Problem mit Bka-Trojaner

nwtmarc · 03.08.2011, 17:37

Hallo,

ich habe mir den Bka-Trojaner eingefangen. Habe bereits mit OTLPE einen Scan gemacht.

Hoffe jemand kann mir mit dem fix weiterhelfen.

Mit freundlichen Grüßen
Marc

Code:

ATTFilter

OTL logfile created on: 8/3/2011 10:27:52 PM - Run 
OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3, v.3264 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 94.76 Gb Total Space | 25.18 Gb Free Space | 26.57% Space Free | Partition Type: NTFS
Drive D: | 69.30 Gb Total Space | 21.20 Gb Free Space | 30.60% Space Free | Partition Type: NTFS
Drive E: | 68.83 Gb Total Space | 1.76 Gb Free Space | 2.55% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 4.46 Gb Free Space | 59.85% Space Free | Partition Type: FAT32
Drive G: | 649.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/07/04 10:41:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/24 11:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/29 18:16:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/07/29 03:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/04/30 01:52:54 | 003,795,560 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008/04/07 03:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/11/13 20:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/09 15:18:42 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand] --  -- (RT2500USB)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand] --  -- (NTACCESS)
DRV - File not found [Kernel | On_Demand] --  -- (MSICPL)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (GMSIPCI)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/07/04 10:41:39 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/04 10:41:39 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/21 18:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/06/17 10:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/13 20:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/26 22:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/26 22:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/26 22:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/06/10 10:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/10 07:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/16 05:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 05:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/03/06 00:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/03/06 00:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/01/23 09:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/09/18 10:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 10:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 10:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 10:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 10:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 10:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/09/18 10:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/09/05 15:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006/09/05 15:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 14:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006/09/05 14:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006/09/05 14:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006/09/05 14:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006/09/05 14:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2006/03/13 13:52:32 | 000,085,664 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2006/03/13 13:52:30 | 000,087,792 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2006/03/13 13:52:24 | 000,096,224 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2006/03/13 13:52:22 | 000,009,264 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2006/03/13 13:52:16 | 000,060,768 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2006/03/13 13:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2006/03/13 13:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2006/03/13 13:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2006/03/13 13:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2006/03/13 13:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2006/02/20 13:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006/02/20 13:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006/02/20 13:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/20 13:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006/02/20 13:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005/12/01 05:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drhard.sys -- (drhard)
DRV - [2005/08/24 09:55:48 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2004/08/23 08:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/08/11 12:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/09 07:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 07:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 10:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2004/04/30 04:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002/09/16 12:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2000/09/18 06:00:00 | 000,160,073 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\AV, = hxxp://www.altavista.com/sites/search/web?q=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\FM, = hxxp://www.filemirrors.com/search.src?file=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\GGL, = hxxp://www.google.com/search?q=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = hxxp://support.microsoft.com/?kbid=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\MSN, = hxxp://search.msn.com/results.asp?q=%s
IE - HKU\S.Marc_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S.Marc_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S.Marc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/05/09 16:40:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/05/07 06:10:25 | 000,000,000 | ---D | M]
 
[2011/07/24 13:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/05/07 06:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011/05/07 06:10:26 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2011/05/09 16:40:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/01/01 04:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 04:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001/08/18 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKU\S.Marc_ON_C..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S.Marc_ON_C..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S.Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00  [binary data]
O7 - HKU\S.Marc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Programme\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)
O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\DOKUME~1\SFDDA~1.MAR\LOKALE~1\Temp\0.9625012581717474.exe) -  File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/15 17:07:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/24 13:39:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Search Settings
[2011/07/24 13:39:22 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2011/07/24 13:39:22 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2011/07/15 15:42:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2008/03/20 16:00:25 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2008/03/20 16:00:25 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/03 15:21:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 15:17:25 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/03 15:17:16 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/03 13:50:33 | 001,377,224 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/08/03 13:50:33 | 001,254,440 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/03 13:50:33 | 000,408,096 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/08/03 13:50:33 | 000,383,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/02 12:46:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/02 08:50:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/30 16:56:38 | 000,139,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/07/24 17:24:13 | 000,152,064 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 15:42:54 | 000,001,896 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2011/07/15 15:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
 
========== Files Created - No Company Name ==========
 
[2011/07/15 15:42:54 | 000,001,896 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2011/06/09 17:53:05 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/05/30 13:44:57 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/19 13:53:00 | 000,006,157 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\.recently-used.xbel
[2011/05/19 13:49:44 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011/01/05 14:36:51 | 000,235,352 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/05 14:36:49 | 000,235,352 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/05 14:36:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/27 20:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2010/08/24 14:03:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/08/24 14:03:53 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/08/24 14:03:41 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\$_hpcst$.hpc
[2010/08/16 04:09:59 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/16 04:09:59 | 000,007,764 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2010/05/01 19:16:40 | 000,000,045 | ---- | C] () -- C:\WINDOWS\tkkg_6.ini
[2010/05/01 19:16:31 | 000,182,528 | ---- | C] () -- C:\WINDOWS\PI.EXE
[2010/05/01 14:52:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\Tkkg_8.ini
[2009/12/29 15:17:49 | 000,124,680 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009/12/27 07:51:33 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2009/11/10 00:59:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/02 14:29:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/12/22 20:11:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/08/23 10:01:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2008/08/23 10:01:07 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2008/08/23 09:51:05 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\uharc.exe
[2008/08/22 08:46:20 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/05/17 12:52:33 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/17 12:52:28 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/05/17 03:34:00 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/05/15 20:29:27 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/05/14 15:58:13 | 000,000,925 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/05/09 18:48:37 | 000,002,138 | ---- | C] () -- C:\WINDOWS\blueklik.ini
[2008/04/18 19:26:53 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008/03/20 16:08:03 | 000,000,144 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/03/20 15:54:01 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/03/17 16:20:05 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008/03/17 10:20:46 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008/03/16 14:17:35 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2008/03/16 14:14:36 | 000,001,424 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/16 12:24:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/16 12:01:35 | 000,152,064 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/15 23:56:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/15 23:55:54 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/15 19:19:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/03/15 19:01:12 | 000,000,851 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2008/03/15 18:00:52 | 000,061,440 | ---- | C] () -- C:\WINDOWS\deluser.exe
[2008/03/15 17:55:45 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/15 17:47:30 | 000,013,249 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/03/15 17:43:54 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/03/15 17:40:38 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/03/15 17:39:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/03/15 17:39:22 | 000,012,997 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/03/15 17:39:17 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/03/15 17:21:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008/03/15 17:18:45 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008/03/15 17:18:43 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008/03/15 17:18:43 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008/03/15 17:18:43 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2008/03/15 17:18:43 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/03/15 17:18:43 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2008/03/15 17:18:43 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2008/03/15 17:18:42 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe
[2008/03/15 17:18:42 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe
[2008/03/15 17:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/15 17:06:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/20 22:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/06/28 12:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/28 12:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/31 02:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/15 15:55:52 | 000,119,392 | ---- | C] () -- C:\WINDOWS\System32\MSDRMCtrl.dll
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/28 21:54:14 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/28 21:43:40 | 006,094,336 | ---- | C] () -- C:\WINDOWS\System32\logonui.exe
[2001/08/31 18:15:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/31 18:15:44 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 15:00:00 | 001,377,224 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/18 15:00:00 | 001,254,440 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 15:00:00 | 000,408,096 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/18 15:00:00 | 000,383,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 15:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 15:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/18 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2011/05/13 14:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\DVDVideoSoftIEHelpers
[2008/08/25 20:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\dyyno-vlc
[2008/09/07 11:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\FileZilla
[2011/06/09 17:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\FreeAudioPack
[2011/05/19 13:53:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\gtk-2.0
[2008/07/16 12:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\ICQLite
[2008/10/24 12:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Leadertech
[2010/08/24 14:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\PC Suite
[2010/03/16 19:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\pdfforge
[2010/08/24 14:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Samsung
[2011/07/24 13:39:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Search Settings
[2008/08/23 10:01:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Styler
[2010/08/27 14:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Teleca
[2008/03/20 16:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\TuneUp Software
[2010/08/27 14:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC
[2008/07/16 12:29:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008/03/15 18:16:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN Messenger 6.1.0155
[2010/08/24 14:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011/05/29 14:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2010/08/27 14:57:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2011/07/24 13:43:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2008/12/25 15:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania United
 
========== Purity Check ==========
 
 
< End of report >

cosinus · 03.08.2011, 20:39

Bitte keine PHP-Tags für die Logs verwenden!! Habs für dich schon geändert!

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - [2011/06/24 11:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
DRV - File not found [Kernel | On_Demand] --  -- (SetupNTGLM7X)
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\AV, = http://www.altavista.com/sites/search/web?q=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\FM, = http://www.filemirrors.com/search.src?file=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\GGL, = http://www.google.com/search?q=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = http://support.microsoft.com/?kbid=%s
IE - HKU\S.Marc_ON_C\Software\Microsoft\Internet Explorer\SearchURL\MSN, = http://search.msn.com/results.asp?q=%s
IE - HKU\S.Marc_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S.Marc_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (C:\DOKUME~1\SFDDA~1.MAR\LOKALE~1\Temp\0.9625012581717474.exe) -  File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/15 17:07:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
:Files
C:\Programme\Application Updater
C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Search Settings
C:\Programme\pdfforge Toolbar
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

nwtmarc · 03.08.2011, 21:27

Danke, der Fix hat funktioniert. Leider war beim ersten Upload der Virenscanner aktiviert. Deshalb hab ich ihn nochmals hochgeladen, siehe Kommentar.

Nochmals vielen Dank für deine Hilfe!

cosinus · 04.08.2011, 09:39

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

nwtmarc · 04.08.2011, 12:33

hier der Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7373

Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 6.0.2900.3264

04.08.2011 18:32:04
mbam-log-2011-08-04 (18-32-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158942
Laufzeit: 2 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Ricycle.Bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
c:\programme\mozilla firefox\0.026535314728935333.exe (Rogue.MalwareProtection) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\Ricycle.Bin\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

und hier der Scan mit OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.08.2011 18:40:19 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Dokumente und Einstellungen\S.Marc\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 77,88% Memory free
4,87 Gb Paging File | 4,29 Gb Available in Paging File | 87,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 94,76 Gb Total Space | 25,05 Gb Free Space | 26,44% Space Free | Partition Type: NTFS
Drive D: | 649,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 69,30 Gb Total Space | 21,20 Gb Free Space | 30,60% Space Free | Partition Type: NTFS
Drive G: | 68,83 Gb Total Space | 1,76 Gb Free Space | 2,55% Space Free | Partition Type: NTFS
 
Computer Name: MARC | User Name: S.Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.04 18:38:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\S.Marc\Desktop\OTL.exe
PRC - [2011.07.04 16:41:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.30 00:16:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010.04.30 07:52:54 | 003,795,560 | ---- | M] () -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2010.02.03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
PRC - [2009.09.29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009.09.29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009.09.29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009.09.29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009.06.03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\logger.exe
PRC - [2009.04.14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
PRC - [2007.12.01 03:48:18 | 004,922,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.28 11:55:18 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2004.12.20 20:41:22 | 000,033,792 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2004.11.09 21:18:42 | 000,118,272 | ---- | M] (TuneUp Software GmbH) -- C:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.04 18:38:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\S.Marc\Desktop\OTL.exe
MOD - [2007.12.01 03:44:16 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2004.11.09 21:16:58 | 000,076,288 | ---- | M] () -- C:\Programme\TuneUpUtilities2004\WinStylerThemeHelper.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.04 16:41:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.30 00:16:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.04.30 07:52:54 | 003,795,560 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.11.09 21:18:42 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.04 16:41:39 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 16:41:39 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.22 00:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.06.10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.04.10 13:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007.03.06 06:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007.03.06 06:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.01.23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006.09.18 16:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006.09.18 16:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006.09.18 16:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006.09.18 16:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.18 16:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006.09.18 16:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006.09.18 16:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006.09.05 21:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)
DRV - [2006.09.05 21:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)
DRV - [2006.09.05 20:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006.09.05 20:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006.09.05 20:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
DRV - [2006.09.05 20:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)
DRV - [2006.09.05 20:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)
DRV - [2006.03.13 19:52:32 | 000,085,664 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2006.03.13 19:52:30 | 000,087,792 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2006.03.13 19:52:24 | 000,096,224 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2006.03.13 19:52:22 | 000,009,264 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2006.03.13 19:52:16 | 000,060,768 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2006.03.13 19:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2006.03.13 19:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2006.03.13 19:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2006.03.13 19:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2006.03.13 19:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2006.02.20 19:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006.02.20 19:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006.02.20 19:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006.02.20 19:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006.02.20 19:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2005.12.01 11:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drhard.sys -- (drhard)
DRV - [2005.08.24 15:55:48 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2004.08.23 14:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004.08.11 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004.04.30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002.09.16 18:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2000.09.18 12:00:00 | 000,160,073 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\AV, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\FM, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GGL, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f: C:\Programme\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.09 22:40:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.07 12:10:25 | 000,000,000 | ---D | M]
 
[2008.08.22 14:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Mozilla\Extensions
[2011.06.23 20:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Mozilla\Firefox\Profiles\hiao3qeh.default\extensions
[2011.06.23 20:19:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Mozilla\Firefox\Profiles\hiao3qeh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.05.13 20:00:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Mozilla\Firefox\Profiles\hiao3qeh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2008.08.26 02:41:39 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Mozilla\Firefox\Profiles\hiao3qeh.default\extensions\NPDyyno@dyyno.com
[2011.07.29 20:58:10 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Mozilla\Firefox\Profiles\hiao3qeh.default\searchplugins\icqplugin.xml
[2011.07.24 19:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.07 12:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.05.07 12:10:26 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
File not found (No name found) -- 
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\S.MARC\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HIAO3QEH.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.07.24 19:39:23 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2009.11.03 19:16:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.09 22:40:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.04 09:04:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Programme\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O15 - HKCU\..Trusted Domains:   ([]msn in Arbeitsplatz)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Programme\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)
O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Programme\Microsoft\Rights Management Add-on\mime_filter.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c613df13-12c5-11dd-b902-001d60af2e6d}\Shell\AutoRun\command - "" = J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{f375968c-027e-11dd-b8c9-001d60af2e6d}\Shell\AutoRun\command - "" = J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: Ip6FwHlp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - Reg Error: Value error.
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - Reg Error: Value error.
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - 
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: AB9A5128-0616-4FA5-81CA-2F09EC573C98 - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp31 - vp31vfw.dll File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.04 18:38:42 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\S.Marc\Desktop\OTL.exe
[2011.08.04 18:23:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Malwarebytes
[2011.08.04 18:23:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.08.04 18:23:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.08.04 18:23:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.08.04 18:23:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.04 18:23:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.07.15 21:42:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2008.03.20 22:00:25 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2008.03.20 22:00:25 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.04 18:39:47 | 001,379,348 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.08.04 18:39:47 | 001,256,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.04 18:39:47 | 000,408,852 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.08.04 18:39:47 | 000,384,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.04 18:38:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\S.Marc\Desktop\OTL.exe
[2011.08.04 18:35:52 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.08.04 18:35:43 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.04 18:35:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.04 18:23:16 | 000,000,765 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.04 05:46:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.04 00:55:20 | 000,152,576 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.02 14:50:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.30 22:56:38 | 000,139,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.07.15 21:42:54 | 000,001,896 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.08.04 18:23:16 | 000,000,765 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.15 21:42:54 | 000,001,896 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2011.06.09 23:53:05 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011.05.30 19:44:57 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.05.19 19:49:44 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011.01.05 20:36:51 | 000,235,352 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.01.05 20:36:49 | 000,235,352 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.01.05 20:36:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.08.28 02:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2010.08.24 20:03:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.08.24 20:03:53 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.08.24 20:03:41 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\$_hpcst$.hpc
[2010.08.16 10:09:59 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.08.16 10:09:59 | 000,007,764 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2010.05.02 01:16:40 | 000,000,045 | ---- | C] () -- C:\WINDOWS\tkkg_6.ini
[2010.05.02 01:16:31 | 000,182,528 | ---- | C] () -- C:\WINDOWS\PI.EXE
[2010.05.01 20:52:55 | 000,000,049 | ---- | C] () -- C:\WINDOWS\Tkkg_8.ini
[2009.12.29 21:17:49 | 000,124,680 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.11.10 06:59:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.11.02 20:29:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.12.23 02:11:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008.08.23 16:01:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2008.08.23 16:01:07 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2008.08.23 15:51:05 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\uharc.exe
[2008.08.22 14:46:20 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008.05.17 18:52:33 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.05.17 18:52:28 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008.05.17 09:34:00 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.05.16 02:29:27 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008.05.14 21:58:13 | 000,000,925 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.05.10 00:48:37 | 000,002,138 | ---- | C] () -- C:\WINDOWS\blueklik.ini
[2008.04.19 01:26:53 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008.03.20 22:08:03 | 000,000,144 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.03.20 21:54:01 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.03.17 22:20:05 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008.03.17 16:20:46 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.03.16 20:17:35 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2008.03.16 20:14:36 | 000,001,424 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.03.16 18:24:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.03.16 18:01:35 | 000,152,576 | ---- | C] () -- C:\Dokumente und Einstellungen\S.Marc\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.16 05:56:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.03.16 05:55:54 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.03.16 01:19:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.03.16 01:01:12 | 000,000,851 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2008.03.16 00:00:52 | 000,061,440 | ---- | C] () -- C:\WINDOWS\deluser.exe
[2008.03.15 23:55:45 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.03.15 23:47:30 | 000,013,249 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008.03.15 23:43:54 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008.03.15 23:40:38 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.03.15 23:39:23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.03.15 23:39:22 | 000,012,997 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.03.15 23:39:17 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.03.15 23:21:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008.03.15 23:18:45 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008.03.15 23:18:43 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008.03.15 23:18:43 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008.03.15 23:18:43 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2008.03.15 23:18:43 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008.03.15 23:18:43 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2008.03.15 23:18:43 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2008.03.15 23:18:42 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe
[2008.03.15 23:18:42 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe
[2008.03.15 23:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.03.15 23:06:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.02.21 04:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.02.21 04:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.06.28 18:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007.06.28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.12.31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.08.15 21:55:52 | 000,119,392 | ---- | C] () -- C:\WINDOWS\System32\MSDRMCtrl.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.08.29 03:54:14 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.09.01 00:15:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.01 00:15:44 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.18 21:00:00 | 001,379,348 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.08.18 21:00:00 | 001,256,324 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.18 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.18 21:00:00 | 000,408,852 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.08.18 21:00:00 | 000,384,624 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.18 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.18 21:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.08.18 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.18 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.18 21:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.08.18 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.18 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2010.08.27 20:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC
[2008.07.16 18:29:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008.03.16 00:16:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN Messenger 6.1.0155
[2010.08.24 20:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.05.29 20:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2010.08.27 20:57:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2011.07.24 19:43:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2008.12.25 21:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania United
[2011.05.13 20:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\DVDVideoSoftIEHelpers
[2008.08.26 02:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\dyyno-vlc
[2008.09.07 17:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\FileZilla
[2011.06.09 23:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\FreeAudioPack
[2011.05.19 19:53:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\gtk-2.0
[2008.07.16 18:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\ICQLite
[2008.10.24 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Leadertech
[2010.08.24 20:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\PC Suite
[2010.03.17 01:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\pdfforge
[2010.08.24 20:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Samsung
[2008.08.23 16:01:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Styler
[2010.08.27 20:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Teleca
[2008.03.20 22:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< ode: >
 
<  >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.09 22:54:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Adobe
[2008.03.27 20:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\AdobeUM
[2010.12.11 20:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Avira
[2008.03.16 20:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\DivX
[2011.05.17 22:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\dvdcss
[2011.05.13 20:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\DVDVideoSoftIEHelpers
[2008.08.26 02:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\dyyno-vlc
[2008.09.07 17:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\FileZilla
[2011.06.09 23:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\FreeAudioPack
[2009.05.06 14:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Google
[2011.05.19 19:53:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\gtk-2.0
[2008.03.16 00:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Help
[2008.07.16 18:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\ICQLite
[2008.03.15 23:15:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Identities
[2008.03.15 23:43:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\InstallShield
[2008.10.24 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Leadertech
[2009.05.25 18:33:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Logitech
[2008.03.16 03:15:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Macromedia
[2011.08.04 18:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Malwarebytes
[2009.12.29 21:22:53 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Microsoft
[2010.06.17 22:08:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Move Networks
[2008.08.22 14:49:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Mozilla
[2009.02.05 20:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\MSN6
[2010.08.24 20:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\PC Suite
[2010.03.17 01:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\pdfforge
[2010.08.24 20:03:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Samsung
[2008.10.30 17:56:50 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\SecuROM
[2011.05.31 23:09:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Skype
[2011.05.31 22:25:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\skypePM
[2008.03.23 17:23:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Sony Ericsson
[2008.08.23 16:01:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Styler
[2008.05.30 22:53:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Sun
[2009.08.17 21:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\teamspeak2
[2010.08.27 20:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Teleca
[2008.03.20 22:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\TuneUp Software
[2008.04.12 23:13:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\vlc
 
< %APPDATA%\*.exe /s >
[2008.03.16 00:00:23 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Microsoft\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941031}\ARPPRODUCTICON.exe
[2009.05.25 18:32:46 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
[2009.05.25 18:32:09 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Microsoft\Installer\{C89C8D86-4423-4A58-AA40-DD259ACE07C1}\ARPPRODUCTICON.exe
[2010.03.09 23:30:07 | 001,811,472 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Move Networks\MoveMediaPlayerWin_071802000001.exe
[2010.06.17 22:08:33 | 000,144,195 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Move Networks\uninstall.exe
[2010.03.25 22:06:34 | 000,097,216 | ---- | M] () -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2011.05.29 20:58:38 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\S.Marc\Anwendungsdaten\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.03.07 00:12:59 | 002,234,368 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
 
 
< MD5 for: AGP440.SYS  >
[2007.12.01 04:03:04 | 020,044,665 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007.12.01 04:03:04 | 020,044,665 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2007.11.30 18:31:08 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2007.11.30 18:31:08 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007.12.01 04:03:04 | 020,044,665 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007.12.01 04:03:04 | 020,044,665 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007.11.30 18:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2007.11.30 18:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\system32\drivers\atapi.sys
[2003.01.31 16:43:30 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002.10.16 18:31:10 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3DF589B9A15FF9EF4AA499F98C1C16D5 -- C:\WINDOWS\$NtUninstallq812415$\atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2007.12.01 03:47:30 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=3618018FAEB4C6F206230DB9788AD422 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2007.12.01 03:47:30 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=3618018FAEB4C6F206230DB9788AD422 -- C:\WINDOWS\system32\eventlog.dll
[2002.08.29 03:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2007.12.01 03:47:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=4DF805C2C63476ABC6D6F5E2E21BA8D1 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2007.12.01 03:47:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=4DF805C2C63476ABC6D6F5E2E21BA8D1 -- C:\WINDOWS\system32\netlogon.dll
[2002.08.29 03:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2002.08.29 03:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2007.12.01 03:47:54 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=C368A0AD0908794D0F880C74D6FB2EE1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2007.12.01 03:47:54 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=C368A0AD0908794D0F880C74D6FB2EE1 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.01 03:47:58 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=2B634F93C3CB6A311FF4810F8D9ED9D0 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2007.12.01 03:47:58 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=2B634F93C3CB6A311FF4810F8D9ED9D0 -- C:\WINDOWS\system32\user32.dll
[2003.09.25 18:52:01 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=8D928268AFBF31F8A34CE610DA175352 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2002.11.22 13:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[2002.08.29 03:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallQ328310$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2007.12.01 03:48:42 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=5607ABED0DAEF068891C9E40D7573EF6 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2007.12.01 03:48:42 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=5607ABED0DAEF068891C9E40D7573EF6 -- C:\WINDOWS\system32\userinit.exe
[2002.08.29 03:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2003.04.17 11:30:20 | 000,523,264 | ---- | M] (Microsoft Corporation) MD5=2D7D759A3362D5E4EFF05ED985522B1F -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2007.12.01 03:48:44 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=33B584372EDCCA6868936507DEC143E6 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2007.12.01 03:48:44 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=33B584372EDCCA6868936507DEC143E6 -- C:\WINDOWS\system32\winlogon.exe
[2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtUninstallQ815424$\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 21:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.03.16 06:55:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.03.16 06:55:28 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.03.16 06:55:28 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

cosinus · 04.08.2011, 13:25

Zitat:

c:\Ricycle.Bin\config.bin (Trojan.SpyEyes)

Machst du Onlinebanking oder ähnliche kritische Dinge mit diesem Rechner?

nwtmarc · 04.08.2011, 15:27

Onlinebanking hab ich mit diesem Rechner noch nie gemacht. Habe allerdings einmal mein Bankdaten angegeben...

cosinus · 04.08.2011, 16:05

SpyEyes ist ein übler Datensammler, kann durch Keyloggingfunktionen Passwörter stehlen. Auch wenn du kein Banking machst, wäre eine Neuinstallation plus anschließende Änderung aller Passwörter nicht verkehrt. Es sei denn du willst unbedingt eine Bereinigung.

04.08.2011, 16:05	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit Bka-Trojaner SpyEyes ist ein übler Datensammler, kann durch Keyloggingfunktionen Passwörter stehlen. Auch wenn du kein Banking machst, wäre eine Neuinstallation plus anschließende Änderung aller Passwörter nicht verkehrt. Es sei denn du willst unbedingt eine Bereinigung. __________________ Logfiles bitte immer in CODE-Tags posten

Problem mit Bka-Trojaner

Log-Analyse und Auswertung: Problem mit Bka-Trojaner