETMAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17096, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 07.05.2011 20:34:30 | Computer Name = ROCKETMAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error  Initialisierung des COM-Subsystems fehlgeschlagen.
 Fehlercode: 0x8007041D
 
Error - 07.05.2011 20:56:31 | Computer Name = ROCKETMAN | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error  Initialisierung des COM-Subsystems fehlgeschlagen.
 Fehlercode: 0x8007041D
 
Error - 07.05.2011 21:15:34 | Computer Name = ROCKETMAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 19062564.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul 19062564.exe, Version 0.0.0.0, Fehleradresse 0x0004876e.
 
Error - 07.05.2011 21:15:43 | Computer Name = ROCKETMAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 19062564.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 22.05.2011 08:51:54 | Computer Name = ROCKETMAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ccSvcHst.exe, Version 106.2.0.21, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00019af2.
 
[ System Events ]
Error - 08.05.2011 18:09:17 | Computer Name = ROCKETMAN | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 08.05.2011 18:09:18 | Computer Name = ROCKETMAN | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
 Peer  "time.windows.com,time.nist.gov" ist ein Fehler aufgetreten. Der DNS-Lookup
 wird in 15 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht
 erreichbar. (0x80072751)
 
Error - 08.05.2011 18:09:18 | Computer Name = ROCKETMAN | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
 
< End of report >
Ich habe Unhide mehrmals laufen lassen, einmal auch über Nacht, da ich ja die Notiz gesehen hatte, dem ganzen etwas Zeit zu geben...geholfen hat es leider nichts.
Über eine helfende Hand würde ich mich sehr freuen!! Der Rechner funktioniert zwar, aber es ist doch ein recht mühsames Geschäft, ohne Shortcuts auf dem Desktop zu arbeiten...

Viele Grüße und einen schönen Abend noch,

Tom

cosinus 25.05.2011 12:19
Zitat:
Malwarebytes' Anti-Malware 1.25
Datenbank Version: 1062
Diese Version ist ja wohl älter als Steinzeit :D
Update auf Version 1.50.1.1100 und Signatur-DB 6672 (über Updatebutton)
Dann den Vollscan wiederholen.

Blitzknall 25.05.2011 21:13
So, Update aus der Frühbronzezeit ins heute durchgeführt, neuen Vollscan laufen lassen...ich bin geschockt: 102 Infizierungen gefunden:balla:!

Log von Malware Bytes:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6674

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25.05.2011 22:05:39
mbam-log-2011-05-25 (22-05-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 269748
Laufzeit: 1 Stunde(n), 45 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 8
Infizierte Verzeichnisse: 3
Infizierte Dateien: 89

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhca6pj0epar (Rogue.AntiVirusXP) -> Value: rhca6pj0epar -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\all users\anwendungsdaten\crucialsoft ltd (Rogue.AV2009) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\dokumente und einstellungen\Tom\eigene dateien\alkomat.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1179588951.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3532776907.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3640619053.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\814144971.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\885236181.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\538972469.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\546894423.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\989395395.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1007799136.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1033141017.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\168046233.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1884300828.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1287094634.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1319540856.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1377270403.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1377623742.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3040846288.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\307773507.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\312571382.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\324824697.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3255281818.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3826045821.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1264854475.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\678459428.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\702208467.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\722958631.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3463346849.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3481744856.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\2049343268.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\2189035804.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\4007773776.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\4014789767.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\4031904418.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\4095589835.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1453189878.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\4117795931.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\4184403156.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1117144062.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1146074526.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\1178041579.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3869373827.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3948500846.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3396941060.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3421250542.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3440492518.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\594051146.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\754655194.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\774815705.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3585190068.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3592850800.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\3611554335.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\winloggn.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\251332043.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\909405453.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0ff17727-9f83-4d7c-919c-3a3eac40f985}\RP757\A0076051.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0ff17727-9f83-4d7c-919c-3a3eac40f985}\RP757\A0076054.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\104302958.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\117723033.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\119603365.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\133931142.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\143759342.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\216419081.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\228399961.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\232795921.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\246724926.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\345193225.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\346907261.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\442013780.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\454721460.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\456490074.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\459788523.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\465718333.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\480277474.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\554154661.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\567716132.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\579601895.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\585264218.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\666898185.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\681200452.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\682544805.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\707469567.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\779232009.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\791759142.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\795672329.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\810914834.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\903393286.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\908006153.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Tom\lokale einstellungen\Temp\921284932.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
Viele Grüße,

Tom

cosinus 25.05.2011 21:48
Autsch, viele Dateien dabei, die als Backdoor eingestuft werden :balla:

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Blitzknall 26.05.2011 19:41
So, fertig!!
Das Log:

Combofix Logfile:
Code:
ComboFix 11-05-23.02 - Tom 26.05.2011  20:16:41.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.511.201 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Tom\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Tom\Anwendungsdaten\ACD Systems\ACDSee\ImageDB.ddf
c:\dokumente und einstellungen\Tom\WINDOWS
C:\Thumbs.db
c:\windows\Fonts\acrsec.fon
c:\windows\settings.reg
c:\windows\system32\Data
c:\windows\system32\Inetde.dll
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-26 bis 2011-05-26  ))))))))))))))))))))))))))))))
.
.
2011-05-08 14:22 . 2011-05-08 14:58        --------        d-----w-        c:\programme\GridinSoft Trojan Killer
2011-05-08 13:50 . 2010-02-02 07:13        59664        --s---w-        c:\windows\system32\drivers\TfSysMon.sys
2011-05-08 13:50 . 2010-02-02 07:13        51984        --s---w-        c:\windows\system32\drivers\TfFsMon.sys
2011-05-08 13:50 . 2010-02-02 07:13        33552        --s---w-        c:\windows\system32\drivers\TfNetMon.sys
2011-05-08 10:06 . 2011-05-08 10:06        --------        d-----w-        c:\programme\VirKil
2011-05-07 11:55 . 2011-05-08 19:17        --------        d-----w-        c:\dokumente und einstellungen\Tom\Anwendungsdaten\BOM
2011-05-07 11:55 . 2000-12-05 22:00        109248        ----a-w-        c:\windows\system32\Mswinsck.ocx
2011-05-07 11:55 . 2000-10-01 22:00        125712        ----a-w-        c:\windows\system32\vb6de.dll
2011-05-07 11:55 . 2000-05-22 14:58        115920        ----a-w-        c:\windows\system32\msinet.ocx
2011-05-07 11:55 . 2000-04-03 18:06        16896        ----a-w-        c:\windows\system32\winskde.dll
2011-05-07 11:55 . 1999-07-14 12:07        6656        ----a-w-        c:\windows\system32\stdftde.dll
2011-05-07 11:55 . 1998-07-05 22:00        22528        ----a-w-        c:\windows\system32\Tabctde.dll
2011-05-07 11:55 . 1998-07-05 22:00        158208        ----a-w-        c:\windows\system32\Mscmcde.dll
2011-05-07 11:55 . 1998-06-23 22:00        209192        ----a-w-        c:\windows\system32\Tabctl32.ocx
2011-05-07 11:55 . 2011-05-07 11:55        --------        d-----w-        c:\programme\Biet-O-Matic
2011-05-02 07:50 . 2010-09-18 06:52        954368        ------w-        c:\windows\system32\dllcache\mfc40.dll
2011-05-02 07:50 . 2010-09-18 06:52        953856        ------w-        c:\windows\system32\dllcache\mfc40u.dll
2011-05-02 07:50 . 2010-08-23 16:11        617472        ------w-        c:\windows\system32\dllcache\comctl32.dll
2011-05-02 07:49 . 2010-11-02 15:17        40960        ------w-        c:\windows\system32\dllcache\ndproxy.sys
2011-05-02 07:43 . 2010-10-11 14:59        45568        ------w-        c:\windows\system32\dllcache\wab.exe
2011-05-01 10:36 . 2011-05-01 10:37        --------        d-----w-        c:\windows\l2schemas
2011-05-01 10:36 . 2011-05-01 10:36        --------        d-----w-        c:\windows\system32\de
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-03-02 12:18        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-04 06:44 . 2002-08-29 04:00        434176        ----a-w-        c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2002-08-29 04:00        1858048        ----a-w-        c:\windows\system32\win32k.sys
2010-11-05 21:25 . 2010-11-05 21:25        17671448        ----a-w-        c:\programme\FreeVideoToFlashConverter.exe
2008-07-10 09:38 . 2008-07-10 09:38        1936896        ----a-w-        c:\programme\Altimax.exe
2008-05-06 10:34 . 2008-05-06 10:34        136704        ----a-w-        c:\programme\AVRootLoader.dll
2004-02-12 08:40 . 2004-02-12 08:40        1264330        ----a-w-        c:\programme\yetisports1.exe
2003-09-30 21:34 . 2010-11-05 20:17        38463        ----a-w-        c:\programme\Subtitler.vdf
2001-04-02 01:49 . 2010-11-05 20:22        423936        ----a-w-        c:\programme\Conversor.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"CTSysVol"="c:\programme\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeAAMUpdater-1.0"="c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders        msapsspc.dll schannel.dll digest.dll msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Programme\\Netscape\\Netscape\\Netscp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\BitTorrent\\bittorrent.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows-Peer-zu-Peer-Gruppierung
"3540:UDP"= 3540:UDP:Peer Name Resolution-Protokoll (PNRP)
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [31.05.2009 19:51 218592]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [31.05.2009 19:51 233136]
R2 acedrv10;acedrv10;c:\windows\SYSTEM32\DRIVERS\ACEDRV10.sys [28.10.2007 17:35 583128]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [29.08.2002 06:00 14336]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [05.07.2007 23:30 554352]
S1 2b1e04af;2b1e04af;c:\windows\system32\drivers\2b1e04af.sys --> c:\windows\system32\drivers\2b1e04af.sys [?]
S2 acehlp10;acehlp10;c:\windows\SYSTEM32\DRIVERS\acehlp10.sys [26.10.2007 15:53 250560]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\SYSTEM32\DRIVERS\ASPI32.SYS [22.09.2005 00:22 16512]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [31.05.2009 19:51 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [14.06.2010 21:06 366840]
S3 SwitchBoard;SwitchBoard;c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc        REG_MULTI_SZ          p2psvc p2pimsvc p2pgasvc PNRPSvc
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROCKETMAN-Tom.job
- c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-22 02:44]
.
2004-10-28 c:\windows\Tasks\ISP-Anmeldungserinnerung 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 02:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.lyserg-band.de/
mWindow Title = Microsoft Internet Explorer
uSearchAssistant = hxxp://www.google.com
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\6mogmq4p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1601497&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: Biet-O-Matic Firefox Erweiterung: {B0D70E72-2FC1-4b9f-A3D4-5921C854D906} - %profile%\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Sonic RecordNow! - (no file)
AddRemove-Earthworm Jim - E:\Wormload.exe
AddRemove-MPEP - c:\progra~1\Programs\GUIPEP\UNWISE.EXE
AddRemove-BitTorrent DNA - c:\programme\DNA\btdna.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-26 20:31
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-26  20:37:00
ComboFix-quarantined-files.txt  2011-05-26 18:36
.
Vor Suchlauf: 71 Verzeichnis(se), 33.402.261.504 Bytes frei
Nach Suchlauf: 74 Verzeichnis(se), 53.793.050.624 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 6DA49B6B0F5D6E9BB611248874141581
--- --- ---


Grüße,

Tom

cosinus 26.05.2011 20:16
Gut. CF hat da was weggeräumt.
Mach bitte erstmal ein frisches OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Blitzknall 27.05.2011 08:35
Und der nächste Log!!

Gruß,

TomOTL Logfile:
Code:
OTL logfile created on: 27.05.2011 09:18:09 - Run 2
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Dokumente und Einstellungen\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
510,98 Mb Total Physical Memory | 157,73 Mb Available Physical Memory | 30,87% Memory free
1,22 Gb Paging File | 0,94 Gb Available in Paging File | 77,39% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,46 Gb Total Space | 50,10 Gb Free Space | 34,44% Space Free | Partition Type: NTFS
 
Computer Name: ROCKETMAN | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Tom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) --  File not found
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_8832f4b.dll ()
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (SwitchBoard) -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (p2pgasvc) -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetSvc) -- C:\Programme\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pctplsg) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Tcpip6) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (pctgntdi) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys (PC Tools)
DRV - (tbhsd) -- C:\WINDOWS\SYSTEM32\DRIVERS\tbhsd.sys (RapidSolution Software AG)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (FTSER2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys (FTDI Ltd.)
DRV - (acedrv10) -- C:\WINDOWS\SYSTEM32\DRIVERS\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\WINDOWS\SYSTEM32\DRIVERS\acehlp10.sys (Protect Software GmbH)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\SE27bus.sys (MCCI)
DRV - (FTDIBUS) -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys (FTDI Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (P17) -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (ASPI32) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS (Adaptec)
DRV - (ASPI) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS (Adaptec)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lyserg-band.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1601497&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B0D70E72-2FC1-4b9f-A3D4-5921C854D906}:1.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.06 16:53:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.06 16:53:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.05.03 22:11:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.03.27 21:52:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Programme\Netscape\Netscape\Components [2010.08.07 17:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Programme\Netscape\Netscape\Plugins [2010.07.31 14:10:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Programme\Netscape\Navigator 9\components [2008.10.23 23:43:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Programme\Netscape\Navigator 9\plugins [2010.01.26 13:12:30 | 000,000,000 | ---D | M]
 
[2010.11.30 09:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Extensions
[2010.11.30 09:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.25 22:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\6mogmq4p.default\extensions
[2009.01.31 21:57:16 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\6mogmq4p.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009.09.02 14:41:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\6mogmq4p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.07 13:58:44 | 000,000,000 | ---D | M] ("Biet-O-Matic Firefox Erweiterung") -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\6mogmq4p.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}
[2011.01.19 23:05:23 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\6mogmq4p.default\extensions\2020Player@2020Technologies.com
[2009.12.20 13:40:31 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\6mogmq4p.default\extensions\moveplayer@movenetworks.com
[2009.01.31 21:43:25 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla\Firefox\Profiles\6mogmq4p.default\extensions\nasanightlaunch@example.com
[2011.05.25 22:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.31 14:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.31 14:09:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
[2010.07.31 14:09:49 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Programme\Mozilla Firefox\plugins\NPOP7PlugIn.dll
[2008.04.07 20:55:00 | 000,000,909 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\conduit.xml
 
O1 HOSTS File: ([2011.05.26 20:31:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bt2 {1730B77B-F429-498f-9B15-4514D83C8294} -  File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-bt2 {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} -  File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.25 15:26:37 | 000,335,856 | ---- | M] () - C:\Auto1.JPG -- [ NTFS ]
O32 - AutoRun File - [2007.07.25 15:27:41 | 000,363,912 | ---- | M] () - C:\Auto2.JPG -- [ NTFS ]
O32 - AutoRun File - [2002.09.11 14:48:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {82ced0ff-a00d-4405-ba5f-ef4699159333} - KB896727
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60b49e34-c7cc-11d0-8953-00a0c90347ff} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL ()
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - x264vfw.dll File not found
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.26 23:11:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.05.26 20:13:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.05.26 20:10:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.05.26 20:10:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.05.26 20:10:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.05.26 20:10:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.05.26 20:07:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.26 19:10:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.05.26 18:53:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.24 20:48:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tom\Desktop\OTL.exe
[2011.05.08 16:22:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft
[2011.05.08 16:22:15 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2011.05.08 16:10:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Tom\Recent
[2011.05.08 16:10:08 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tom\Desktop\OTH.scr
[2011.05.08 15:50:59 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011.05.08 15:50:58 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011.05.08 15:50:58 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011.05.08 12:06:02 | 000,000,000 | ---D | C] -- C:\Programme\VirKil
[2011.05.07 13:55:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\BOM
[2011.05.07 13:55:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Biet-O-Matic
[2011.05.07 13:55:04 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx
[2011.05.07 13:55:04 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscmcde.dll
[2011.05.07 13:55:04 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vb6de.dll
[2011.05.07 13:55:04 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.ocx
[2011.05.07 13:55:04 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mswinsck.ocx
[2011.05.07 13:55:04 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctde.dll
[2011.05.07 13:55:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winskde.dll
[2011.05.07 13:55:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stdftde.dll
[2011.05.07 13:55:03 | 000,000,000 | ---D | C] -- C:\Programme\Biet-O-Matic
[2011.05.02 09:50:30 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011.05.02 09:50:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011.05.02 09:50:03 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011.05.02 09:49:34 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011.05.02 09:43:42 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011.05.01 12:36:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.05.01 12:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.05.01 12:15:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.11.05 23:25:01 | 017,671,448 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\Programme\FreeVideoToFlashConverter.exe
[2010.11.05 22:22:30 | 000,423,936 | ---- | C] (Feñiz 2001) -- C:\Programme\Conversor.exe
[2008.05.06 12:34:00 | 000,136,704 | ---- | C] (HR) -- C:\Programme\AVRootLoader.dll
[2004.10.21 13:38:58 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004.02.12 10:40:24 | 001,264,330 | ---- | C] (Macromedia, Inc.) -- C:\Programme\yetisports1.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.27 08:06:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011.05.27 08:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011.05.27 08:05:24 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.26 23:21:51 | 000,002,353 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ACDSee 3.1 SR-1.lnk
[2011.05.26 23:19:31 | 000,024,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.26 20:31:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011.05.26 20:13:36 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011.05.26 19:15:12 | 000,002,965 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate
[2011.05.26 18:52:26 | 004,353,961 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Desktop\ComboFix.exe
[2011.05.24 20:48:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tom\Desktop\OTL.exe
[2011.05.22 15:29:05 | 000,000,493 | ---- | M] () -- C:\WINDOWS\ROCKSIM.INI
[2011.05.22 15:28:57 | 000,000,634 | ---- | M] () -- C:\WINDOWS\wrasp.ini
[2011.05.22 14:53:16 | 000,001,125 | ---- | M] () -- C:\WINDOWS\Winamp.ini
[2011.05.16 21:42:39 | 000,000,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Tom\Desktop\Youtube Downloader HD.lnk
[2011.05.14 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ROCKETMAN-Tom.job
[2011.05.08 16:01:58 | 000,000,232 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062564
[2011.05.08 16:01:57 | 000,000,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062564r
[2011.05.08 15:57:59 | 003,526,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.05.08 12:48:38 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tom\Desktop\OTH.scr
[2011.05.08 02:22:09 | 000,000,344 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062564
[2011.05.02 10:31:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.05.02 10:19:54 | 000,463,834 | ---- | M] () -- C:\WINDOWS\System32\PERFH007.DAT
[2011.05.02 10:19:54 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011.05.02 10:19:54 | 000,086,216 | ---- | M] () -- C:\WINDOWS\System32\PERFC007.DAT
[2011.05.02 10:19:54 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011.05.01 12:24:50 | 000,251,712 | RHS- | M] () -- C:\NTLDR
[2011.05.01 11:01:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.26 20:23:27 | 000,002,353 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ACDSee 3.1 SR-1.lnk
[2011.05.26 20:23:27 | 000,001,632 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk
[2011.05.26 20:23:27 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.05.26 20:13:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.05.26 20:13:33 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2011.05.26 20:10:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.26 20:10:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.26 20:10:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.26 20:10:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.26 20:10:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.05.26 19:15:12 | 000,002,965 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate
[2011.05.26 18:49:43 | 004,353,961 | R--- | C] () -- C:\Dokumente und Einstellungen\Tom\Desktop\ComboFix.exe
[2011.05.08 02:22:41 | 000,000,152 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062564r
[2011.05.08 02:22:40 | 000,000,232 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062564
[2011.05.08 02:22:08 | 000,000,344 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062564
[2011.04.24 20:08:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.04.16 10:47:23 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.04.16 10:47:23 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.11.05 22:22:30 | 000,000,157 | ---- | C] () -- C:\Programme\Perfiles.ini
[2010.11.05 22:18:01 | 000,145,408 | ---- | C] () -- C:\Programme\gray.avi
[2010.11.05 22:18:01 | 000,010,530 | ---- | C] () -- C:\Programme\demo.ssa
[2010.11.05 22:17:56 | 000,038,463 | ---- | C] () -- C:\Programme\Subtitler.vdf
[2010.10.19 01:11:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010.05.04 23:05:41 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010.02.28 22:31:01 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010.02.28 22:29:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.02.28 22:28:53 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.01.03 14:47:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009.12.22 13:00:11 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.10.10 20:07:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009.09.14 00:13:30 | 000,018,321 | ---- | C] () -- C:\Programme\COPYING
[2009.03.19 20:08:19 | 000,272,896 | ---- | C] () -- C:\WINDOWS\System32\advddr32.exe
[2009.02.10 14:23:09 | 000,000,590 | ---- | C] () -- C:\WINDOWS\tlknw9.ini
[2008.12.13 19:15:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\polynet.dll
[2008.07.10 11:38:58 | 001,936,896 | ---- | C] () -- C:\Programme\Altimax.exe
[2008.05.25 20:57:25 | 000,164,980 | ---- | C] () -- C:\WINDOWS\Audio Converter Pro Uninstaller.exe
[2008.04.22 17:12:00 | 000,006,290 | ---- | C] () -- C:\Programme\AVRootloader.dev
[2008.03.28 22:27:16 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.03.28 22:27:09 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.02.25 01:19:36 | 000,005,567 | ---- | C] () -- C:\WINDOWS\rules.dat
[2007.10.08 13:21:18 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007.10.08 13:21:17 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2007.10.08 13:21:17 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2007.10.08 13:21:17 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2007.10.08 13:21:17 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2007.10.08 13:21:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007.04.23 19:49:11 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.04.23 19:44:20 | 000,000,290 | ---- | C] () -- C:\WINDOWS\BUHL.INI
[2007.03.17 12:12:58 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007.02.02 07:12:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2006.05.24 11:04:14 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2006.05.24 10:40:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2006.05.10 00:04:38 | 000,001,735 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2005.12.19 16:47:47 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2005.12.19 16:47:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2005.11.14 11:28:20 | 000,000,209 | ---- | C] () -- C:\WINDOWS\render.ini
[2005.11.03 01:14:41 | 000,001,298 | ---- | C] () -- C:\WINDOWS\ikMap.INI
[2005.09.22 00:30:05 | 000,001,375 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
[2005.09.22 00:21:40 | 000,026,914 | ---- | C] () -- C:\WINDOWS\CDMaster.ini
[2005.09.22 00:21:39 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Nviewlib.dll
[2005.09.22 00:21:39 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\vcedit.dll
[2005.09.22 00:21:39 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2005.09.22 00:21:38 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005.09.22 00:21:38 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.09.22 00:21:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005.09.22 00:21:38 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.08.25 16:04:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005.07.31 14:28:13 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2005.07.31 14:28:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2005.07.31 14:18:34 | 018,416,367 | ---- | C] () -- C:\WINDOWS\Nero Burning Rom Screensaver.dat
[2005.05.29 13:45:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005.05.24 12:41:52 | 000,000,516 | ---- | C] () -- C:\WINDOWS\ltN1.ini
[2005.05.07 12:31:22 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2005.05.07 12:31:22 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL
[2005.05.07 12:31:21 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\SNTI386.DLL
[2005.05.07 12:31:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2005.05.07 12:31:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2005.03.30 14:08:41 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005.03.30 14:08:23 | 000,000,307 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005.03.04 00:33:29 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005.03.04 00:33:29 | 000,035,342 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2005.01.30 16:08:39 | 000,000,293 | ---- | C] () -- C:\WINDOWS\FlgtProf.ini
[2004.11.11 21:01:12 | 000,000,493 | ---- | C] () -- C:\WINDOWS\ROCKSIM.INI
[2004.11.03 23:48:18 | 000,000,634 | ---- | C] () -- C:\WINDOWS\wrasp.ini
[2004.10.28 23:27:59 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2004.10.28 22:51:24 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\VbVfw.dll
[2004.10.28 22:13:04 | 000,024,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Tom\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.10.28 20:41:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004.10.28 20:41:02 | 000,087,184 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004.10.28 20:40:49 | 000,087,184 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004.10.28 20:40:45 | 000,008,828 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004.10.27 22:44:57 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW32000C.DLL
[2004.10.27 22:44:57 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW320007.DLL
[2004.10.21 13:42:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.10.21 13:40:21 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.10.21 13:39:05 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004.10.21 13:39:05 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004.10.21 13:38:58 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004.10.21 13:38:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2004.10.21 13:38:58 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004.10.21 13:38:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004.10.21 13:38:53 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004.10.21 13:38:03 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004.10.21 13:35:17 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.10.21 13:25:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004.10.21 13:24:00 | 000,463,834 | ---- | C] () -- C:\WINDOWS\System32\PERFH007.DAT
[2004.10.21 13:24:00 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004.10.21 13:24:00 | 000,086,216 | ---- | C] () -- C:\WINDOWS\System32\PERFC007.DAT
[2004.10.21 13:24:00 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004.10.21 13:23:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.10.21 13:23:45 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.10.21 13:10:18 | 000,000,619 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.03.26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004.03.06 18:07:20 | 000,012,942 | ---- | C] () -- C:\Programme\cdmaster32.xml
[2004.03.06 17:55:26 | 000,000,361 | ---- | C] () -- C:\Programme\FILE_ID.DIZ
[2004.03.06 17:52:52 | 000,010,338 | ---- | C] () -- C:\Programme\whats.new
[2004.02.29 23:27:50 | 000,004,630 | ---- | C] () -- C:\Programme\Register.frm
[2003.04.22 16:37:50 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\DLBKPLC.INI
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003.01.07 22:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002.11.13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2002.09.11 14:53:22 | 003,526,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002.09.11 14:47:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002.09.11 14:44:56 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002.09.11 10:46:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002.09.11 10:46:36 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002.08.29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002.08.29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002.08.29 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\PERFI007.DAT
[2002.08.29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002.08.29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002.08.29 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\PERFD007.DAT
[2002.08.29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002.08.29 06:00:00 | 000,027,377 | ---- | C] () -- C:\WINDOWS\System32\rqpnhohab.exe
[2002.08.29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002.08.29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001.02.15 00:00:00 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2001.02.15 00:00:00 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2001.02.15 00:00:00 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2001.02.15 00:00:00 | 000,000,207 | ---- | C] () -- C:\WINDOWS\uno.ini
[1980.01.01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2005.06.30 18:07:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\.bt2
[2005.03.13 13:17:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\ACD Systems
[2005.03.18 17:14:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\ACDInTouch
[2010.10.15 17:55:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Acoustica Premium
[2010.11.23 22:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Adobe
[2005.09.28 23:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Apple Computer
[2009.05.31 22:06:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\BDEDIT
[2008.04.26 17:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\BDHTHELP
[2011.05.08 02:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\BitTorrent
[2011.05.08 21:17:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\BOM
[2007.12.13 11:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Buhl Data Service GmbH
[2009.12.22 13:00:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Canneverbe_Limited
[2004.10.21 13:42:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Creative
[2004.12.09 17:29:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\CyberLink
[2009.08.27 20:03:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\DNA
[2010.10.05 11:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\dvdcss
[2010.11.05 23:26:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\DVDVideoSoft
[2005.08.07 14:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Google
[2009.09.29 13:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\GrabPro
[2004.11.08 23:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Help
[2004.10.21 13:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Identities
[2004.10.21 13:40:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Jasc Software Inc
[2004.11.01 21:45:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Leadertech
[2005.09.07 21:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Macromedia
[2008.08.28 04:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Malwarebytes
[2010.02.28 23:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Media Player Classic
[2009.11.22 19:27:57 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft
[2010.01.16 13:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Move Networks
[2009.09.29 13:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Moyea
[2008.09.17 00:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Mozilla
[2008.03.28 22:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Netscape
[2011.05.09 05:11:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Orbit
[2009.10.11 16:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\PACE Anti-Piracy
[2008.08.28 04:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\PC Tools
[2011.04.17 00:11:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\ProgSense
[2008.08.31 22:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Real
[2006.04.11 22:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\River Past G4
[2008.05.25 20:57:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\River Past G5
[2004.11.01 21:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Sonic
[2008.03.29 23:48:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Sony Ericsson
[2004.10.21 13:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Sun
[2007.04.23 19:50:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\tax
[2010.08.09 13:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\TeamViewer
[2008.03.29 23:50:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Teleca
[2010.11.30 09:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Thunderbird
[2010.08.06 11:20:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\TS3Client
[2011.05.14 13:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\vlc
[2010.10.15 00:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\WordToPDF
[2010.08.13 23:37:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Youtube Downloader HD
 
< %APPDATA%\*.exe /s >
[2008.03.08 01:02:28 | 001,523,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.08.30 19:35:21 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2007.08.10 21:50:10 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
[2007.08.10 21:50:10 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
[2007.08.10 21:50:10 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
[2007.08.10 21:50:10 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
[2008.12.13 19:14:38 | 000,068,335 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_0B6DD62BFA40EE44243865.exe
[2008.12.13 19:14:38 | 000,029,926 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_1393CAF646846775718621.exe
[2008.12.13 19:14:38 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_15597E315244491DFD2033.exe
[2008.12.13 19:14:38 | 000,029,926 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_25EDEED4AB8FC277769FC7.exe
[2008.12.13 19:14:38 | 000,026,694 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_2E5081E7A2E168D60285BB.exe
[2008.12.13 19:14:38 | 000,053,793 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_636E72E222D2409B4DBBD8.exe
[2008.12.13 19:14:38 | 000,009,662 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_8194872C52BD2351B9EC48.exe
[2008.12.13 19:14:38 | 000,107,453 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_A0D86B4722A18424070902.exe
[2008.12.13 19:14:38 | 000,004,286 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_A775647795E52BAF0370A0.exe
[2008.12.13 19:14:38 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_BEC06949FE511FFDE2BA1D.exe
[2008.12.13 19:14:38 | 000,053,310 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_D9C6388C1C894A969526E7.exe
[2008.12.13 19:14:38 | 000,065,434 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_DF081CFC6920C6B3B58C70.exe
[2008.12.13 19:14:38 | 000,115,606 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_EB733251A0374F7FF07466.exe
[2008.12.13 19:14:38 | 000,150,689 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}\_F74FD493BA5E75B1E3742E.exe
[2007.04.23 19:46:35 | 000,003,638 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\ARPPRODUCTICON.exe
[2007.04.23 19:46:36 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut10_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:35 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut11_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:36 | 000,049,152 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut13_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:35 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut23_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:35 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut3_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:36 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut4_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:36 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut5_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:36 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut7_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:36 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut8_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:36 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\NewShortcut9_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:46:36 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{98AFD394-F5D0-40A1-AC84-020DE6B2D4E1}\ShortcutGesetz.phc_FE2DFC05CD1F4CCDB7A69854173E2F92.exe
[2007.04.23 19:48:45 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{9F45E494-BFFB-4E85-B821-59BF40636640}\ARPPRODUCTICON.exe
[2007.04.23 19:48:45 | 000,009,062 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{9F45E494-BFFB-4E85-B821-59BF40636640}\NewShortcut1_9F45E494BFFB4E85B82159BF40636640.exe
[2007.04.23 19:48:45 | 000,009,062 | R--- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft\Installer\{9F45E494-BFFB-4E85-B821-59BF40636640}\NewShortcut2_9F45E494BFFB4E85B82159BF40636640.exe
[2008.08.09 11:01:29 | 006,287,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Real\Update\setup\data\ff\firefoxgoogletoolbarsetup.exe
[2008.08.09 11:01:35 | 000,755,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Real\Update\setup\data\gds\GOOGLE_DESKTOP\gdssetup.exe
[2008.08.09 11:01:42 | 001,240,104 | ---- | M] (Google) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
[2008.08.09 11:01:49 | 001,240,104 | ---- | M] (Google) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
[2008.08.09 11:02:56 | 013,743,624 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Real\Update\setup\data\rp\RealPlayer11GOLD_de.exe
 
< %SYSTEMDRIVE%\*.exe >
[2009.02.23 20:35:38 | 035,124,856 | ---- | M] (                                  ) -- C:\AdbeRdr90_en_US.exe
[2003.04.14 22:54:58 | 001,961,777 | ---- | M] () -- C:\aReaker_space.exe
[2005.11.28 01:57:06 | 000,771,414 | ---- | M] () -- C:\areaker_space_install.exe
[2005.09.14 13:08:23 | 002,459,378 | ---- | M] (                                                            ) -- C:\audacity-win-1.2.3.exe
[2006.04.11 22:05:22 | 006,346,648 | ---- | M] () -- C:\audioconverter_wmf_setup.exe
[2007.07.21 00:43:24 | 006,513,440 | ---- | M] () -- C:\dap85.exe
[2004.10.28 22:53:18 | 007,680,064 | ---- | M] () -- C:\DivX521XP2K.exe
[2005.03.04 00:33:03 | 001,934,096 | ---- | M] () -- C:\dMC-r11.exe
[2006.02.13 23:04:56 | 063,826,688 | ---- | M] (Macromedia                                                  ) -- C:\Dreamweaver8-de.exe
[2008.03.08 21:55:23 | 024,697,978 | ---- | M] () -- C:\DrumagogDemo.exe
[2009.03.19 19:42:47 | 001,379,841 | ---- | M] (NeSoft                                                      ) -- C:\freedvdripper.exe
[2005.08.07 14:22:23 | 010,958,640 | ---- | M] (InstallShield Software Corporation) -- C:\GoogleEarth.exe
[2005.02.04 19:52:09 | 014,619,920 | ---- | M] (Honestech                                                  ) -- C:\hteditor50engdemo.exe
[2006.08.14 17:42:04 | 001,355,912 | ---- | M] () -- C:\install_flash_player.exe
[2005.09.28 23:02:50 | 034,039,576 | ---- | M] (Apple Computer, Inc.                                      ) -- C:\iTunesSetup.exe
[2006.04.11 22:00:56 | 009,429,960 | ---- | M] (DeskShare                                                  ) -- C:\mediaconverter.exe
[2007.07.26 15:58:04 | 001,556,652 | ---- | M] (                                                            ) -- C:\PDFzuWordPro_Testversion.exe
[2009.01.19 23:29:13 | 027,066,664 | ---- | M] (Microsoft Corporation) -- C:\PowerPointViewer.exe
[2007.05.28 23:44:19 | 013,206,192 | ---- | M] (Webroot Software, Inc.                                      ) -- C:\SpySweeperRegSetup_DE.exe
[2007.05.28 21:39:06 | 013,206,400 | ---- | M] (Webroot Software, Inc.                                      ) -- C:\ssftrialsnrsetup1_1922458785.exe
[2007.10.08 13:08:00 | 028,088,869 | ---- | M] (eRightSoft  ) -- C:\SUPERsetup.exe
[2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2005.02.04 16:25:10 | 001,145,061 | ---- | M] () -- C:\wrar342d.exe
[2004.12.15 21:55:57 | 002,609,152 | ---- | M] () -- C:\wz90gev.exe
[2005.05.01 15:24:38 | 000,635,569 | ---- | M] (XviD Team (Koepi)                                          ) -- C:\XviD-1.0.3-20122004.exe
 
 
< MD5 for: AGP440.SYS  >
[2005.11.09 11:08:50 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2011.05.01 12:12:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2005.11.09 11:08:50 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2011.05.01 12:12:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001.08.17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 06:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002.08.29 06:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2005.11.09 11:08:50 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2011.05.01 12:12:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2005.11.09 11:08:50 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2011.05.01 12:12:19 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003.04.23 10:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004.08.04 09:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002.08.29 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\I386\EVENTLOG.DLL
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002.08.29 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\I386\NETLOGON.DLL
[2004.08.04 09:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SYSTEM32\scecli.dll
[2004.08.04 09:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002.08.29 06:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\I386\SCECLI.DLL
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SYSTEM32\user32.dll
[2002.11.22 21:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\I386\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2002.08.29 06:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\I386\USERINIT.EXE
[2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002.08.29 06:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\I386\WINLOGON.EXE
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SYSTEM32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2002.08.29 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\I386\WS2IFSL.SYS
[2002.08.29 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2002.09.11 14:35:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002.09.11 14:35:14 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002.09.11 14:35:14 | 000,385,024 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 167 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0F8F5844
@Alternate Data Stream - 1172 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:hQrGbuE20pECXGFLH
@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:ECF5194F
@Alternate Data Stream - 1148 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:1LfUZYmD0DtF6CKNBBMXiE1pH
@Alternate Data Stream - 1122 bytes -> C:\Programme\Gemeinsame Dateien\System:nEsSv52fXceOZa12hEIXy
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5BB923A2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8

< End of report >
--- --- ---

cosinus 27.05.2011 09:45
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1601497&SearchSource=3&q="
[2010.11.05 22:22:30 | 000,423,936 | ---- | C] (Feñiz 2001) -- C:\Programme\Conversor.exe
[2008.05.06 12:34:00 | 000,136,704 | ---- | C] (HR) -- C:\Programme\AVRootLoader.dll
@Alternate Data Stream - 167 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0F8F5844
@Alternate Data Stream - 1172 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:hQrGbuE20pECXGFLH
@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:ECF5194F
@Alternate Data Stream - 1148 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:1LfUZYmD0DtF6CKNBBMXiE1pH
@Alternate Data Stream - 1122 bytes -> C:\Programme\Gemeinsame Dateien\System:nEsSv52fXceOZa12hEIXy
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5BB923A2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
:Files
C:\*.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~*
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1*
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Blitzknall 27.05.2011 11:00
Und hier ist das Logfile:
Code:
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1601497&SearchSource=3&q=" removed from browser.search.defaulturl
C:\Programme\Conversor.exe moved successfully.
C:\Programme\AVRootLoader.dll moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0F8F5844 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:hQrGbuE20pECXGFLH deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:ECF5194F deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:1LfUZYmD0DtF6CKNBBMXiE1pH deleted successfully.
ADS C:\Programme\Gemeinsame Dateien\System:nEsSv52fXceOZa12hEIXy deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5BB923A2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\AdbeRdr90_en_US.exe moved successfully.
C:\aReaker_space.exe moved successfully.
C:\areaker_space_install.exe moved successfully.
C:\audacity-win-1.2.3.exe moved successfully.
C:\audioconverter_wmf_setup.exe moved successfully.
C:\dap85.exe moved successfully.
C:\DivX521XP2K.exe moved successfully.
C:\dMC-r11.exe moved successfully.
C:\Dreamweaver8-de.exe moved successfully.
C:\DrumagogDemo.exe moved successfully.
C:\freedvdripper.exe moved successfully.
C:\GoogleEarth.exe moved successfully.
C:\hteditor50engdemo.exe moved successfully.
C:\install_flash_player.exe moved successfully.
C:\iTunesSetup.exe moved successfully.
C:\mediaconverter.exe moved successfully.
C:\PDFzuWordPro_Testversion.exe moved successfully.
C:\PowerPointViewer.exe moved successfully.
C:\SpySweeperRegSetup_DE.exe moved successfully.
C:\ssftrialsnrsetup1_1922458785.exe moved successfully.
C:\SUPERsetup.exe moved successfully.
C:\UNWISE.EXE moved successfully.
C:\wrar342d.exe moved successfully.
C:\wz90gev.exe moved successfully.
C:\XviD-1.0.3-20122004.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062564 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19062564r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19062564 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 05272011_115921

cosinus 27.05.2011 14:49
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Blitzknall 27.05.2011 19:13
Nabend!

Hier ist das Kaspersky Log. Mittlerweile haben sich, bis auf die Programme im Start-Ordner, alle Sachen wieder eingefunden. Ich lasse jetzt, wie angeraten, noch Unhide laufen, mal schauen, ob alles wieder auftaucht :daumenhoc

Code:
2011/05/27 20:09:11.0192 4060        TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/27 20:09:11.0348 4060        ================================================================================
2011/05/27 20:09:11.0348 4060        SystemInfo:
2011/05/27 20:09:11.0348 4060       
2011/05/27 20:09:11.0348 4060        OS Version: 5.1.2600 ServicePack: 3.0
2011/05/27 20:09:11.0348 4060        Product type: Workstation
2011/05/27 20:09:11.0348 4060        ComputerName: ROCKETMAN
2011/05/27 20:09:11.0348 4060        UserName: Tom
2011/05/27 20:09:11.0348 4060        Windows directory: C:\WINDOWS
2011/05/27 20:09:11.0348 4060        System windows directory: C:\WINDOWS
2011/05/27 20:09:11.0348 4060        Processor architecture: Intel x86
2011/05/27 20:09:11.0348 4060        Number of processors: 2
2011/05/27 20:09:11.0348 4060        Page size: 0x1000
2011/05/27 20:09:11.0348 4060        Boot type: Normal boot
2011/05/27 20:09:11.0348 4060        ================================================================================
2011/05/27 20:09:12.0645 4060        Initialize success
2011/05/27 20:09:16.0098 1000        ================================================================================
2011/05/27 20:09:16.0098 1000        Scan started
2011/05/27 20:09:16.0098 1000        Mode: Manual;
2011/05/27 20:09:16.0098 1000        ================================================================================
2011/05/27 20:09:18.0333 1000        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/05/27 20:09:18.0411 1000        acedrv10        (0059ff74927a27395c5e190f9aa392df) C:\WINDOWS\system32\drivers\acedrv10.sys
2011/05/27 20:09:18.0505 1000        acehlp10        (6625a32ad17a3fa6c7f405aeac945aa7) C:\WINDOWS\system32\drivers\acehlp10.sys
2011/05/27 20:09:18.0583 1000        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/27 20:09:18.0645 1000        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/27 20:09:18.0692 1000        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/05/27 20:09:18.0739 1000        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/27 20:09:18.0802 1000        AFD            (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/27 20:09:18.0848 1000        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/05/27 20:09:18.0895 1000        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/05/27 20:09:18.0942 1000        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/05/27 20:09:18.0989 1000        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/05/27 20:09:19.0020 1000        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/05/27 20:09:19.0083 1000        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/05/27 20:09:19.0130 1000        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/05/27 20:09:19.0161 1000        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/05/27 20:09:19.0192 1000        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/05/27 20:09:19.0239 1000        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/05/27 20:09:19.0255 1000        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/05/27 20:09:19.0286 1000        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/05/27 20:09:19.0364 1000        ASPI            (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2011/05/27 20:09:19.0380 1000        ASPI32          (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/05/27 20:09:19.0473 1000        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/27 20:09:19.0520 1000        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/27 20:09:19.0583 1000        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/27 20:09:19.0614 1000        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/27 20:09:19.0661 1000        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/27 20:09:19.0848 1000        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/05/27 20:09:19.0864 1000        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/27 20:09:19.0911 1000        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/05/27 20:09:19.0958 1000        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/27 20:09:19.0973 1000        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/27 20:09:19.0989 1000        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/27 20:09:20.0052 1000        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/05/27 20:09:20.0114 1000        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/05/27 20:09:20.0192 1000        ctsfm2k        (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/05/27 20:09:20.0239 1000        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/05/27 20:09:20.0317 1000        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/05/27 20:09:20.0348 1000        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/27 20:09:20.0442 1000        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/27 20:09:20.0583 1000        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/27 20:09:20.0661 1000        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/27 20:09:20.0708 1000        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/27 20:09:20.0739 1000        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/05/27 20:09:20.0770 1000        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/27 20:09:20.0817 1000        drvmcdb        (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/27 20:09:20.0833 1000        drvnddm        (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/27 20:09:20.0895 1000        dvd43llh        (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/05/27 20:09:20.0911 1000        E100B          (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/27 20:09:20.0973 1000        EL90XBC        (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/05/27 20:09:21.0020 1000        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/27 20:09:21.0052 1000        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/27 20:09:21.0083 1000        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/27 20:09:21.0114 1000        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/27 20:09:21.0177 1000        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/27 20:09:21.0192 1000        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/27 20:09:21.0270 1000        FTDIBUS        (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/05/27 20:09:21.0302 1000        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/27 20:09:21.0395 1000        FTSER2K        (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/05/27 20:09:21.0458 1000        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/27 20:09:21.0489 1000        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/27 20:09:21.0552 1000        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/05/27 20:09:21.0614 1000        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/27 20:09:21.0645 1000        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/27 20:09:21.0692 1000        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/05/27 20:09:21.0708 1000        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/27 20:09:21.0770 1000        i81x            (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/05/27 20:09:21.0864 1000        iAimFP0        (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/05/27 20:09:21.0895 1000        iAimFP1        (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/05/27 20:09:21.0927 1000        iAimFP2        (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/05/27 20:09:21.0958 1000        iAimFP3        (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/05/27 20:09:22.0020 1000        iAimFP4        (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/05/27 20:09:22.0052 1000        iAimTV0        (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/05/27 20:09:22.0083 1000        iAimTV1        (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/05/27 20:09:22.0130 1000        iAimTV3        (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/05/27 20:09:22.0145 1000        iAimTV4        (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/05/27 20:09:22.0223 1000        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/27 20:09:22.0270 1000        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/05/27 20:09:22.0302 1000        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/05/27 20:09:22.0364 1000        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/27 20:09:22.0395 1000        ip6fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/27 20:09:22.0427 1000        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/27 20:09:22.0473 1000        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/27 20:09:22.0520 1000        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/27 20:09:22.0536 1000        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/27 20:09:22.0583 1000        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/27 20:09:22.0614 1000        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/27 20:09:22.0645 1000        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/27 20:09:22.0692 1000        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/27 20:09:22.0802 1000        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/27 20:09:22.0848 1000        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/27 20:09:22.0864 1000        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/27 20:09:22.0911 1000        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/27 20:09:22.0942 1000        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/27 20:09:22.0973 1000        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/05/27 20:09:22.0989 1000        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/27 20:09:23.0083 1000        MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/27 20:09:23.0130 1000        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/27 20:09:23.0177 1000        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/27 20:09:23.0208 1000        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/27 20:09:23.0239 1000        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/27 20:09:23.0302 1000        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/27 20:09:23.0317 1000        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/27 20:09:23.0348 1000        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/27 20:09:23.0380 1000        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/27 20:09:23.0458 1000        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/27 20:09:23.0473 1000        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/27 20:09:23.0520 1000        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/27 20:09:23.0552 1000        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/27 20:09:23.0598 1000        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/27 20:09:23.0677 1000        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/27 20:09:23.0723 1000        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/27 20:09:23.0817 1000        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/27 20:09:23.0927 1000        nv              (66c90afbf0d10a93789f6544be459e72) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/27 20:09:24.0067 1000        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/27 20:09:24.0083 1000        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/27 20:09:24.0161 1000        omci            (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/27 20:09:24.0223 1000        ossrv          (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/05/27 20:09:24.0317 1000        P17            (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
2011/05/27 20:09:24.0427 1000        P3              (a7af0c0860f1c43fc6581ba8a99eabef) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/27 20:09:24.0489 1000        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/27 20:09:24.0520 1000        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/27 20:09:24.0567 1000        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/27 20:09:24.0583 1000        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/27 20:09:24.0645 1000        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/27 20:09:24.0677 1000        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/27 20:09:24.0723 1000        PCTCore        (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/05/27 20:09:24.0770 1000        pctgntdi        (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
2011/05/27 20:09:24.0864 1000        pctplsg        (30c931fcb8df713bcd2fb7ce763a0b47) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
2011/05/27 20:09:25.0020 1000        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/05/27 20:09:25.0052 1000        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/05/27 20:09:25.0114 1000        PfModNT        (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/05/27 20:09:25.0161 1000        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/27 20:09:25.0177 1000        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/27 20:09:25.0208 1000        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/27 20:09:25.0270 1000        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/27 20:09:25.0348 1000        PxHelp20        (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/27 20:09:25.0395 1000        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/05/27 20:09:25.0458 1000        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/05/27 20:09:25.0536 1000        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/05/27 20:09:25.0614 1000        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/05/27 20:09:25.0692 1000        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/05/27 20:09:25.0739 1000        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/27 20:09:25.0817 1000        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/27 20:09:25.0864 1000        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/27 20:09:25.0895 1000        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/27 20:09:25.0942 1000        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/27 20:09:25.0989 1000        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/27 20:09:26.0036 1000        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/27 20:09:26.0114 1000        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/27 20:09:26.0145 1000        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/27 20:09:26.0255 1000        SE27bus        (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
2011/05/27 20:09:26.0333 1000        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/27 20:09:26.0411 1000        Sentinel        (05f03d7f2999431c53ce254da1301b31) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/05/27 20:09:26.0442 1000        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/27 20:09:26.0473 1000        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/27 20:09:26.0536 1000        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/27 20:09:26.0661 1000        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/05/27 20:09:26.0708 1000        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/05/27 20:09:26.0739 1000        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/27 20:09:26.0770 1000        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/27 20:09:26.0848 1000        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/27 20:09:26.0895 1000        sscdbhk5        (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/27 20:09:26.0927 1000        ssrtln          (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/27 20:09:26.0973 1000        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/05/27 20:09:27.0005 1000        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/27 20:09:27.0036 1000        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/27 20:09:27.0098 1000        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/05/27 20:09:27.0130 1000        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/05/27 20:09:27.0145 1000        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/05/27 20:09:27.0192 1000        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/05/27 20:09:27.0223 1000        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/27 20:09:27.0317 1000        tbhsd          (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/05/27 20:09:27.0411 1000        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/27 20:09:27.0473 1000        Tcpip6          (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/05/27 20:09:27.0536 1000        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/27 20:09:27.0583 1000        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/27 20:09:27.0630 1000        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/27 20:09:27.0677 1000        tfsnboio        (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/27 20:09:27.0708 1000        tfsncofs        (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/27 20:09:27.0755 1000        tfsndrct        (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/27 20:09:27.0802 1000        tfsndres        (e8293849b5ccd98dd57155319bf9dbf3) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/27 20:09:27.0833 1000        tfsnifs        (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/27 20:09:27.0848 1000        tfsnopio        (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/27 20:09:27.0895 1000        tfsnpool        (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/27 20:09:27.0942 1000        tfsnudf        (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/27 20:09:27.0989 1000        tfsnudfa        (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/27 20:09:28.0052 1000        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/05/27 20:09:28.0130 1000        tunmp          (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/05/27 20:09:28.0145 1000        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/27 20:09:28.0192 1000        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/05/27 20:09:28.0270 1000        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/27 20:09:28.0333 1000        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/27 20:09:28.0380 1000        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/27 20:09:28.0427 1000        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/27 20:09:28.0520 1000        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/27 20:09:28.0552 1000        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/27 20:09:28.0598 1000        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/27 20:09:28.0614 1000        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/27 20:09:28.0645 1000        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/27 20:09:28.0692 1000        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/05/27 20:09:28.0723 1000        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/05/27 20:09:28.0786 1000        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/27 20:09:28.0817 1000        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/27 20:09:28.0895 1000        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/27 20:09:29.0005 1000        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/27 20:09:29.0083 1000        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/27 20:09:29.0130 1000        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/27 20:09:29.0177 1000        MBR (0x1B8)    (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
2011/05/27 20:09:29.0192 1000        ================================================================================
2011/05/27 20:09:29.0192 1000        Scan finished
2011/05/27 20:09:29.0192 1000        ================================================================================
2011/05/27 20:09:29.0208 0908        Detected object count: 0
2011/05/27 20:09:29.0208 0908        Actual detected object count: 0
Grüße,

Tom

cosinus 27.05.2011 19:55
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Blitzknall 29.05.2011 09:59
Alles klar. Hier ist das OSAM Log:

[code]
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:56:57 on 29.05.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AdobeAAMUpdater-1.0-ROCKETMAN-Tom.job" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PRApplet.cpl" - "Intel(R) Corporation" - C:\WINDOWS\system32\PRApplet.cpl
"USBAudio.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\USBAudio.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP2.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"2b1e04af" (2b1e04af) - ? - C:\WINDOWS\System32\drivers\2b1e04af.sys  (File not found)
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv10.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acehlp10.sys
"Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINDOWS\System32\DRIVERS\ASPI32.sys
"ASPI32" (ASPI32) - "Adaptec" - C:\WINDOWS\System32\drivers\aspi32.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Tom\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys
"drvnddm" (drvnddm) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvnddm.sys
"dvd43llh" (dvd43llh) - "RIF" - C:\WINDOWS\System32\DRIVERS\dvd43llh.sys
"iAimTV2" (iAimTV2) - ? - C:\WINDOWS\System32\DRIVERS\wATV03nt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"OMCI WDM Device Driver" (omci) - "Dell Computer Corporation" - C:\WINDOWS\System32\DRIVERS\omci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"pctgntdi" (pctgntdi) - "PC Tools" - C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
"PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys
"pctplsg" (pctplsg) - "PC Tools" - C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sentinel" (Sentinel) - ? - C:\WINDOWS\System32\Drivers\SENTINEL.SYS
"Sony Ericsson Device 039 Driver driver (WDM)" (SE27bus) - "MCCI" - C:\WINDOWS\System32\DRIVERS\SE27bus.sys
"sscdbhk5" (sscdbhk5) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\sscdbhk5.sys
"ssrtln" (ssrtln) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\ssrtln.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"tfsnboio" (tfsnboio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnboio.sys
"tfsncofs" (tfsncofs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsncofs.sys
"tfsndrct" (tfsndrct) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndrct.sys
"tfsndres" (tfsndres) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndres.sys
"tfsnifs" (tfsnifs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnifs.sys
"tfsnopio" (tfsnopio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnopio.sys
"tfsnpool" (tfsnpool) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnpool.sys
"tfsnudf" (tfsnudf) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudf.sys
"tfsnudfa" (tfsnudfa) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudfa.sys
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"USB Serial Converter Driver" (FTDIBUS) - "FTDI Ltd." - C:\WINDOWS\System32\drivers\ftdibus.sys
"USB Serial Port Driver" (FTSER2K) - "FTDI Ltd." - C:\WINDOWS\System32\drivers\ftser2k.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{6E1DDCE8-76BC-4390-9488-806E8FB1AD77} "bt2PluginPP Class" - ? - C:\Programme\BT2Net\bt2plugin.dll  (File not found)
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{1730B77B-F429-498f-9B15-4514D83C8294} "btProtocol Class" - ? - C:\Programme\BT2Net\bt2plugin.dll  (File not found)
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dMCShell.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Programme\Sonic\RecordNow!\shlext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -  (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson File Manager" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Grab Pro" - ? - C:\Programme\Orbitdownloader\GrabPro.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} "Java Plug-in 1.4.2_03" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{0000000A-0000-0010-8000-00AA00389B71} "{0000000A-0000-0010-8000-00AA00389B71}" - ? -  (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
{00000161-0000-0010-8000-00AA00389B71} "{00000161-0000-0010-8000-00AA00389B71}" - ? -  (File not found | COM-object registry key not found) / hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? -  (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Grab Pro" - ? - C:\Programme\Orbitdownloader\GrabPro.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Programme\Orbitdownloader\orbitcth.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\Tom\Startmenü\Programme\Autostart\DESKTOP.INI
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"CTSysVol" - "Creative Technology Ltd" - "C:\Programme\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
"dla" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswctrl.exe
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
"Symantec PIF AlertEng" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"UpdateManager" - "Sonic Solutions" - "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
"UpdReg" - "Creative Technology Ltd." - C:\WINDOWS\UpdReg.EXE

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\programme\gemeinsame dateien\akamai\netsession_win_8832f4b.dll  (File found, but it contains no detailed information)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
"Creative Service for CDROM Access" (Creative Service for CDROM Access) - "Creative Technology Ltd" - C:\WINDOWS\System32\CTsvcCDA.EXE
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel NCS NetService" (NetSvc) - "Intel(R) Corporation" - C:\Programme\Intel\NCS\Sync\NetSvc.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
"LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - ? - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe
"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WMDM PMSP Service" (WMDM PMSP Service) - "Microsoft Corporation" - C:\WINDOWS\System32\MsPMSPSv.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\WINDOWS\System32\SKYROC~1.SCR  (File found, but it contains no detailed information)
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---


und hier das von MBR Check:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Home Edition
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000001d

Kernel Drivers (total 131):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x80701000 \WINDOWS\system32\hal.dll
  0xF8C36000 \WINDOWS\system32\KDCOM.DLL
  0xF8B46000 \WINDOWS\system32\BOOTVID.dll
  0xF86E6000 ACPI.sys
  0xF8C38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
  0xF86D5000 pci.sys
  0xF8736000 isapnp.sys
  0xF8CFE000 pciide.sys
  0xF89B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
  0xF8746000 MountMgr.sys
  0xF86B6000 ftdisk.sys
  0xF89BE000 PartMgr.sys
  0xF8756000 VolSnap.sys
  0xF869E000 atapi.sys
  0xF8766000 disk.sys
  0xF8776000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
  0xF867E000 fltmgr.sys
  0xF866C000 sr.sys
  0xF8633000 PCTCore.sys
  0xF861E000 drvmcdb.sys
  0xF8786000 PxHelp20.sys
  0xF8607000 KSecDD.sys
  0xF85F4000 WudfPf.sys
  0xF8567000 Ntfs.sys
  0xF853A000 NDIS.sys
  0xF8520000 Mup.sys
  0xF8796000 agp440.sys
  0xF8C02000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0xF87B6000 \SystemRoot\System32\DRIVERS\intelppm.sys
  0xF7E0B000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
  0xF7DF7000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
  0xF8ABE000 \SystemRoot\System32\DRIVERS\usbuhci.sys
  0xF7DD3000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xF8AC6000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xF7D05000 \SystemRoot\system32\drivers\P17.sys
  0xF7CE1000 \SystemRoot\system32\drivers\portcls.sys
  0xF87C6000 \SystemRoot\system32\drivers\drmk.sys
  0xF7CBE000 \SystemRoot\system32\drivers\ks.sys
  0xF7C92000 \SystemRoot\System32\DRIVERS\ctoss2k.sys
  0xF7C72000 \SystemRoot\System32\DRIVERS\ctsfm2k.sys
  0xF7C4E000 \SystemRoot\System32\DRIVERS\e100b325.sys
  0xF8ACE000 \SystemRoot\System32\DRIVERS\fdc.sys
  0xF87D6000 \SystemRoot\System32\DRIVERS\i8042prt.sys
  0xF8AD6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xF8ADE000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xF87E6000 \SystemRoot\System32\DRIVERS\serial.sys
  0xF8C06000 \SystemRoot\System32\DRIVERS\serenum.sys
  0xF7C3A000 \SystemRoot\System32\DRIVERS\parport.sys
  0xF8AE6000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
  0xF87F6000 \SystemRoot\System32\DRIVERS\cdrom.sys
  0xF7FD0000 \SystemRoot\System32\DRIVERS\redbook.sys
  0xF7FC0000 \SystemRoot\System32\DRIVERS\imapi.sys
  0xF8E1A000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xF7FB0000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xF8C12000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xF7C23000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xF7FA0000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xF7F90000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xF8AEE000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xF7BEA000 \SystemRoot\System32\DRIVERS\psched.sys
  0xF7F80000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xF8AF6000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xF8AFE000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xF7F70000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xF8C62000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xF7B8C000 \SystemRoot\System32\DRIVERS\update.sys
  0xF8B06000 \SystemRoot\System32\DRIVERS\omci.sys
  0xF8C26000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xF7F50000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF7F40000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xF8C78000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xF8B0E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
  0xF84D3000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xF8C7A000 \SystemRoot\system32\drivers\sscdbhk5.sys
  0xF8C7C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF8E01000 \SystemRoot\System32\Drivers\Null.SYS
  0xF8C7E000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF8B1E000 \SystemRoot\system32\drivers\ssrtln.sys
  0xF8B26000 \SystemRoot\System32\drivers\vga.sys
  0xF8C80000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF8C82000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF8B2E000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF8B36000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF8BD2000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xEDA04000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xED9AB000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xED973000 \SystemRoot\system32\DRIVERS\tcpip6.sys
  0xED94D000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xED916000 \??\C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
  0xF8816000 \SystemRoot\system32\drivers\ip6fw.sys
  0xED8C6000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xF8826000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xED8A4000 \SystemRoot\System32\drivers\afd.sys
  0xF8836000 \SystemRoot\System32\DRIVERS\netbios.sys
  0xED879000 \SystemRoot\System32\DRIVERS\rdbss.sys
  0xED809000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
  0xF8866000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xED7F1000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF8C96000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF7BFF000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF89E6000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF8E2F000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBF341000 \SystemRoot\System32\ATMFD.DLL
  0xF88F6000 \SystemRoot\system32\drivers\drvnddm.sys
  0xF8E00000 \SystemRoot\system32\dla\tfsndres.sys
  0xED2A5000 \SystemRoot\system32\dla\tfsnifs.sys
  0xED31E000 \SystemRoot\system32\dla\tfsnopio.sys
  0xF8CB2000 \SystemRoot\system32\dla\tfsnpool.sys
  0xF8A06000 \SystemRoot\system32\dla\tfsnboio.sys
  0xF8906000 \SystemRoot\system32\dla\tfsncofs.sys
  0xF8E02000 \SystemRoot\system32\dla\tfsndrct.sys
  0xED28C000 \SystemRoot\system32\dla\tfsnudf.sys
  0xED273000 \SystemRoot\system32\dla\tfsnudfa.sys
  0xED267000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0xECE9E000 \SystemRoot\system32\drivers\wdmaud.sys
  0xED063000 \SystemRoot\system32\drivers\sysaudio.sys
  0xECAD3000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xF8CF4000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xECC20000 \SystemRoot\System32\Drivers\SENTINEL.SYS
  0xECA42000 \??\C:\WINDOWS\system32\drivers\acedrv10.sys
  0xF8A96000 \SystemRoot\System32\drivers\aspi32.sys
  0xEC9C2000 \SystemRoot\System32\DRIVERS\srv.sys
  0xECA2E000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
  0xEC571000 \SystemRoot\System32\Drivers\HTTP.sys
  0xEC366000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 42):
      0 System Idle Process
      4 System
    672 C:\WINDOWS\SYSTEM32\smss.exe
    720 csrss.exe
    744 C:\WINDOWS\SYSTEM32\winlogon.exe
    788 C:\WINDOWS\SYSTEM32\services.exe
    800 C:\WINDOWS\SYSTEM32\lsass.exe
    980 C:\WINDOWS\SYSTEM32\svchost.exe
    1048 svchost.exe
    1148 C:\WINDOWS\SYSTEM32\svchost.exe
    1188 C:\WINDOWS\SYSTEM32\svchost.exe
    1260 svchost.exe
    1356 svchost.exe
    1560 C:\WINDOWS\SYSTEM32\LEXBCES.EXE
    1588 C:\WINDOWS\SYSTEM32\spoolsv.exe
    1616 C:\WINDOWS\SYSTEM32\LEXPPS.EXE
    1896 C:\WINDOWS\explorer.exe
    2020 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    2028 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
    2044 C:\Programme\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    152 C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    144 C:\Programme\QuickTime\QTTask.exe
    188 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
    308 C:\WINDOWS\SYSTEM32\ctfmon.exe
    436 svchost.exe
    468 C:\WINDOWS\SYSTEM32\svchost.exe
    488 C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
    548 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
    616 C:\Programme\Java\jre6\bin\jqs.exe
    632 C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    664 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    704 C:\Programme\CDBurnerXP\NMSAccessU.exe
    1084 C:\WINDOWS\SYSTEM32\nvsvc32.exe
    1380 C:\WINDOWS\SYSTEM32\svchost.exe
    1628 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    2676 alg.exe
    2896 C:\WINDOWS\SYSTEM32\wscntfy.exe
    3496 C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
    2060 C:\Programme\Mozilla Firefox\firefox.exe
    1936 C:\Programme\Mozilla Firefox\plugin-container.exe
    2944 C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
    184 C:\Dokumente und Einstellungen\Tom\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00  (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-75GVA0, Rev: 08.02D08

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Dell MBR code detected
            SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


Done!
Viele Grüße,

Tom

cosinus 29.05.2011 10:10
GMER ging nicht?

Blitzknall 29.05.2011 18:46
Nein, leider nicht. Das Programm hat sich 3-4 aufgehängt, da habe ich es dann gemäß Anweisung sein lassen...

Grüße,

Tom


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:26 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131