Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   bundeskriminalamt-virus vollständig löschen (https://www.trojaner-board.de/99775-bundeskriminalamt-virus-vollstaendig-loeschen.html)

Gargamel456 30.05.2011 22:23
bundeskriminalamt-virus vollständig löschen
 
Hallo liebes Trojaner-Board!
vor ca. einem monat habe ich mir einen üblen virus geholt vom "Bundeskriminalamt".Es ging gar nichts mehr.Auch den gesicherten Modus konnte ich nicht starten. Nach einigen Recherchen im Internet hat mich ein freund per Telefon angeleitet; im DOS-MODUS haben wir den Virus gelöscht und Anti-Vir starten können. Nun läuft alles wieder super, dennoch kann sich der Virus noch irgendwo versteckt halten?Wie finde ich das heraus?Ab wann kann ich wieder online-banking betreiben?
Vielen Dank für die Hilfe!!!
Jana

cosinus 31.05.2011 20:24
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Gargamel456 02.06.2011 21:00
die ausführung dauerte etwas länger :)
aber nun sind alle rätsel gelöst!
ergebnis siehe unten

Gargamel456 02.06.2011 21:45
okay hier das ergebnis von malware;
HTML-Code:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6754

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02.06.2011 21:56:41
mbam-log-2011-06-02 (21-56-41).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 312904
Time elapsed: 1 hour(s), 55 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
und hier das ergebnis von OTL.exe;
OTL Logfile:
Code:
OTL logfile created on: 02.06.2011 22:09:36 - Run 2
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Dokumente und Einstellungen\HP_Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,48 Mb Total Physical Memory | 420,09 Mb Available Physical Memory | 41,08% Memory free
2,40 Gb Paging File | 1,92 Gb Available in Paging File | 79,86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 227,58 Gb Total Space | 124,57 Gb Free Space | 54,74% Space Free | Partition Type: NTFS
Drive D: | 5,30 Gb Total Space | 0,53 Gb Free Space | 10,05% Space Free | Partition Type: FAT32
 
Computer Name: NAME-CD5FDA878D | User Name: HP_Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\VPro530.exe (Philips)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
PRC - C:\Programme\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Belkin\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (btwdins) -- C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SPC530) -- C:\WINDOWS\system32\drivers\SPC530.sys (                                                            )
DRV - (SPC530m) -- C:\WINDOWS\system32\drivers\SPC530m.sys (                                                            )
DRV - (phaudlwr) -- C:\WINDOWS\system32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (s117obex) -- C:\WINDOWS\system32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\WINDOWS\system32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\WINDOWS\system32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\WINDOWS\system32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\WINDOWS\system32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\WINDOWS\system32\drivers\s117bus.sys (MCCI Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.11 06:31:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.11 06:31:52 | 000,000,000 | ---D | M]
 
[2008.09.17 00:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Extensions
[2011.05.13 05:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions
[2010.08.05 21:29:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.05 12:52:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.16 19:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.16 19:18:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.07.19 12:18:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.07.19 12:18:18 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.16 19:06:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPBootOp] C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [updateMgr]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPro530.lnk = C:\WINDOWS\VPro530.exe (Philips)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.02 20:05:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b17d6f5e-e449-11df-9a40-0016173f598a}\Shell - "" = AutoRun
O33 - MountPoints2\{b17d6f5e-e449-11df-9a40-0016173f598a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b17d6f5e-e449-11df-9a40-0016173f598a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.lsgc - C:\WINDOWS\System32\lsgc.dll (imc AG)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.02 19:57:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.06.02 19:57:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.06.02 19:57:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.06.02 19:57:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.29 14:00:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\go
[2011.05.29 14:00:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2011.05.16 19:19:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype Extras
[2011.05.16 19:18:13 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2011.05.16 19:18:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011.05.08 12:31:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.11.19 14:17:27 | 000,486,912 | ---- | C] (                                                            ) -- C:\WINDOWS\System32\drivers\SPC530.sys
[2010.11.19 14:17:27 | 000,007,680 | ---- | C] (                                                            ) -- C:\WINDOWS\System32\drivers\SPC530m.sys
[2010.09.07 13:54:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe101.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.02 21:23:01 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.02 20:03:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe
[2011.06.02 19:57:31 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.02 19:56:09 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011.06.02 19:52:36 | 000,465,334 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.06.02 19:52:36 | 000,446,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.02 19:52:36 | 000,073,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.06.02 19:52:35 | 000,087,032 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.06.02 19:50:55 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.02 19:50:52 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.06.02 19:50:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.02 19:50:46 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.29 14:00:09 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Play games (EasyBits GO).lnk
[2011.05.29 13:32:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.05.25 19:26:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.05.11 06:31:58 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.02 19:57:31 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 14:00:09 | 000,001,878 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Play games (EasyBits GO).lnk
[2011.05.29 14:00:09 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Play games (EasyBits GO).lnk
[2011.05.11 06:31:58 | 000,000,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox
[2011.05.08 12:46:40 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.16 15:47:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.16 15:47:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.16 15:47:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.16 15:47:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.16 15:47:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.12 13:16:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.06 19:24:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2009.12.22 21:45:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.06.04 18:27:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2009.06.04 18:27:23 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2009.06.04 18:27:23 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[2009.05.02 02:03:50 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.02 02:03:46 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.05.02 02:03:46 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.05.02 02:03:43 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.04.29 18:56:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.03.24 23:19:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TETRIS.INI
[2007.11.20 20:59:07 | 000,147,968 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.07 02:41:51 | 000,001,421 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.10.05 16:01:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\wklnhst.dat
[2007.10.03 22:41:20 | 000,001,274 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.10.02 10:43:35 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.10.02 01:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007.10.01 22:54:12 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.06.07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.12.09 23:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.01.01 22:52:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.01.01 22:33:34 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005.01.01 22:29:57 | 000,013,625 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005.01.01 22:29:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005.01.01 22:23:49 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.01.01 22:19:09 | 000,081,173 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005.01.01 22:19:09 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005.01.01 22:18:12 | 000,073,637 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005.01.01 22:18:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005.01.01 22:14:26 | 000,088,050 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005.01.01 22:12:48 | 000,113,695 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005.01.01 22:12:48 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005.01.01 22:09:42 | 000,089,154 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2005.01.01 22:09:42 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2005.01.01 22:08:42 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.01.01 22:05:39 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.01.01 22:05:39 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005.01.01 22:05:39 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.01.01 22:05:39 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005.01.01 22:05:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.01.01 22:05:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.01.01 22:05:39 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005.01.01 22:05:39 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.01.01 21:52:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.01.01 21:49:10 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005.01.01 21:49:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005.01.01 21:48:54 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004.11.02 20:13:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.11.02 20:10:36 | 000,465,334 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.11.02 20:10:36 | 000,446,402 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.11.02 20:10:36 | 000,087,032 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.11.02 20:10:36 | 000,073,224 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.11.02 20:08:40 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.11.02 20:05:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.11.02 20:03:38 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.09.20 18:19:34 | 000,001,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.08.23 17:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 17:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.06 23:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2011.04.16 20:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2009.05.26 18:26:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2010.08.07 19:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011.06.02 19:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2010.05.17 20:31:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.05.26 18:16:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2009.05.26 23:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010.11.19 14:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Philips
[2010.12.23 03:23:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions
[2008.03.08 00:30:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.08 10:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Adobe
[2008.05.09 18:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\AdobeUM
[2008.10.26 12:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Apple Computer
[2010.11.19 14:24:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\ArcSoft
[2010.07.12 15:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Avira
[2008.03.11 21:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Bullzip
[2007.11.02 12:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2011.01.29 13:38:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\CyberLink
[2010.07.24 22:10:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\DivX
[2009.11.08 15:21:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Dr. Regener
[2010.08.05 12:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.05.17 20:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\elsterformular
[2010.07.19 12:24:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Foxit
[2011.05.29 14:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\go
[2008.01.30 18:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Google
[2009.05.27 18:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Haufe
[2007.10.02 16:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\HP
[2007.10.07 14:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\HPQ
[2005.10.27 01:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Identities
[2007.10.09 17:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Leadertech
[2009.05.26 23:04:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Lexware
[2007.10.02 00:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Macromedia
[2010.07.12 13:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Malwarebytes
[2010.07.16 15:34:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Media Player Classic
[2010.12.22 03:56:48 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Microsoft
[2008.09.17 00:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla
[2010.08.04 21:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\OpenOffice.org2
[2007.10.07 02:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Real
[2007.11.01 21:09:53 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\SecuROM
[2011.06.02 22:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Skype
[2011.06.02 19:51:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\skypePM
[2007.10.09 17:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Sonic
[2007.10.02 23:15:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Sun
[2010.07.16 19:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\SUPERAntiSpyware.com
[2011.01.19 23:31:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\TeamViewer
[2007.11.21 19:02:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Winamp
[2010.12.23 03:35:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\WindSolutions
[2007.11.06 16:55:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2008.05.08 22:57:07 | 022,319,360 | ---- | M] (                                  ) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe
[2010.12.23 03:21:35 | 002,728,160 | ---- | M] (WindSolutions) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2010.12.23 03:23:09 | 006,976,696 | ---- | M] (WindSolutions) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.07.18 23:29:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.03 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010.07.18 23:29:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.07.18 23:29:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.03 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010.07.18 23:29:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004.08.04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004.08.04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 06:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004.08.04 06:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ERDNT\cache\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\ERDNT\cache\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 06:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 06:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004.08.04 06:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ERDNT\cache\userinit.exe
 
< MD5 for: VAXSCSI.SYS  >
[2008.04.29 18:45:16 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) MD5=92CEBC2BC7BE2C8D49391B365569F306 -- C:\WINDOWS\system32\drivers\vaxscsi.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004.08.04 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007.11.01 20:37:01 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2004.11.02 20:55:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.11.02 20:55:34 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2011.02.23 01:05:49 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
 
<          >

< End of report >
--- --- ---


ich hoffe ich habe das alles richtig gemacht?:rolleyes:
falls nicht, mach ich das gern nochmal!
okay vielen dank soweit
jana

cosinus 03.06.2011 11:05
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Gargamel456 03.06.2011 22:39
ja gibt es;
HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4320

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.07.2010 11:48:44
mbam-log-2010-07-19 (11-48-44).txt

Scan type: Quick scan
Objects scanned: 264
Time elapsed: 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4320

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

17.07.2010 02:46:53
mbam-log-2010-07-17 (02-46-53).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 294740
Time elapsed: 1 hour(s), 38 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4315

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

17.07.2010 01:07:30
mbam-log-2010-07-17 (01-07-30).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 19903
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4315

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

15.07.2010 13:55:28
mbam-log-2010-07-15 (13-55-28).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|M:\|)
Objects scanned: 280176
Time elapsed: 1 hour(s), 36 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4314

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

15.07.2010 04:03:58
mbam-log-2010-07-15 (04-03-58).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|M:\|)
Objects scanned: 279693
Time elapsed: 1 hour(s), 28 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

15.07.2010 02:34:38
mbam-log-2010-07-15 (02-34-38).txt

Scan type: Quick scan
Objects scanned: 20770
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

15.07.2010 02:28:32
mbam-log-2010-07-15 (02-28-32).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|M:\|)
Objects scanned: 279339
Time elapsed: 1 hour(s), 43 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12.07.2010 13:49:57
mbam-log-2010-07-12 (13-49-57).txt

Scan type: Quick scan
Objects scanned: 1086
Time elapsed: 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

so das waren sie alle.sie sind von neu nach alt sortiert.
schönes wochenende!!!trotz viren-arbeit :)

cosinus 03.06.2011 22:49
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Gargamel456 06.06.2011 20:16
hallo!
also ich habe cofi.exe zweimal gestartet und beide male hat sich antivir gemeldet...was ich übersprungen habe (?) und beide male ist einfach ewig nichts passiert und im fenster erschien die meldung; "Versuch einen neuen Wiederherstellungspunkt zu ertellen".der computer hat sich außerdem nicht so angehört als ob er irgendwas tut, deshalb habe ich das programm dann wieder "gestoppt"-wobei es ja nichts getan hat.
was nun?sollte ich es mal nachts laufen lassen oder is da was falsch gelaufen?
vielen dank für die geduld!!!
jana

cosinus 06.06.2011 20:38
Zitat:
also ich habe cofi.exe zweimal gestartet und beide male hat sich antivir gemeldet...was ich übersprungen habe
In der Anleitung steht doch, du sollst den Virenscanner deaktivieren!!

Gargamel456 09.06.2011 22:16
hallo der text ist zu lang lässt sich nicht einfügen oder anhängen....
was nun?:wtf:
viele grüße jana

cosinus 10.06.2011 08:24
Log zippen und hier anhängen ;)

Gargamel456 19.06.2011 15:34
hallo!
also selbst nach längerer recherche hat sich mir das geheimnis des log zippens nicht offenbart...auch hier im trojaner board habe ich danach gesucht aber nichts dazu gefunden.bitte kannst du mir da was empfehlen?
sorry dass es so lang gedauert hat!
viele grüße
jana

cosinus 20.06.2011 09:08
Füttere die Suchmaschine deiner Wahl mal mit "zip datei erstellen" :D
Dann bekommt man so Anleitungen wie zB Zip-Dateien erstellen

Man kann auch einfach alle Logs markieren => Rechtsklicken => senden an => ZIP komprimierter Ordner

Gargamel456 21.06.2011 18:29
juhu es hat nun endlich geklappt.hhm war ja doch einfacher als gedacht. :crazy:
ich hoffe du musst das nicht alles lesen :daumenrunter:
viele grüße
jana

cosinus 21.06.2011 21:58
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Gargamel456 26.06.2011 15:10
okay hier das gmer-ergebnis.ich hoffe in der richtigen form?
falls nicht, sagst nochmal bescheid.....aber machst du ja eh ;)


GMER Logfile:
Code:
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-26 16:06:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_SP2504C rev.VT100-38
Running: 5cxqv1ti.exe; Driver: C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys


---- System - GMER 1.0.15 ----

SSDT            F7C5C87E                                                                                                            ZwCreateKey
SSDT            F7C5C874                                                                                                            ZwCreateThread
SSDT            F7C5C883                                                                                                            ZwDeleteKey
SSDT            F7C5C88D                                                                                                            ZwDeleteValueKey
SSDT            sptd.sys                                                                                                            ZwEnumerateKey [0xF736BFB2]
SSDT            sptd.sys                                                                                                            ZwEnumerateValueKey [0xF736C340]
SSDT            F7C5C892                                                                                                            ZwLoadKey
SSDT            sptd.sys                                                                                                            ZwOpenKey [0xF73660B0]
SSDT            F7C5C860                                                                                                            ZwOpenProcess
SSDT            F7C5C865                                                                                                            ZwOpenThread
SSDT            sptd.sys                                                                                                            ZwQueryKey [0xF736C418]
SSDT            sptd.sys                                                                                                            ZwQueryValueKey [0xF736C298]
SSDT            F7C5C89C                                                                                                            ZwReplaceKey
SSDT            F7C5C897                                                                                                            ZwRestoreKey
SSDT            F7C5C888                                                                                                            ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

?              C:\WINDOWS\system32\drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xF5C1E360, 0x20FDBD, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                F5BFE8AC 5 Bytes  JMP 86D853B8
?              System32\Drivers\acvye09y.SYS                                                                                        Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!DefWindowProcA + 11A                7E37C298 7 Bytes  JMP 1004BF70 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!SetWindowRgn + 2BD                  7E37E7E5 7 Bytes  JMP 1004BE30 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!SetClipboardData + 19D              7E38113B 7 Bytes  JMP 1004BF50 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!MessageBoxA + 49                    7E3A0833 7 Bytes  JMP 1004C040 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!MessageBoxExW + 1F                  7E3A0857 7 Bytes  JMP 1004C090 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[188] USER32.dll!MessageBoxTimeoutA + CA              7E3B64D0 7 Bytes  JMP 1004BFC0 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F7366AD4] sptd.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F7366C1A] sptd.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F7366B9C] sptd.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F7367748] sptd.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F736761E] sptd.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F737C29A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              86F651E8
Device          \FileSystem\Fastfat \FatCdrom                                                                                        86B0E790
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    86D96790
Device          \Driver\usbohci \Device\USBPDO-1                                                                                    86D96790
Device          \Driver\PCI_NTPNP2894 \Device\00000045                                                                              sptd.sys
Device          \Driver\usbehci \Device\USBPDO-2                                                                                    86D95790
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              86FD41E8
Device          \Driver\usbstor \Device\00000071                                                                                    86B9C790
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              86FD41E8
Device          \Driver\usbstor \Device\00000072                                                                                    86B9C790
Device          \Driver\Cdrom \Device\CdRom0                                                                                        86D90790
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11                                                                        [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19                                                                        [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\usbstor \Device\00000073                                                                                    86B9C790
Device          \Driver\Cdrom \Device\CdRom1                                                                                        86D90790
Device          \Driver\usbstor \Device\00000074                                                                                    86B9C790
Device          \Driver\Cdrom \Device\CdRom2                                                                                        86D90790
Device          \Driver\usbstor \Device\00000075                                                                                    86B9C790
Device          \Driver\Cdrom \Device\CdRom3                                                                                        86D90790
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              86C2F1E8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    86C2F1E8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{C679FCD5-B4DB-4854-AA53-6CDBBE614F77}                                            86C2F1E8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    86D96790
Device          \Driver\usbohci \Device\USBFDO-1                                                                                    86D96790
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    86C00580
Device          \Driver\usbehci \Device\USBFDO-2                                                                                    86D95790
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          86C00580
Device          \Driver\Ftdisk \Device\FtControl                                                                                    86FD41E8
Device          \Driver\acvye09y \Device\Scsi\acvye09y1Port4Path0Target0Lun0                                                        86CC81E8
Device          \Driver\acvye09y \Device\Scsi\acvye09y1Port4Path0Target1Lun0                                                        86CC81E8
Device          \Driver\acvye09y \Device\Scsi\acvye09y1                                                                              86CC81E8
Device          \FileSystem\Fastfat \Fat                                                                                            86B0E790

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                              86AB9790

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x61 0x4C 0xC6 0x0F ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x64 0x2C 0xEE 0xB1 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xB1 0xB4 0x18 0x2D ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x52 0xB6 0x92 0xB5 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x61 0x4C 0xC6 0x0F ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x64 0x2C 0xEE 0xB1 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB1 0xB4 0x18 0x2D ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x52 0xB6 0x92 0xB5 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x61 0x4C 0xC6 0x0F ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x64 0x2C 0xEE 0xB1 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB1 0xB4 0x18 0x2D ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x52 0xB6 0x92 0xB5 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                MBR read error
Disk            \Device\Harddisk0\DR0                                                                                                MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 27.06.2011 08:34
Was ist mit den anderen Logs?

Gargamel456 01.09.2011 11:25
Hi Arne,

seit dem letzten Post ist schon etwas Zeit vergangen, da ich im Ausland war, und meine Ex-Freundin (die den Virus auf meinen PC gesetzt hat) an dieser Stelle nicht weitergekommen ist. Ist es besser nochmal von neu anzufangen?

Hier ist erstmal das OSAM logfile:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:20:43 on 01.09.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Scheduled Update for Ask Toolbar.job" - ? - C:\Programme\Ask.com\UpdateTask.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL  (File signed by Microsoft | File found, but it contains no detailed information)
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Oracle" - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"asal9c62" (asal9c62) - ? - C:\WINDOWS\system32\drivers\asal9c62.sys  (Hidden registry entry, rootkit activity | File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"btwhid" (btwhid) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwhid.sys
"catchme" (catchme) - ? - C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"VN Series Device" (VNUSB) - ? - C:\WINDOWS\System32\DRIVERS\VNUSB.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Search-Results" - C:\Programme\Ask.com\GenericAskToolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10w.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
"Hilfe zu Verbindungen" - ? - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Softonic Toolbar" - "Search-Results" - C:\Programme\Ask.com\GenericAskToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Oracle" - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Softonic Toolbar" - "Search-Results" - C:\Programme\Ask.com\GenericAskToolbar.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\Belkin\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"VPro530.lnk" - "Philips" - C:\WINDOWS\VPro530.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools" - "DT Soft Ltd." - "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ApnUpdater" - "Search-Results" - "C:\Programme\Ask.com\Updater\Updater.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPwuSchd2.exe
"HPBootOp" - "Hewlett-Packard Company" - "C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"HPHUPD08" - "Hewlett-Packard" - c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet /keeploaded /nodetect
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"Recguard" - ? - C:\WINDOWS\SMINST\RECGUARD.EXE
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"WinampAgent" - ? - C:\Programme\Winamp\winampa.exe  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Bullzip PDF Print Monitor" - "BullZip" - C:\WINDOWS\system32\bzpdf.dll
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle" - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/HTML]

Hier ist das MBER logfile:

HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Home Edition
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x00003e7c

Kernel Drivers (total 125):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806D1000 \WINDOWS\system32\hal.dll
  0xF7A50000 \WINDOWS\system32\KDCOM.DLL
  0xF7960000 \WINDOWS\system32\BOOTVID.dll
  0xF7365000 sptd.sys
  0xF7A52000 \WINDOWS\System32\Drivers\WMILIB.SYS
  0xF734D000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
  0xF731E000 ACPI.sys
  0xF730D000 pci.sys
  0xF7550000 ohci1394.sys
  0xF7560000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7570000 isapnp.sys
  0xF7B18000 pciide.sys
  0xF77D0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7A54000 viaide.sys
  0xF7A56000 intelide.sys
  0xF7580000 MountMgr.sys
  0xF72EE000 ftdisk.sys
  0xF77D8000 PartMgr.sys
  0xF7590000 VolSnap.sys
  0xF72D6000 atapi.sys
  0xF75A0000 disk.sys
  0xF75B0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF72B6000 fltmgr.sys
  0xF72A4000 sr.sys
  0xF75C0000 PxHelp20.sys
  0xF728D000 KSecDD.sys
  0xF7200000 Ntfs.sys
  0xF71D3000 NDIS.sys
  0xF71B9000 Mup.sys
  0xF7630000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xF65C4000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF65B0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF78F8000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xF658C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7900000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF7640000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF7650000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF7660000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF6569000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF6555000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
  0xF7670000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF61DB000 \SystemRoot\system32\drivers\ALCXWDM.SYS
  0xF61B7000 \SystemRoot\system32\drivers\portcls.sys
  0xF7680000 \SystemRoot\system32\drivers\drmk.sys
  0xF6150000 \SystemRoot\System32\Drivers\asal9c62.SYS
  0xF60EF000 \SystemRoot\system32\DRIVERS\parport.sys
  0xF7690000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF7800000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7808000 \SystemRoot\system32\DRIVERS\PS2.sys
  0xF7810000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF6022000 \SystemRoot\system32\DRIVERS\btkrnl.sys
  0xF7C10000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF76A0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF6AD1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF600B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF76B0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF76C0000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7818000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF5FFA000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF76D0000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7820000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7828000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF76F0000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7830000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0xF7AA4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF5F9C000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7A10000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF5F4D000 \SystemRoot\system32\drivers\btaudio.sys
  0xF7700000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF7710000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7AA8000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7AAE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7C09000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7AB0000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7850000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7858000 \SystemRoot\System32\drivers\vga.sys
  0xF7AB2000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7AB4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7860000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7868000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF718D000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF3952000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF38F9000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF38D1000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF38AF000 \SystemRoot\System32\drivers\afd.sys
  0xF7760000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF7870000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xF3884000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF37EC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF7790000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF37C6000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF77A0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF77B0000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xF379F000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF7AB8000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF377B000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xF7898000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xF3700000 \SystemRoot\system32\drivers\SPC530.sys
  0xF78A0000 \SystemRoot\system32\drivers\SPC530m.sys
  0xF69AF000 \SystemRoot\system32\drivers\STREAM.SYS
  0xF36EA000 \SystemRoot\system32\DRIVERS\phaudlwr.sys
  0xF699F000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
  0xF366F000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
  0xF698F000 \SystemRoot\system32\drivers\usbaudio.sys
  0xF78A8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xF35B7000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7AEC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF7A24000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF78E8000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7B99000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBF3CF000 \SystemRoot\System32\ATMFD.DLL
  0xBA4D1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xBA4FC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB9224000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB9147000 \SystemRoot\system32\drivers\wdmaud.sys
  0xF7610000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB8FF1000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB8C91000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB86F9000 \SystemRoot\System32\Drivers\HTTP.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll
  0x10000000 \Programme\DAEMON Tools\daemon.dll

Processes (total 52):
      0 System Idle Process
      4 System
    632 C:\WINDOWS\system32\smss.exe
    712 csrss.exe
    736 C:\WINDOWS\system32\winlogon.exe
    780 C:\WINDOWS\system32\services.exe
    792 C:\WINDOWS\system32\lsass.exe
    960 C:\WINDOWS\system32\svchost.exe
    1036 svchost.exe
    1132 C:\WINDOWS\system32\svchost.exe
    1200 svchost.exe
    1384 svchost.exe
    1596 C:\WINDOWS\explorer.exe
    1656 C:\WINDOWS\system32\spoolsv.exe
    1720 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1808 svchost.exe
    1916 C:\Programme\HP\HP Software Update\hpwuSchd2.exe
    1924 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    1932 C:\Programme\Winamp\winampa.exe
    1948 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    1972 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    2012 C:\WINDOWS\system32\rundll32.exe
    2036 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
    2044 C:\Programme\DivX\DivX Update\DivXUpdate.exe
    200 C:\Programme\DAEMON Tools\daemon.exe
    228 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    252 C:\WINDOWS\system32\ctfmon.exe
    280 C:\Programme\Belkin\Bluetooth Software\BTTray.exe
    288 C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
    308 C:\WINDOWS\VPro530.exe
    864 C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
    1024 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1080 C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
    1208 C:\Programme\Java\jre6\bin\jqs.exe
    1264 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    1312 C:\WINDOWS\system32\nvsvc32.exe
    1368 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    2152 C:\WINDOWS\system32\svchost.exe
    2172 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    4040 alg.exe
    604 C:\hp\KBD\kbd.exe
    1824 C:\WINDOWS\ALCXMNTR.EXE
    2892 C:\WINDOWS\system\hpsysdrv.exe
    3012 C:\WINDOWS\system32\wuauclt.exe
    2968 C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
    2388 C:\Programme\Mozilla Firefox\firefox.exe
    1840 C:\Programme\Mozilla Firefox\plugin-container.exe
    2504 C:\WINDOWS\system32\msiexec.exe
    464 C:\Dokumente und Einstellungen\HP_Besitzer\Eigene Dateien\Downloads\osam_autorun_manager_5_0_portable(1)\osam.exe
    3596 C:\Programme\Ask.com\Updater\Updater.exe
    1876 C:\WINDOWS\system32\notepad.exe
    1536 C:\Dokumente und Einstellungen\HP_Besitzer\Eigene Dateien\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`e4e81e00  (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-38

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 1767459F00D32DFB18808B1403F5E319EE9E0999


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice:
Vielen Dank für die Hilfe!!!

cosinus 01.09.2011 14:53
Äh hallo? Nach über zwei Monaten fällt es dir ein mal wieder hier zu antworten? :wtf:

Gargamel456 01.09.2011 16:47
Habe doch die Begründung dazu geschrieben, ich bin erst gestern nach 8 Monaten USA wieder nach Hause an meinen Rechner gekommen...

Gargamel456 01.09.2011 16:51
Alle anderen Posts zu diesem Thema waren von meiner Ex, die sich unter meinem Username hier eingeloggt hat, weil sie auf meinen PC einen Virus gesetzt hat. Sie hat mir gestern gesagt dass sie vor 2 Monaten an dieser Stelle stehen geblieben ist. Ich möchte aber wieder einen sauberen Rechner haben, und würde mich daher über weitere Hilfe sehr freuen...

cosinus 01.09.2011 20:11
In zwei Monaten hätte ihr die Kiste mindesten 10x neu aufsetzen können :balla:

Mach erstmal einen neuen Vollscan mit Malwarebytes. An die Updates vorher denken!

Gargamel456 01.09.2011 23:38
Wie schon gesagt, ich bin erst gestern nach über 8 Monaten Abwesenheit wieder das erste mal wieder an den Rechner hier gekommen, ansonsten hast Du natürlich Recht.

Hier das Malwarebytes Logfile

HTML-Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7631

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02.09.2011 00:36:44
mbam-log-2011-09-02 (00-36-43).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 325086
Time elapsed: 2 hour(s), 27 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cosinus 02.09.2011 00:09
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Gargamel456 03.09.2011 09:55
Ok, hier die log.txt:

HTML-Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=905011a2064a664bb0d1ed66a36e219d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-03 02:14:59
# local_time=2011-09-03 04:14:59 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 188272 51543488 0 0
# compatibility_mode=8192 67108863 100 0 127 127 0 0
# scanned=147327
# found=0
# cleaned=0
# scan_time=9470

cosinus 04.09.2011 13:00
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Gargamel456 04.09.2011 14:58
Alles klar, hier das OTL logfile:

OTL Logfile:
Code:
OTL logfile created on: 04.09.2011 15:45:46 - Run 3
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Dokumente und Einstellungen\HP_Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,48 Mb Total Physical Memory | 597,04 Mb Available Physical Memory | 58,39% Memory free
2,40 Gb Paging File | 2,03 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 227,58 Gb Total Space | 120,02 Gb Free Space | 52,74% Space Free | Partition Type: NTFS
Drive D: | 5,30 Gb Total Space | 0,53 Gb Free Space | 10,05% Space Free | Partition Type: FAT32
 
Computer Name: NAME-CD5FDA878D | User Name: HP_Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Search-Results)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\VPro530.exe (Philips)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
PRC - C:\Programme\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (btwdins) -- C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SPC530) -- C:\WINDOWS\system32\drivers\SPC530.sys (                                                            )
DRV - (SPC530m) -- C:\WINDOWS\system32\drivers\SPC530m.sys (                                                            )
DRV - (phaudlwr) -- C:\WINDOWS\system32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (s117obex) -- C:\WINDOWS\system32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\WINDOWS\system32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\WINDOWS\system32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\WINDOWS\system32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\WINDOWS\system32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\WINDOWS\system32\drivers\s117bus.sys (MCCI Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com/?l=dis&o=41648036
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.01 09:33:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.11 06:31:52 | 000,000,000 | ---D | M]
 
[2008.09.17 00:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Extensions
[2011.09.01 12:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions
[2010.08.05 21:29:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.09 19:57:45 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.08.05 12:52:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.01 12:16:41 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\toolbar@ask.com
[2011.05.16 19:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.14 18:28:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.07.19 12:18:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2011.09.01 09:33:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.07.19 12:18:18 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.21 19:19:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPBootOp] C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPro530.lnk = C:\WINDOWS\VPro530.exe (Philips)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.02 20:05:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.lsgc - C:\WINDOWS\System32\lsgc.dll (imc AG)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.03 01:35:05 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.09.03 01:32:44 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\esetsmartinstaller_enu.exe
[2011.09.01 12:41:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Pictures Disc III
[2011.09.01 12:16:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2011.09.01 12:15:57 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2011.09.01 12:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Philipp Winterberg
[2011.09.01 12:15:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Free RAR Extract Frog
[2011.09.01 12:15:47 | 000,000,000 | ---D | C] -- C:\Programme\Free RAR Extract Frog
[2011.09.01 12:15:30 | 003,578,344 | ---- | C] (Philipp Winterberg) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\InstallFreeRARExtractFrog_3.20.exe
[2011.09.01 12:15:30 | 003,383,272 | ---- | C] (Search-Results) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\ApnToolbarInstaller.exe
[2011.08.20 10:53:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.11.19 14:17:27 | 000,486,912 | ---- | C] (                                                            ) -- C:\WINDOWS\System32\drivers\SPC530.sys
[2010.11.19 14:17:27 | 000,007,680 | ---- | C] (                                                            ) -- C:\WINDOWS\System32\drivers\SPC530m.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.04 15:33:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.04 14:02:59 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011.09.04 14:02:11 | 000,465,684 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.09.04 14:02:11 | 000,446,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.09.04 14:02:11 | 000,087,382 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.09.04 14:02:11 | 000,073,574 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.09.04 14:01:30 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.04 14:01:27 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.09.04 14:01:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.04 14:01:21 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.04 12:01:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.09.03 02:26:05 | 000,154,624 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.03 01:32:46 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\esetsmartinstaller_enu.exe
[2011.09.03 00:33:16 | 000,012,501 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Umzug.ods
[2011.09.01 12:15:48 | 000,000,834 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Free RAR Extract Frog.lnk
[2011.09.01 12:15:36 | 003,383,272 | ---- | M] (Search-Results) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\ApnToolbarInstaller.exe
[2011.09.01 12:15:31 | 003,578,344 | ---- | M] (Philipp Winterberg) -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\InstallFreeRARExtractFrog_3.20.exe
[2011.08.31 21:19:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.24 19:26:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.08.11 17:39:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.01 19:14:45 | 000,012,501 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\Umzug.ods
[2011.09.01 12:16:37 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.09.01 12:15:48 | 000,000,834 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Free RAR Extract Frog.lnk
[2010.07.16 15:47:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.16 15:47:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.16 15:47:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.16 15:47:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.16 15:47:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.12 13:16:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.06 19:24:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2009.12.22 21:45:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.06.04 18:27:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2009.06.04 18:27:23 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2009.06.04 18:27:23 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\tvqdec.dll
[2009.05.02 02:03:50 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.02 02:03:46 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.05.02 02:03:46 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.05.02 02:03:43 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.04.29 18:56:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.03.24 23:19:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TETRIS.INI
[2007.11.20 20:59:07 | 000,154,624 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.07 02:41:51 | 000,001,421 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.10.05 16:01:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\wklnhst.dat
[2007.10.03 22:41:20 | 000,001,274 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.10.02 10:43:35 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.10.02 01:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007.10.01 22:54:12 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.06.07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.12.09 23:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.01.01 22:52:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.01.01 22:33:34 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005.01.01 22:29:57 | 000,013,625 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005.01.01 22:29:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005.01.01 22:23:49 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005.01.01 22:19:09 | 000,081,173 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005.01.01 22:19:09 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005.01.01 22:18:12 | 000,073,637 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005.01.01 22:18:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005.01.01 22:14:26 | 000,088,050 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005.01.01 22:12:48 | 000,113,695 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005.01.01 22:12:48 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005.01.01 22:09:42 | 000,089,154 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2005.01.01 22:09:42 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2005.01.01 22:08:42 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.01.01 22:05:39 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.01.01 22:05:39 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005.01.01 22:05:39 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.01.01 22:05:39 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005.01.01 22:05:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.01.01 22:05:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.01.01 22:05:39 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005.01.01 22:05:39 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.01.01 21:52:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.01.01 21:49:10 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005.01.01 21:49:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005.01.01 21:48:54 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004.11.02 20:13:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.11.02 20:10:36 | 000,465,684 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.11.02 20:10:36 | 000,446,752 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.11.02 20:10:36 | 000,087,382 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.11.02 20:10:36 | 000,073,574 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.11.02 20:08:40 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.11.02 20:05:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.11.02 20:03:38 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.09.20 18:19:34 | 000,001,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.08.23 17:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 17:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.06 23:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2011.04.16 20:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2009.05.26 18:26:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2010.08.07 19:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011.07.14 17:35:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2010.05.17 20:31:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.05.26 18:16:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2009.05.26 23:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010.11.19 14:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Philips
[2010.12.23 03:23:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions
[2008.03.08 00:30:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.09.04 12:01:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.08 10:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Adobe
[2008.05.09 18:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\AdobeUM
[2008.10.26 12:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Apple Computer
[2010.11.19 14:24:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\ArcSoft
[2010.07.12 15:52:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Avira
[2008.03.11 21:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Bullzip
[2007.11.02 12:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2011.01.29 13:38:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\CyberLink
[2010.07.24 22:10:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\DivX
[2009.11.08 15:21:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Dr. Regener
[2010.08.05 12:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.05.17 20:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\elsterformular
[2010.07.19 12:24:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Foxit
[2011.06.10 20:19:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\GetRightToGo
[2011.05.29 14:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\go
[2008.01.30 18:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Google
[2009.05.27 18:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Haufe
[2007.10.02 16:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\HP
[2007.10.07 14:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\HPQ
[2005.10.27 01:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Identities
[2007.10.09 17:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Leadertech
[2009.05.26 23:04:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Lexware
[2007.10.02 00:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Macromedia
[2010.07.12 13:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Malwarebytes
[2010.07.16 15:34:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Media Player Classic
[2010.12.22 03:56:48 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Microsoft
[2008.09.17 00:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla
[2011.09.04 11:58:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\OpenOffice.org2
[2011.09.01 12:15:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Philipp Winterberg
[2007.10.07 02:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Real
[2007.11.01 21:09:53 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\SecuROM
[2011.08.30 18:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Skype
[2011.07.14 17:34:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\skypePM
[2007.10.09 17:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Sonic
[2007.10.02 23:15:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Sun
[2010.07.16 19:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\SUPERAntiSpyware.com
[2011.01.19 23:31:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\TeamViewer
[2007.11.21 19:02:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Winamp
[2010.12.23 03:35:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\WindSolutions
[2011.06.10 20:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2008.05.08 22:57:07 | 022,319,360 | ---- | M] (                                  ) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe
[2010.12.23 03:21:35 | 002,728,160 | ---- | M] (WindSolutions) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2010.12.23 03:23:09 | 006,976,696 | ---- | M] (WindSolutions) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.07.18 23:29:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.03 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010.07.18 23:29:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.07.18 23:29:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.03 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010.07.18 23:29:27 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 06:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 06:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 06:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VAXSCSI.SYS  >
[2008.04.29 18:45:16 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) MD5=92CEBC2BC7BE2C8D49391B365569F306 -- C:\WINDOWS\system32\drivers\vaxscsi.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007.11.01 20:37:01 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2004.11.02 20:55:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.11.02 20:55:34 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 04.09.2011 15:29
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.search-results.com/?l=dis&o=41648036
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
[2010.08.05 12:52:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.01 12:16:41 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\toolbar@ask.com
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.02 20:05:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2011.09.01 12:15:57 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2011.09.04 12:01:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Gargamel456 05.09.2011 20:44
Leider hat sich das Programm OTL in der Mitte des Durchlaufs aufgehangen, so dass ich neu starten musste. Virenscanner und alle anderen programme waren deaktiviert, muss ich noch etwas anderes beachten, z.B. Firewall deaktivieren? Ich würde es dann einfach nochmal probieren...

cosinus 05.09.2011 22:11
Nee, probier einfach nochmal. Und ja möglichst wenig Programme auf haben, Virenscanner unbedingt ausschalten. Windows-Firewall sollte nicht stören.

Gargamel456 06.09.2011 13:20
Wie beim ersten mal auch, ist OTL auch diesmal an dieser Stelle hängengeblieben:

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)

Was nun?

cosinus 06.09.2011 15:59
Lass diese Zeile mal im Script weg. Die Asktoolbar ist zwar nervig, sollte aber keine Gefahr sein...

Gargamel456 06.09.2011 18:00
Nachdem ich diese Zeile weggelassen habe, ist er an einer anderem Zeile mit 03 vorne hängengeblieben (ich glaube es war die vierte von den untenstehenden). Ich habe daher alle vier Zeilen, die mit 03 beginnen, weggelassen:

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)

Hoffe, dass das so in Ordnung war, jedenfalls gab es diesmal ein Ergebnis:

HTML-Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Folder C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\toolbar@ask.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Programme\Ask.com\Updater folder moved successfully.
C:\Programme\Ask.com\assets\oobe folder moved successfully.
C:\Programme\Ask.com\assets folder moved successfully.
C:\Programme\Ask.com folder moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: HP_Besitzer
->Temp folder emptied: 181630313 bytes
->Temporary Internet Files folder emptied: 37819053 bytes
->Java cache emptied: 5467801 bytes
->FireFox cache emptied: 89446525 bytes
->Flash cache emptied: 513 bytes
 
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 864592 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 248963 bytes
RecycleBin emptied: 101376 bytes
 
Total Files Cleaned = 301,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 09062011_185418

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 07.09.2011 09:25
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Gargamel456 07.09.2011 13:37
Alles klar, hier das logfile von TDSS Killer:
Das Unhide Tool habe ich nicht gemacht, da ich meiner Meinung nach alles sehen und benutzen kann...


HTML-Code:
2011/09/07 14:33:37.0578 2108        TDSS rootkit removing tool 2.5.19.0 Sep  6 2011 19:23:56
2011/09/07 14:33:37.0921 2108        ================================================================================
2011/09/07 14:33:37.0921 2108        SystemInfo:
2011/09/07 14:33:37.0921 2108       
2011/09/07 14:33:37.0921 2108        OS Version: 5.1.2600 ServicePack: 3.0
2011/09/07 14:33:37.0921 2108        Product type: Workstation
2011/09/07 14:33:37.0921 2108        ComputerName: NAME-CD5FDA878D
2011/09/07 14:33:37.0921 2108        UserName: HP_Besitzer
2011/09/07 14:33:37.0921 2108        Windows directory: C:\WINDOWS
2011/09/07 14:33:37.0921 2108        System windows directory: C:\WINDOWS
2011/09/07 14:33:37.0921 2108        Processor architecture: Intel x86
2011/09/07 14:33:37.0921 2108        Number of processors: 1
2011/09/07 14:33:37.0921 2108        Page size: 0x1000
2011/09/07 14:33:37.0921 2108        Boot type: Normal boot
2011/09/07 14:33:37.0921 2108        ================================================================================
2011/09/07 14:33:41.0828 2108        Initialize success
2011/09/07 14:33:47.0609 0376        ================================================================================
2011/09/07 14:33:47.0609 0376        Scan started
2011/09/07 14:33:47.0609 0376        Mode: Manual;
2011/09/07 14:33:47.0609 0376        ================================================================================
2011/09/07 14:33:49.0953 0376        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/07 14:33:50.0234 0376        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/07 14:33:50.0500 0376        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/07 14:33:50.0765 0376        AFD            (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/07 14:33:51.0406 0376        ALCXWDM        (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/09/07 14:33:51.0906 0376        AmdK8          (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/09/07 14:33:52.0140 0376        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/07 14:33:52.0500 0376        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/07 14:33:52.0734 0376        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/07 14:33:52.0859 0376        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/07 14:33:53.0000 0376        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/07 14:33:53.0265 0376        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/09/07 14:33:53.0375 0376        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/09/07 14:33:53.0531 0376        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/09/07 14:33:53.0750 0376        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/07 14:33:53.0937 0376        btaudio        (74ef010b27a2bf44dd5649dd331899a0) C:\WINDOWS\system32\drivers\btaudio.sys
2011/09/07 14:33:54.0093 0376        BTDriver        (3c7c61c3d0b0f87136ad925ca624dc1c) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/09/07 14:33:54.0296 0376        BTKRNL          (515617cc36e7c5bee744b3c62affb4f5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/09/07 14:33:54.0515 0376        BTWDNDIS        (2ccd954aac705aaa98ad7e545bd44efe) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/09/07 14:33:54.0796 0376        btwhid          (af60e6ffef11cc9653d5edc0b238893b) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/09/07 14:33:54.0968 0376        BTWUSB          (dceffeeae5672e57dd1343236fbb5763) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/09/07 14:33:55.0328 0376        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/07 14:33:55.0515 0376        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/07 14:33:55.0781 0376        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/07 14:33:55.0953 0376        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/07 14:33:56.0093 0376        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/07 14:33:56.0718 0376        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/07 14:33:56.0937 0376        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/07 14:33:57.0140 0376        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/07 14:33:57.0296 0376        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/07 14:33:57.0468 0376        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/07 14:33:57.0843 0376        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/07 14:33:58.0140 0376        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/07 14:33:58.0343 0376        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/07 14:33:58.0421 0376        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/07 14:33:58.0515 0376        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/07 14:33:58.0781 0376        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/07 14:33:59.0078 0376        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/07 14:33:59.0250 0376        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/07 14:33:59.0515 0376        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/07 14:33:59.0781 0376        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/07 14:34:00.0015 0376        HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/07 14:34:00.0140 0376        HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/07 14:34:00.0312 0376        HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/07 14:34:00.0578 0376        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/07 14:34:00.0781 0376        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/07 14:34:00.0875 0376        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/07 14:34:01.0015 0376        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/07 14:34:01.0093 0376        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/07 14:34:01.0171 0376        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/07 14:34:01.0250 0376        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/07 14:34:01.0343 0376        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/07 14:34:01.0406 0376        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/07 14:34:01.0500 0376        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/07 14:34:01.0593 0376        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/07 14:34:01.0671 0376        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/07 14:34:01.0734 0376        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/07 14:34:01.0812 0376        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/07 14:34:01.0875 0376        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/07 14:34:01.0953 0376        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/07 14:34:02.0093 0376        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/07 14:34:02.0156 0376        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/07 14:34:02.0218 0376        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/07 14:34:02.0281 0376        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/07 14:34:02.0328 0376        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/07 14:34:02.0421 0376        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/07 14:34:02.0515 0376        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/07 14:34:02.0593 0376        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/07 14:34:02.0656 0376        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/07 14:34:02.0703 0376        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/07 14:34:02.0765 0376        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/07 14:34:02.0859 0376        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/07 14:34:02.0937 0376        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/07 14:34:03.0015 0376        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/07 14:34:03.0093 0376        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/07 14:34:03.0187 0376        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/07 14:34:03.0265 0376        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/07 14:34:03.0343 0376        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/07 14:34:03.0421 0376        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/07 14:34:03.0468 0376        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/07 14:34:03.0562 0376        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/07 14:34:03.0656 0376        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/07 14:34:03.0734 0376        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/07 14:34:03.0875 0376        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/07 14:34:03.0937 0376        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/07 14:34:04.0015 0376        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/07 14:34:04.0125 0376        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/07 14:34:04.0312 0376        nv              (94c9962a2d51115be99dbed20801edae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/07 14:34:04.0484 0376        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/07 14:34:04.0562 0376        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/07 14:34:04.0640 0376        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/07 14:34:04.0796 0376        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/07 14:34:04.0859 0376        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/07 14:34:04.0906 0376        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/07 14:34:04.0953 0376        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/07 14:34:05.0062 0376        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/07 14:34:05.0125 0376        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/07 14:34:05.0406 0376        phaudlwr        (427e58b9357fba0fdcec08f3930a7325) C:\WINDOWS\system32\DRIVERS\phaudlwr.sys
2011/09/07 14:34:05.0500 0376        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/07 14:34:05.0562 0376        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/07 14:34:05.0656 0376        Ps2            (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/09/07 14:34:05.0703 0376        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/07 14:34:05.0750 0376        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/07 14:34:05.0828 0376        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/07 14:34:06.0015 0376        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/07 14:34:06.0093 0376        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/07 14:34:06.0156 0376        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/07 14:34:06.0203 0376        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/07 14:34:06.0281 0376        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/07 14:34:06.0359 0376        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/07 14:34:06.0437 0376        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/07 14:34:06.0515 0376        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/07 14:34:06.0609 0376        RTL8023xp      (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/09/07 14:34:06.0687 0376        rtl8139        (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/09/07 14:34:06.0734 0376        s117bus        (1f561844318914e7eb6e54673a4cc54c) C:\WINDOWS\system32\DRIVERS\s117bus.sys
2011/09/07 14:34:06.0796 0376        s117mdfl        (ba93eec3cdf6a63b77ae66221aa4f902) C:\WINDOWS\system32\DRIVERS\s117mdfl.sys
2011/09/07 14:34:06.0843 0376        s117mdm        (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\WINDOWS\system32\DRIVERS\s117mdm.sys
2011/09/07 14:34:06.0890 0376        s117mgmt        (bd6483e64b1da17e812b34bcdefd9459) C:\WINDOWS\system32\DRIVERS\s117mgmt.sys
2011/09/07 14:34:06.0953 0376        s117nd5        (c7ca36c3054b4cd47a1f6611b046e2f9) C:\WINDOWS\system32\DRIVERS\s117nd5.sys
2011/09/07 14:34:07.0046 0376        s117obex        (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\WINDOWS\system32\DRIVERS\s117obex.sys
2011/09/07 14:34:07.0093 0376        s117unic        (5c4d1ba23c7511ac880e8ba7baa80dba) C:\WINDOWS\system32\DRIVERS\s117unic.sys
2011/09/07 14:34:07.0187 0376        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/07 14:34:07.0265 0376        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2011/09/07 14:34:07.0328 0376        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/07 14:34:07.0390 0376        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/07 14:34:07.0453 0376        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/07 14:34:07.0578 0376        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/07 14:34:07.0656 0376        SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/07 14:34:07.0765 0376        SPC530          (437198c0d349b0e0d4305d3081c5e912) C:\WINDOWS\system32\drivers\SPC530.sys
2011/09/07 14:34:07.0828 0376        SPC530m        (92e0ce241498b483404a957e709329cc) C:\WINDOWS\system32\drivers\SPC530m.sys
2011/09/07 14:34:07.0906 0376        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/07 14:34:08.0031 0376        sptd            (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/07 14:34:08.0031 0376        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/09/07 14:34:08.0046 0376        sptd - detected LockedFile.Multi.Generic (1)
2011/09/07 14:34:08.0062 0376        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/07 14:34:08.0156 0376        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/07 14:34:08.0234 0376        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/09/07 14:34:08.0328 0376        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/07 14:34:08.0375 0376        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/07 14:34:08.0437 0376        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/07 14:34:08.0640 0376        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/07 14:34:08.0750 0376        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/07 14:34:08.0828 0376        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/07 14:34:08.0875 0376        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/07 14:34:08.0921 0376        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/07 14:34:09.0031 0376        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/07 14:34:09.0140 0376        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/07 14:34:09.0234 0376        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/07 14:34:09.0296 0376        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/07 14:34:09.0359 0376        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/07 14:34:09.0437 0376        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/07 14:34:09.0500 0376        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/07 14:34:09.0578 0376        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/07 14:34:09.0625 0376        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/07 14:34:09.0687 0376        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/07 14:34:09.0718 0376        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/07 14:34:09.0812 0376        vaxscsi        (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2011/09/07 14:34:09.0906 0376        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/07 14:34:10.0000 0376        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/07 14:34:10.0078 0376        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/07 14:34:10.0156 0376        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/07 14:34:10.0234 0376        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/07 14:34:10.0359 0376        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/07 14:34:10.0484 0376        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/07 14:34:10.0562 0376        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/07 14:34:10.0609 0376        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/07 14:34:10.0671 0376        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/07 14:34:10.0781 0376        MBR (0x1B8)    (958338c2d641d56774cebb0acd294050) \Device\Harddisk0\DR0
2011/09/07 14:34:10.0828 0376        Boot (0x1200)  (cfe231d98560742ce12f9cc71424a13d) \Device\Harddisk0\DR0\Partition0
2011/09/07 14:34:10.0843 0376        Boot (0x1200)  (9efc29bfb69d725f4a1422fcfbd9b6a1) \Device\Harddisk0\DR0\Partition1
2011/09/07 14:34:10.0843 0376        ================================================================================
2011/09/07 14:34:10.0843 0376        Scan finished
2011/09/07 14:34:10.0843 0376        ================================================================================
2011/09/07 14:34:10.0875 2744        Detected object count: 1
2011/09/07 14:34:10.0875 2744        Actual detected object count: 1
2011/09/07 14:34:28.0921 2744        LockedFile.Multi.Generic(sptd) - User select action: Skip

cosinus 07.09.2011 14:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Gargamel456 07.09.2011 15:24
Alles klar, hier ist die Cofi logdatei:

Combofix Logfile:
Code:
ComboFix 11-09-07.04 - HP_Besitzer 07.09.2011  16:10:21.5.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.623 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\ngen.exe.2c05686e.ini
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\SL52.tmp.b470469.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\HpqDIA.exe.fd906699.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\HPQDOC~1.EXE.893698d7.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\HPQDocViewer.exe.7e1a2875.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\hpqimzone.exe.bfe59c6d.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\hpqthb08.exe.76f0bec1.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\ngen.exe.2c05686e.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\SL52.tmp.b470469.ini
c:\windows\system32\ps2.bat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-08-07 bis 2011-09-07  ))))))))))))))))))))))))))))))
.
.
2011-09-07 10:30 . 2011-09-07 10:30        --------        d-----w-        c:\windows\LastGood
2011-09-06 22:48 . 2011-09-06 22:48        --------        d-----w-        c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\ZoomBrowser EX
2011-09-06 22:16 . 2011-09-06 22:16        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ZoomBrowser
2011-09-06 22:15 . 2011-09-06 22:18        --------        d-----w-        c:\programme\Canon
2011-09-06 22:14 . 2011-09-06 22:14        --------        d-----w-        c:\programme\Gemeinsame Dateien\Canon
2011-09-05 15:34 . 2011-09-05 15:34        --------        d-----w-        C:\_OTL
2011-09-02 23:35 . 2011-09-02 23:35        --------        d-----w-        c:\programme\ESET
2011-09-01 10:16 . 2011-09-01 18:20        --------        d-----w-        c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\AskToolbar
2011-09-01 10:15 . 2011-09-01 10:15        --------        d-----w-        c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\Philipp Winterberg
2011-09-01 10:15 . 2011-09-01 10:15        --------        d-----w-        c:\programme\Free RAR Extract Frog
2011-08-27 07:55 . 2011-09-01 10:15        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 18:00 . 2011-06-24 14:10        139656        ------w-        c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 17:59 . 2011-07-08 14:02        10496        ------w-        c:\windows\system32\dllcache\ndistapi.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-04 04:00        456320        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 04:00        10496        ------w-        c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2011-06-02 17:57        41272        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-06-02 17:57        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-06-30 19:16 . 2010-07-12 11:32        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-06-30 19:16 . 2010-07-12 11:32        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-06-24 14:10 . 2004-08-04 04:00        139656        ------w-        c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-04 04:00        916480        ----a-w-        c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-04 04:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2004-08-04 04:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 04:00        385024        ----a-w-        c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 04:00        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-09-07 12:35 . 2011-05-11 04:31        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((  SnapShot_2011-06-21_17.19.54  )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-07 10:27 . 2011-09-07 10:27        16384              c:\windows\Temp\Perflib_Perfdata_4e8.dat
+ 2007-07-18 12:42 . 2011-07-08 13:49        46080              c:\windows\system32\tzchange.exe
- 2007-07-18 12:42 . 2010-11-03 13:12        46080              c:\windows\system32\tzchange.exe
+ 2004-11-02 18:10 . 2011-09-07 10:27        73574              c:\windows\system32\perfc009.dat
+ 2004-11-02 18:10 . 2011-09-07 10:27        87382              c:\windows\system32\perfc007.dat
+ 2004-08-04 04:00 . 2011-06-23 18:31        66560              c:\windows\system32\mshtmled.dll
- 2004-08-04 04:00 . 2011-04-25 16:05        66560              c:\windows\system32\mshtmled.dll
+ 2009-03-08 02:31 . 2011-06-23 18:31        55296              c:\windows\system32\msfeedsbs.dll
- 2009-03-08 02:31 . 2011-04-25 16:05        55296              c:\windows\system32\msfeedsbs.dll
- 2004-08-04 04:00 . 2011-04-25 16:05        25600              c:\windows\system32\jsproxy.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31        25600              c:\windows\system32\jsproxy.dll
- 2010-07-18 23:00 . 2011-04-25 16:05        12800              c:\windows\system32\dllcache\xpshims.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31        12800              c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 02:31 . 2011-04-25 16:05        66560              c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 02:31 . 2011-06-23 18:31        66560              c:\windows\system32\dllcache\mshtmled.dll
- 2010-07-18 23:00 . 2011-04-25 16:05        55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31        55296              c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 02:34 . 2011-04-25 16:05        43520              c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 02:34 . 2011-06-23 18:31        43520              c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 02:33 . 2011-04-25 16:05        25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 02:33 . 2011-06-23 18:31        25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07        33280              c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:29        33280              c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-04 04:00 . 2011-04-26 11:07        33280              c:\windows\system32\csrsrv.dll
- 2004-08-04 04:00 . 2010-12-09 14:29        33280              c:\windows\system32\csrsrv.dll
+ 2011-08-09 20:28 . 2011-08-09 20:28        22016              c:\windows\Installer\296d0f.msi
+ 2011-06-26 17:40 . 2011-06-26 17:40        65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40        65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40        65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40        65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40        65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40        65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40        65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        23040              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        23040              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        61440              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        61440              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        27136              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        27136              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        11264              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        11264              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        86016              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        86016              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        12288              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        12288              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-09-01 10:16 . 2011-09-01 10:16        77824              c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-08-11 15:29 . 2011-04-25 16:05        12800              c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        66560              c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        55296              c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        43520              c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        25600              c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-06-30 21:24 . 2011-06-30 21:24        60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-06-30 22:19 . 2011-06-30 22:19        82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-08-11 15:44 . 2011-08-11 15:44        47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
+ 2011-08-11 15:44 . 2011-08-11 15:44        39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-06-30 22:19 . 2011-06-30 22:19        65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-06-30 22:18 . 2011-06-30 22:18        74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-06-30 22:18 . 2011-06-30 22:18        14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-06-30 22:18 . 2011-06-30 22:18        25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-17 15:20 . 2011-04-17 15:20        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-07-13 20:38 . 2010-12-09 14:29        33280              c:\windows\$NtUninstallKB2507938$\csrsrv.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14        26488              c:\windows\$hf_mig$\KB2555917\update\spcustom.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14        18808              c:\windows\$hf_mig$\KB2555917\spmsg.dll
+ 2011-06-29 16:38 . 2010-07-05 13:14        26488              c:\windows\$hf_mig$\KB2541763\update\spcustom.dll
+ 2011-06-29 16:38 . 2010-07-05 13:14        18808              c:\windows\$hf_mig$\KB2541763\spmsg.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14        26488              c:\windows\$hf_mig$\KB2507938\update\spcustom.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14        18808              c:\windows\$hf_mig$\KB2507938\spmsg.dll
+ 2011-04-26 11:02 . 2011-04-26 11:02        33280              c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-04-29 16:56 . 2011-08-11 15:34        4096              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        4096              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-08-11 15:42 . 2011-08-11 15:42        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-17 15:20 . 2011-04-17 15:20        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 04:00 . 2009-03-08 02:34        105984              c:\windows\system32\url.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31        105984              c:\windows\system32\url.dll
+ 2004-08-04 04:00 . 2011-04-29 17:25        151552              c:\windows\system32\schannel.dll
+ 2004-11-02 18:10 . 2011-09-07 10:27        446752              c:\windows\system32\perfh009.dat
+ 2004-11-02 18:10 . 2011-09-07 10:27        465684              c:\windows\system32\perfh007.dat
- 2004-08-04 04:00 . 2011-04-25 16:05        206848              c:\windows\system32\occache.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31        206848              c:\windows\system32\occache.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31        611840              c:\windows\system32\mstime.dll
- 2004-08-04 04:00 . 2011-04-25 16:05        611840              c:\windows\system32\mstime.dll
+ 2009-03-08 02:32 . 2011-06-23 18:31        602112              c:\windows\system32\msfeeds.dll
- 2009-03-08 02:32 . 2011-04-25 16:05        602112              c:\windows\system32\msfeeds.dll
+ 2011-08-27 07:55 . 2011-08-27 07:55        243360              c:\windows\system32\Macromed\Flash\FlashUtil10w_Plugin.exe
+ 2011-09-01 10:15 . 2011-09-01 10:15        243360              c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
+ 2011-09-01 10:15 . 2011-09-01 10:15        328864              c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31        184320              c:\windows\system32\iepeers.dll
- 2004-08-04 04:00 . 2011-04-25 16:05        184320              c:\windows\system32\iepeers.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31        387584              c:\windows\system32\iedkcs32.dll
- 2004-08-04 04:00 . 2011-04-25 16:05        387584              c:\windows\system32\iedkcs32.dll
+ 2004-08-04 04:00 . 2011-06-23 12:05        173568              c:\windows\system32\ie4uinit.exe
- 2004-08-04 04:00 . 2011-04-25 12:01        173568              c:\windows\system32\ie4uinit.exe
- 2004-11-02 18:08 . 2011-04-17 15:57        314768              c:\windows\system32\FNTCACHE.DAT
+ 2004-11-02 18:08 . 2011-07-14 15:33        314768              c:\windows\system32\FNTCACHE.DAT
+ 2010-06-18 17:44 . 2011-06-20 17:44        293888              c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:44 . 2010-06-18 17:44        293888              c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-21 06:42 . 2011-06-23 18:31        916480              c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:42 . 2011-04-25 16:05        916480              c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 02:34 . 2009-03-08 02:34        105984              c:\windows\system32\dllcache\url.dll
+ 2009-03-08 02:34 . 2011-06-23 18:31        105984              c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:55 . 2011-04-29 17:25        151552              c:\windows\system32\dllcache\schannel.dll
- 2009-03-08 02:34 . 2011-04-25 16:05        206848              c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 02:34 . 2011-06-23 18:31        206848              c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 02:32 . 2011-06-23 18:31        611840              c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 02:32 . 2011-04-25 16:05        611840              c:\windows\system32\dllcache\mstime.dll
- 2010-07-18 23:00 . 2011-04-25 16:05        602112              c:\windows\system32\dllcache\msfeeds.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31        602112              c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 12:25 . 2011-07-15 13:29        456320              c:\windows\system32\dllcache\mrxsmb.sys
- 2008-11-12 12:25 . 2011-04-29 16:19        456320              c:\windows\system32\dllcache\mrxsmb.sys
- 2010-07-18 23:00 . 2011-04-25 16:05        247808              c:\windows\system32\dllcache\ieproxy.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31        247808              c:\windows\system32\dllcache\ieproxy.dll
+ 2010-04-16 16:06 . 2011-06-23 18:31        184320              c:\windows\system32\dllcache\iepeers.dll
- 2010-04-16 16:06 . 2011-04-25 16:05        184320              c:\windows\system32\dllcache\iepeers.dll
- 2010-07-18 23:00 . 2011-04-25 16:05        743424              c:\windows\system32\dllcache\iedvtool.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31        743424              c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 12:09 . 2011-04-25 16:05        387584              c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 12:09 . 2011-06-23 18:31        387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 02:32 . 2011-04-25 12:01        173568              c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 02:32 . 2011-06-23 12:05        173568              c:\windows\system32\dllcache\ie4uinit.exe
- 2011-01-18 02:39 . 2011-01-18 02:39        388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15        388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 02:39 . 2011-01-18 02:39        363856              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15        363856              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 02:39 . 2011-01-18 02:39        989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15        989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-14 15:36 . 2011-07-14 15:36        691200              c:\windows\Installer\14b36.msi
+ 2011-07-14 15:36 . 2011-07-14 15:36        371272              c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        409600              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        409600              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        286720              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        286720              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        249856              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        249856              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        794624              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        794624              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        135168              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        135168              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-29 16:56 . 2011-06-16 21:35        593920              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34        593920              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-08-11 15:29 . 2011-04-25 16:05        916480              c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-11 15:29 . 2009-03-08 02:34        105984              c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-11 15:29 . 2010-07-05 13:14        388984              c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-11 15:29 . 2010-07-05 13:14        234872              c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-11 15:29 . 2011-04-25 16:05        206848              c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        611840              c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        602112              c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        247808              c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        184320              c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        743424              c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        387584              c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-11 15:29 . 2011-04-25 12:01        173568              c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
- 2008-11-12 12:25 . 2011-04-29 16:19        456320              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-12 12:25 . 2011-07-15 13:29        456320              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-08-11 15:56 . 2011-08-11 15:56        321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-08-11 15:46 . 2011-08-11 15:46        240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
+ 2011-06-30 21:24 . 2011-06-30 21:24        187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46        447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59        400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-08-11 15:55 . 2011-08-11 15:55        381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-08-11 15:55 . 2011-08-11 15:55        212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57        354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57        939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57        756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57        135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-08-11 15:56 . 2011-08-11 15:56        256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-08-11 15:45 . 2011-08-11 15:45        224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-08-11 15:56 . 2011-08-11 15:56        386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-06-30 22:19 . 2011-06-30 22:19        220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-08-11 15:55 . 2011-08-11 15:55        842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-17 15:20 . 2011-04-17 15:20        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-17 15:20 . 2011-04-17 15:20        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-17 15:20 . 2011-04-17 15:20        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-17 15:20 . 2011-04-17 15:20        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-17 15:20 . 2011-04-17 15:20        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14        388984              c:\windows\$NtUninstallKB2555917$\spuninst\updspapi.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14        234872              c:\windows\$NtUninstallKB2555917$\spuninst\spuninst.exe
+ 2011-06-29 16:38 . 2010-07-05 13:14        388984              c:\windows\$NtUninstallKB2541763$\spuninst\updspapi.dll
+ 2011-06-29 16:38 . 2010-07-05 13:14        234872              c:\windows\$NtUninstallKB2541763$\spuninst\spuninst.exe
+ 2011-06-29 16:38 . 2010-06-30 12:28        149504              c:\windows\$NtUninstallKB2541763$\schannel.dll
+ 2011-07-13 20:38 . 2010-06-18 17:44        293888              c:\windows\$NtUninstallKB2507938$\winsrv.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14        388984              c:\windows\$NtUninstallKB2507938$\spuninst\updspapi.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14        234872              c:\windows\$NtUninstallKB2507938$\spuninst\spuninst.exe
+ 2011-07-13 20:34 . 2010-07-05 13:14        388984              c:\windows\$hf_mig$\KB2555917\update\updspapi.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14        765304              c:\windows\$hf_mig$\KB2555917\update\update.exe
+ 2011-07-13 20:34 . 2010-07-05 13:14        234872              c:\windows\$hf_mig$\KB2555917\spuninst.exe
+ 2011-06-29 16:38 . 2010-07-05 13:14        388984              c:\windows\$hf_mig$\KB2541763\update\updspapi.dll
+ 2011-06-29 16:38 . 2010-07-05 13:14        765304              c:\windows\$hf_mig$\KB2541763\update\update.exe
+ 2011-06-29 16:38 . 2010-07-05 13:14        234872              c:\windows\$hf_mig$\KB2541763\spuninst.exe
+ 2011-04-29 17:23 . 2011-04-29 17:23        151552              c:\windows\$hf_mig$\KB2541763\SP3QFE\schannel.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14        388984              c:\windows\$hf_mig$\KB2507938\update\updspapi.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14        765304              c:\windows\$hf_mig$\KB2507938\update\update.exe
+ 2011-07-13 20:38 . 2010-07-05 13:14        234872              c:\windows\$hf_mig$\KB2507938\spuninst.exe
+ 2011-04-26 11:02 . 2011-04-26 11:02        293888              c:\windows\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
+ 2004-08-04 04:00 . 2011-06-06 11:35        1859072              c:\windows\system32\win32k.sys
+ 2004-08-04 04:00 . 2011-06-23 18:31        1212416              c:\windows\system32\urlmon.dll
+ 2004-08-04 04:00 . 2011-07-25 15:09        5969920              c:\windows\system32\mshtml.dll
+ 2009-02-03 02:15 . 2011-08-27 07:55        6277280              c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-03-08 02:32 . 2011-04-25 16:05        1991680              c:\windows\system32\iertutil.dll
+ 2009-03-08 02:32 . 2011-06-23 18:31        1991680              c:\windows\system32\iertutil.dll
+ 2008-10-16 11:08 . 2011-06-06 11:35        1859072              c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:12 . 2011-06-23 18:31        1212416              c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-21 06:42 . 2011-07-25 15:09        5969920              c:\windows\system32\dllcache\mshtml.dll
- 2010-07-18 23:00 . 2011-04-25 16:05        1991680              c:\windows\system32\dllcache\iertutil.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31        1991680              c:\windows\system32\dllcache\iertutil.dll
- 2008-07-25 09:17 . 2008-07-25 09:17        5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15        5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-04-28 19:50 . 2011-04-28 19:50        3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2010-03-23 03:32 . 2010-03-23 03:32        3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15        5912400              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15        4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-01-18 02:39 . 2011-01-18 02:39        4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-05-01 22:06 . 2011-05-01 22:06        2705920              c:\windows\Installer\bf350.msp
+ 2011-07-26 11:50 . 2011-07-26 11:50        5522432              c:\windows\Installer\bf348.msp
+ 2011-09-01 10:16 . 2011-09-01 10:16        2208768              c:\windows\Installer\9a3b5d.msi
+ 2011-01-18 21:36 . 2011-01-18 21:36        2687488              c:\windows\Installer\8fec81.msp
+ 2011-06-26 17:40 . 2011-06-26 17:40        1529344              c:\windows\Installer\805026.msi
+ 2011-07-14 15:36 . 2011-07-14 15:36        1541120              c:\windows\Installer\14b2f.msi
+ 2011-05-23 12:15 . 2011-05-23 12:15        3617792              c:\windows\Installer\11e37ed.msp
+ 2007-04-19 13:09 . 2007-04-19 13:09        1061720              c:\windows\Installer\$PatchCache$\Managed\7040110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2011-08-11 15:29 . 2011-04-25 16:05        1211904              c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-11 15:29 . 2011-05-30 22:12        5964800              c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05        1991680              c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-08-22 14:41 . 2011-08-22 14:41        3126944              c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2011-08-22 14:41 . 2011-08-22 14:41        3126944              c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2011-08-11 15:44 . 2011-08-11 15:44        3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46        1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
+ 2011-08-11 15:44 . 2011-08-11 15:44        7950848              c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46        5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59        1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59        1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59        4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59        2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        2405376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46        1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-08-11 15:55 . 2011-08-11 15:55        2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46        1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
+ 2011-08-11 15:55 . 2011-08-11 15:55        1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57        1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57        1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57        9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
+ 2011-08-11 15:44 . 2011-08-11 15:44        1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b187becbc388c4ce7f33ede4da76e7b1\PresentationBuildTasks.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
- 2011-04-17 15:20 . 2011-04-17 15:20        3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-17 15:20 . 2011-04-17 15:20        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-17 15:19 . 2011-04-17 15:19        4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42        4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-07-13 20:34 . 2011-03-03 13:53        1858048              c:\windows\$NtUninstallKB2555917$\win32k.sys
+ 2011-06-06 11:36 . 2011-06-06 11:36        1868032              c:\windows\$hf_mig$\KB2555917\SP3QFE\win32k.sys
+ 2008-08-29 16:13 . 2011-08-11 15:34        52390856              c:\windows\system32\MRT.exe
+ 2009-03-08 02:39 . 2011-06-23 18:31        11081728              c:\windows\system32\ieframe.dll
- 2009-03-08 02:39 . 2011-04-26 08:05        11081728              c:\windows\system32\ieframe.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31        11081728              c:\windows\system32\dllcache\ieframe.dll
- 2010-07-18 23:00 . 2011-04-26 08:05        11081728              c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-28 01:27 . 2011-03-28 01:27        15456256              c:\windows\Installer\8fec8e.msp
+ 2011-08-11 15:29 . 2011-04-26 08:05        11081728              c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46        12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58        11800576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56        17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45        14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
+ 2011-08-11 15:44 . 2011-08-11 15:44        12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
+ 2011-06-30 21:21 . 2011-06-30 21:21        11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\programme\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"nwiz"="nwiz.exe" [2005-12-14 1519616]
"HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-01-01 180269]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2007-10-10 36352]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2008-09-06 413696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
VPro530.lnk - c:\windows\VPro530.exe [2010-11-19 155648]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\LECTURNITY Player\\jre5\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01.11.2007 20:37 685816]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.07.2010 13:32 136360]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [30.12.2009 20:11 27632]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [06.11.2009 17:11 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [07.09.2010 13:53 90112]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [06.11.2009 17:11 135664]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [19.11.2010 14:17 88704]
S3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [19.11.2010 14:17 486912]
S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [19.11.2010 14:17 7680]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [29.04.2008 18:45 223128]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25855147
*Deregistered* - 25855147
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-06 15:11]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-06 15:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 83.169.186.225 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ApnUpdater - c:\programme\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-07 16:17
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2811243195-1895084649-3547694746-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Kundendienst]
"Order"=hex:08,00,00,00,02,00,00,00,b8,02,00,00,01,00,00,00,04,00,00,00,de,00,
  00,00,00,00,00,00,d0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,be,00,32,\
.
[HKEY_USERS\S-1-5-21-2811243195-1895084649-3547694746-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9a,67,5b,f6,99,da,28,09,ee,6b,b5,d1,b6,82,4d,c3,66,92,e4,31,6b,62,a6,
  45,f7,d1,e2,c5,76,28,0b,91,a0,21,63,b5,07,4d,49,c1,3a,10,88,f9,21,09,8a,6b,\
"??"=hex:ad,ce,7c,ef,11,66,aa,c4,b3,61,58,21,ae,7e,17,dc
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Zeit der Fertigstellung: 2011-09-07  16:20:11
ComboFix-quarantined-files.txt  2011-09-07 14:19
ComboFix2.txt  2011-06-21 17:23
ComboFix3.txt  2011-06-08 17:15
ComboFix4.txt  2010-07-16 17:09
ComboFix5.txt  2011-09-07 14:07
.
Vor Suchlauf: 18 Verzeichnis(se), 124.970.024.960 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 125.076.164.608 Bytes frei
.
- - End Of File - - 26CDD1EDC0EDF4F3054B763E61DD9592
--- --- ---

cosinus 07.09.2011 19:21
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Gargamel456 12.09.2011 16:06
Alles klar, hier die logfiles. Bei OSAM habe ich aus Versehen vergessen den Virenscanner auszuschalten (Avira AntiVir), hat aber trotzdem ohne Probleme funktioniert.

GMER
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-10 17:31:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP2504C rev.VT100-38
Running: ddwj7cfm.exe; Driver: C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys


---- System - GMER 1.0.15 ----

SSDT            F7C841D4                                                                                                            ZwClose
SSDT            F7C8418E                                                                                                            ZwCreateKey
SSDT            F7C841DE                                                                                                            ZwCreateSection
SSDT            F7C84184                                                                                                            ZwCreateThread
SSDT            F7C84193                                                                                                            ZwDeleteKey
SSDT            F7C8419D                                                                                                            ZwDeleteValueKey
SSDT            F7C841CF                                                                                                            ZwDuplicateObject
SSDT            sptd.sys                                                                                                            ZwEnumerateKey [0xF736BFB2]
SSDT            sptd.sys                                                                                                            ZwEnumerateValueKey [0xF736C340]
SSDT            F7C841A2                                                                                                            ZwLoadKey
SSDT            sptd.sys                                                                                                            ZwOpenKey [0xF73660B0]
SSDT            F7C84170                                                                                                            ZwOpenProcess
SSDT            F7C84175                                                                                                            ZwOpenThread
SSDT            sptd.sys                                                                                                            ZwQueryKey [0xF736C418]
SSDT            sptd.sys                                                                                                            ZwQueryValueKey [0xF736C298]
SSDT            F7C841AC                                                                                                            ZwReplaceKey
SSDT            F7C841A7                                                                                                            ZwRestoreKey
SSDT            F7C841E3                                                                                                            ZwSetContextThread
SSDT            F7C84198                                                                                                            ZwSetValueKey
SSDT            F7C8417F                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?              C:\WINDOWS\system32\drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xF6244360, 0x20FDBD, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                F62248AC 5 Bytes  JMP 86D9A770
?              System32\Drivers\a9wj0g4k.SYS                                                                                        Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!DefWindowProcA + 11A                7E37C298 7 Bytes  JMP 1004BF70 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!SetWindowRgn + 2BD                  7E37E7E5 7 Bytes  JMP 1004BE30 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!SetClipboardData + 19D              7E38113B 7 Bytes  JMP 1004BF50 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!MessageBoxA + 49                    7E3A0833 7 Bytes  JMP 1004C040 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!MessageBoxExW + 1F                  7E3A0857 7 Bytes  JMP 1004C090 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text          C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!MessageBoxTimeoutA + CA              7E3B64D0 7 Bytes  JMP 1004BFC0 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F7366AD4] sptd.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F7366C1A] sptd.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F7366B9C] sptd.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F7367748] sptd.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F736761E] sptd.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F737C29A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              86F651E8
Device          \FileSystem\Fastfat \FatCdrom                                                                                        86A31790
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    86D951E8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                    86D951E8
Device          \Driver\PCI_NTPNP5422 \Device\00000045                                                                              sptd.sys
Device          \Driver\usbehci \Device\USBPDO-2                                                                                    86D941E8
Device          \Driver\usbstor \Device\00000070                                                                                    86B18790
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              86FD41E8
Device          \Driver\usbstor \Device\00000071                                                                                    86B18790
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              86FD41E8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        86D6F410
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11                                                                        [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19                                                                        [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Cdrom \Device\CdRom1                                                                                        86D6F410
Device          \Driver\Cdrom \Device\CdRom2                                                                                        86D6F410
Device          \Driver\Cdrom \Device\CdRom3                                                                                        86D6F410
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              866E01E8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    866E01E8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{C679FCD5-B4DB-4854-AA53-6CDBBE614F77}                                            866E01E8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    86D951E8
Device          \Driver\usbstor \Device\0000006d                                                                                    86B18790
Device          \Driver\usbohci \Device\USBFDO-1                                                                                    86D951E8
Device          \Driver\usbstor \Device\0000006e                                                                                    86B18790
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    866C91E8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                    86D941E8
Device          \Driver\usbstor \Device\0000006f                                                                                    86B18790
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          866C91E8
Device          \Driver\Ftdisk \Device\FtControl                                                                                    86FD41E8
Device          \Driver\a9wj0g4k \Device\Scsi\a9wj0g4k1Port4Path0Target1Lun0                                                        86D6E1E8
Device          \Driver\a9wj0g4k \Device\Scsi\a9wj0g4k1                                                                              86D6E1E8
Device          \Driver\a9wj0g4k \Device\Scsi\a9wj0g4k1Port4Path0Target0Lun0                                                        86D6E1E8
Device          \FileSystem\Fastfat \Fat                                                                                            86A31790

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                              86DAD790

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x61 0x4C 0xC6 0x0F ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x64 0x2C 0xEE 0xB1 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xB1 0xB4 0x18 0x2D ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x52 0xB6 0x92 0xB5 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x61 0x4C 0xC6 0x0F ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x64 0x2C 0xEE 0xB1 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB1 0xB4 0x18 0x2D ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x52 0xB6 0x92 0xB5 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x61 0x4C 0xC6 0x0F ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x64 0x2C 0xEE 0xB1 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB1 0xB4 0x18 0x2D ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x52 0xB6 0x92 0xB5 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                malicious Win32:MBRoot code @ sector 488391123
Disk            \Device\Harddisk0\DR0                                                                                                PE file @ sector 488391145

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:59:44 on 10.09.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL  (File signed by Microsoft | File found, but it contains no detailed information)
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Oracle" - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a9wj0g4k" (a9wj0g4k) - ? - C:\WINDOWS\system32\drivers\a9wj0g4k.sys  (Hidden registry entry, rootkit activity | File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"btwhid" (btwhid) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwhid.sys
"catchme" (catchme) - ? - C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kxtcifob" (kxtcifob) - ? - C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"VN Series Device" (VNUSB) - ? - C:\WINDOWS\System32\DRIVERS\VNUSB.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10w.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
"Hilfe zu Verbindungen" - ? - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Oracle" - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\Belkin\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"VPro530.lnk" - "Philips" - C:\WINDOWS\VPro530.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools" - "DT Soft Ltd." - "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPwuSchd2.exe
"HPBootOp" - "Hewlett-Packard Company" - "C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"HPHUPD08" - "Hewlett-Packard" - c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet /keeploaded /nodetect
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"Recguard" - ? - C:\WINDOWS\SMINST\RECGUARD.EXE
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"WinampAgent" - ? - C:\Programme\Winamp\winampa.exe  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Bullzip PDF Print Monitor" - "BullZip" - C:\WINDOWS\system32\bzpdf.dll
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle" - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR
HTML-Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-12 16:25:31
-----------------------------
16:25:31.609    OS Version: Windows 5.1.2600 Service Pack 3
16:25:31.609    Number of processors: 1 586 0x2F02
16:25:31.609    ComputerName: NAME-CD5FDA878D  UserName: HP_Besitzer
16:25:33.156    Initialize success
16:30:16.109    AVAST engine defs: 11091200
16:30:44.265    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:30:44.265    Disk 0 Vendor: SAMSUNG_SP2504C VT100-38 Size: 238475MB BusType: 3
16:30:46.296    Disk 0 MBR read successfully
16:30:46.296    Disk 0 MBR scan
16:30:46.390    Disk 0 unknown MBR code
16:30:46.390    Disk 0 scanning sectors +488391120
16:30:46.421    Disk 0 malicious Win32:MBRoot code @ sector 488391123 !
16:30:46.421    Disk 0 PE file @ sector 488391145 !
16:30:46.500    Disk 0 scanning C:\WINDOWS\system32\drivers
16:31:15.187    Service scanning
16:31:16.750    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:31:17.328    Modules scanning
16:31:24.281    Disk 0 trace - called modules:
16:31:24.312    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86f878ac]<<
16:31:24.312    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f37ab8]
16:31:24.312    3 CLASSPNP.SYS[f75b0fd7] -> nt!IofCallDriver -> \Device\00000062[0x86ea0f18]
16:31:24.312    5 ACPI.sys[f7324620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f1fd98]
16:31:25.562    AVAST engine scan C:\WINDOWS
16:31:58.890    AVAST engine scan C:\WINDOWS\system32
16:35:55.906    AVAST engine scan C:\WINDOWS\system32\drivers
16:36:23.765    AVAST engine scan C:\Dokumente und Einstellungen\HP_Besitzer
16:43:07.578    AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:46:17.593    Scan finished successfully
17:02:43.000    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MBR.dat"
17:02:43.000    The log file has been saved successfully to "C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\aswMBR.txt"

cosinus 12.09.2011 20:33
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Gargamel456 17.09.2011 12:51
Alles klar, erledigt

HTML-Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-17 13:32:59
-----------------------------
13:32:59.953    OS Version: Windows 5.1.2600 Service Pack 3
13:32:59.953    Number of processors: 1 586 0x2F02
13:32:59.953    ComputerName: NAME-CD5FDA878D  UserName: HP_Besitzer
13:33:01.843    Initialize success
13:33:11.640    AVAST engine defs: 11091700
13:33:25.203    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:33:25.203    Disk 0 Vendor: SAMSUNG_SP2504C VT100-38 Size: 238475MB BusType: 3
13:33:27.218    Disk 0 MBR read successfully
13:33:27.218    Disk 0 MBR scan
13:33:27.296    Disk 0 Windows XP default MBR code
13:33:27.296    Disk 0 scanning sectors +488391120
13:33:27.312    Disk 0 malicious Win32:MBRoot code @ sector 488391123 !
13:33:27.312    Disk 0 PE file @ sector 488391145 !
13:33:27.359    Disk 0 scanning C:\WINDOWS\system32\drivers
13:33:41.921    Service scanning
13:33:42.437    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
13:33:42.984    Modules scanning
13:33:47.484    Disk 0 trace - called modules:
13:33:48.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86f878ac]<<
13:33:48.015    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f37ab8]
13:33:48.031    3 CLASSPNP.SYS[f75b0fd7] -> nt!IofCallDriver -> \Device\00000062[0x86ea0f18]
13:33:48.031    5 ACPI.sys[f7324620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f1fd98]
13:33:48.750    AVAST engine scan C:\WINDOWS
13:34:13.562    AVAST engine scan C:\WINDOWS\system32
13:37:21.125    AVAST engine scan C:\WINDOWS\system32\drivers
13:37:40.890    AVAST engine scan C:\Dokumente und Einstellungen\HP_Besitzer
13:44:26.718    AVAST engine scan C:\Dokumente und Einstellungen\All Users
13:47:46.687    Scan finished successfully
13:51:02.546    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MBR.dat"
13:51:02.546    The log file has been saved successfully to "C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\aswMBRlog2.txt"

cosinus 19.09.2011 08:33
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Gargamel456 23.09.2011 11:04
Ok hier ist der Malwarebytes log, die anderen folgen:

HTML-Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7778

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.09.2011 07:35:31
mbam-log-2011-09-23 (07-35-31).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 411851
Time elapsed: 2 hour(s), 19 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Gargamel456 05.10.2011 23:58
Sorry die Verzögerung, ich bin in der Zwischenzeit umgezogen und mein PC war fast 2 Wochen in Umzugskartons :balla:

Hier sind die anderen beiden logfiles.

SASW:

HTML-Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/05/2011 at 03:47 PM

Application Version : 5.0.1118

Core Rules Database Version : 7757
Trace Rules Database Version: 5569

Scan type      : Complete Scan
Total Scan Time : 03:07:01

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 634
Memory threats detected  : 0
Registry items scanned    : 38857
Registry threats detected : 0
File items scanned        : 160603
File threats detected    : 38

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad.adc-serv[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad.alturalabs[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad.yieldmanager[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad.zanox[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad1.adfarm1.adition[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad2.adfarm1.adition[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@adfarm1.adition[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@advertising[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@adx.chip[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@apmebf[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@atdmt[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@content.yieldmanager[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@doubleclick[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@in.getclicky[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@interclick[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@invitemedia[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@mediaplex[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@overture[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@philips.112.2o7[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@pumaonlinestorede.112.2o7[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@serving-sys[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@smartadserver[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@studivz.adfarm1.adition[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@tracking.quisma[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@tradedoubler[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@traffictrack[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@watch.findisuper[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@webmasterplan[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@zanox-affiliate[1].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@zanox[2].txt
        C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\AI0JT4TW.txt
        ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
        .tracking.3gnet.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
        .www.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
        .kaspersky.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
ESET:

HTML-Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=905011a2064a664bb0d1ed66a36e219d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-03 02:14:59
# local_time=2011-09-03 04:14:59 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 188272 51543488 0 0
# compatibility_mode=8192 67108863 100 0 127 127 0 0
# scanned=147327
# found=0
# cleaned=0
# scan_time=9470
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=905011a2064a664bb0d1ed66a36e219d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-05 10:42:03
# local_time=2011-10-06 12:42:03 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775145 100 93 34904 54380734 1121487 0
# compatibility_mode=8192 67108863 100 0 2837373 2837373 0 0
# scanned=230201
# found=1
# cleaned=0
# scan_time=10648
C:\Dokumente und Einstellungen\HP_Besitzer\Eigene Dateien\Downloads\SoftonicDownloader_fuer_free-rar-extract-frog.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

cosinus 06.10.2011 12:57
Nur Cookies. Der Fund von ESET ist harmlos.
Rechner soweit wieder im Lot?

Gargamel456 06.10.2011 13:48
Jo, läuft eigentlich alles einwandfrei...

cosinus 06.10.2011 14:23
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Gargamel456 06.10.2011 15:13
:applaus: Alles erledigt - coole Sache, vielen Dank!!! :dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131